Pos se me habre una pagina hacker automaticamente..me gustaria saber q hago para eliminar completamente el virus , malware o como se llame eso q haga q se abra solo eso... ademas creo que tiene mas infecciones mi pc... agradezco que me ayuden muchas gracias =D

Hola SNX

has lo siguiente para ver si damos en el blanco :

Descarga Ccleaner + Manual y usalo primero en modo Limpiador para limpiar cookies y temporales de internet y luego en modo Registro (haciendo copia de seguridad como lo indica el manual)


Descarga la herramienta SDFix y guardala y descomprimila en tu escritorio pero no la ejecutes aun.

Reinicia el PC a Modo a prueba de fallos (Modo seguro)

• Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio, entra en dicha carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el chequeo, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega lo que indique ese reporte acá.

Reinicia el PC a "Modo normal"

Has un scanner con Panda ActiveScan Online y pegas el reporte aqui nuevamente .

Nota: Si usas Firefox como navegador recuerda usar la extencion IE Tab para poder realizar algun scanner online.

Salu2 Recuerda Volver

eno hice lo del CCleaner y lo del SDFix en modo seguro pero lo del panda online no lo pude hacer debido a q se me cierra la ventana dsps de un rato que empieza a analizar =S q raro... le pase el kasperskyy me salia q no tenia nada pero con el panda me registraba algunas anomalias... de igual aqui dejo el reporte del SDFix...a ver q hago con lo del panda..

SDFIX REPORTE:

SDFix: Version 1.119

Run by Administrador on 22/12/2007 at 12:48 a.m.

Microsoft Windows XP [Versi¢n 5.1.2600]

Running From: C:\DOCUME~1\ADMINI~1\ESCRIT~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 00:52:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:30,1f,81,4a,a5,37,b1,56,0a,70,93,8d,ff ,28,b1,54,f3,6d,2c,d0,d8,..
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:30,1f,81,4a,a5,37,b1,56,0a,70,93,8d,ff ,28,b1,54,f3,6d,2c,d0,d8,..
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mabeja12@hotmail.com\DFSR\Stagin g\CS{1F991753-1247-0B67-A8B3-B720A909A539}\01\19-{1F991753-1247-0B67-A8B3-B720A909A539}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\dilfre-22@hotmail.com\DFSR\Staging\CS{7864924B-7FEA-5E34-F6AD-1FAC6B1AEB79}\01\22-{7864924B-7FEA-5E34-F6AD-1FAC6B1AEB79}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\dilfre-22@hotmail.com\DFSR\Staging\CS{7864924B-7FEA-5E34-F6AD-1FAC6B1AEB79}\12\112-{58E47E87-6CA3-45B9-BB3F-4F00B9281EAC}-v112-{58E47E87-6CA3-45B9-BB3F-4F00B9281EAC}-v112-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\harold_idrovo_20@hotmail.com\DFS R\Staging\CS{18E4AD41-92F5-315F-74BF-F7F50C90BFA4}\01\18-{18E4AD41-92F5-315F-74BF-F7F50C90BFA4}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\jaomep@hotmail.com\DFSR\Staging\ CS{8621CDA7-090A-2951-6BE6-97505F9A6871}\01\17-{8621CDA7-090A-2951-6BE6-97505F9A6871}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\jaomep@hotmail.com\DFSR\Staging\ CS{8621CDA7-090A-2951-6BE6-97505F9A6871}\55\55-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v55-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 992 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\jaomep@hotmail.com\DFSR\Staging\ CS{8621CDA7-090A-2951-6BE6-97505F9A6871}\56\56-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v56-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\jaomep@hotmail.com\DFSR\Staging\ CS{8621CDA7-090A-2951-6BE6-97505F9A6871}\57\57-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v57-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 8004 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\jaomep@hotmail.com\DFSR\Staging\ CS{8621CDA7-090A-2951-6BE6-97505F9A6871}\57\57-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v57-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\jaomep@hotmail.com\DFSR\Staging\ CS{8621CDA7-090A-2951-6BE6-97505F9A6871}\58\58-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v58-{F4B044D9-BF4B-4DF6-A19E-D7E010E683CA}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 904 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\lalamanotas@hotmail.com\DFSR\Sta ging\CS{364AB14B-7525-A293-6B29-B2E9796B4449}\01\13-{364AB14B-7525-A293-6B29-B2E9796B4449}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\lalamanotas@hotmail.com\DFSR\Sta ging\CS{364AB14B-7525-A293-6B29-B2E9796B4449}\93\393-{7104F37F-67B5-45D1-9450-904FD46F66C8}-v393-{7104F37F-67B5-45D1-9450-904FD46F66C8}-v393-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5288 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\lourdes_1511@hotmail.com\DFSR\St aging\CS{F8A6C166-FA16-8B78-39F7-8DB34E0180ED}\01\15-{F8A6C166-FA16-8B78-39F7-8DB34E0180ED}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\01\11-{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\22\285-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v22-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v285-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4098 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\22\285-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v22-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v285-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 464 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\23\284-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v23-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v284-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3990 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\23\284-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v23-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v284-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 440 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\24\286-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v24-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v286-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2514 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\24\286-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v24-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v286-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 288 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\25\287-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v25-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v287-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3972 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\25\287-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v25-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v287-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 448 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\26\288-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v26-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v288-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3288 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\26\288-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v26-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v288-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 376 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\27\289-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v27-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v289-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 3540 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\27\289-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v27-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v289-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 392 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\28\290-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v28-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v290-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2244 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mametoja0204@hotmail.com\DFSR\St aging\CS{C6F8C1FB-B6F1-4386-DCD1-5731B69AE257}\28\290-{C4D24703-024C-410F-9D7F-0D99E9B4A00A}-v28-{E49CCF5F-39F7-4C7E-BDF1-35A1A0CED55F}-v290-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 256 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mariecorazon2@hotmail.com\DFSR\S taging\CS{B459F1D1-709A-D195-BAD5-4550CBBA3ADE}\01\20-{B459F1D1-709A-D195-BAD5-4550CBBA3ADE}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mariecorazon2@hotmail.com\DFSR\S taging\CS{B459F1D1-709A-D195-BAD5-4550CBBA3ADE}\24\24-{ABA2EF7B-3F4D-43F4-AC24-DCEE37EA67A3}-v24-{ABA2EF7B-3F4D-43F4-AC24-DCEE37EA67A3}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\mfoc_24@hotmail.com\DFSR\Staging \CS{F5AE64D9-DDB9-FAD3-086E-A694DC6975B5}\01\10-{F5AE64D9-DDB9-FAD3-086E-A694DC6975B5}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\stevenfp14@hotmail.com\DFSR\Stag ing\CS{5FEFC5C9-BFA1-97E9-FEFA-FDF0CDFDEA4A}\01\21-{5FEFC5C9-BFA1-97E9-FEFA-FDF0CDFDEA4A}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\torvic_146@hotmail.com\DFSR\Stag ing\CS{0A3046FB-1863-EACB-694A-2FE1397ED04D}\01\16-{0A3046FB-1863-EACB-694A-2FE1397ED04D}-v1-{C6588E85-C8C9-45BA-9062-369A018224E4}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\torvic_146@hotmail.com\DFSR\Stag ing\CS{0A3046FB-1863-EACB-694A-2FE1397ED04D}\21\22-{D87C0BF2-94F4-4E78-9C28-48B0C5602E33}-v21-{D87C0BF2-94F4-4E78-9C28-48B0C5602E33}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\stevenfp14@hotmail.co m\SharingMetadata\andriel_03@hotmail.com\DFSR\Stag ing\CS{5FEFC5C9-BFA1-97E9-FEFA-FDF0CDFDEA4A}\01\15-{5FEFC5C9-BFA1-97E9-FEFA-FDF0CDFDEA4A}-v1-{49AFBC27-1BCC-4720-B4FC-3DDF33210869}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 35


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"="C:\\Archivo s de programa\\Bonjour\\mDNSResponder.exe:*:Enabled:Bon jour"
"C:\\Archivos de programa\\Ares\\Ares.exe"="C:\\Archivos de programa\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Documents and Settings\\Administrador\\Escritorio\\Counter Strike 2D\\CounterStrike2D.exe"="C:\\Documents and Settings\\Administrador\\Escritorio\\Counter Strike 2D\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"F:\\Juegos Varios\\Counter Strike 2D\\CounterStrike2D.exe"="F:\\Juegos Varios\\Counter Strike 2D\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\WINDOWS\\system32\\sygmup.exe"="C:\\WINDOWS\\ system32\\sygmup.exe:*:Enabled:sygmup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 29 Jul 2007 811,008 ..SHR --- "C:\WINDOWS\system32\cxpoun.exe"
Sun 29 Jul 2007 811,008 ..SHR --- "C:\WINDOWS\system32\mxmqvs.exe"
Sun 29 Jul 2007 811,008 ..SHR --- "C:\WINDOWS\system32\sygmup.exe"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT2F.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT2E.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT32.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\28718016 0cbc791ed7141e5a56f3e661\BIT31.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32d80e58 ee41cf266b06b890bc836a3d\BIT35.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98e381f4 ba8fbda9fb04865e9cf0d605\BIT30.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b2278ac3 b8a7d329217f0fb7c7d9ee91\BIT34.tmp"
Fri 14 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT33.tmp"

Finished!



gracias de antemano

estoy esperando aun la respuesta... gracias

Hola.

Realiza lo siguiente :

Busca estos , archivos en caso de que los encuentres no hagas nada solo localizalos y ya , si , si los encuentras me avisas :

Tambien , veo que aparte de ese reporte , te pidieron otro y creo que no hiciste el scan , asi que por favor realizalo y pegas aqui el reporte.

Salu2!
Espero las respuestas !

Bueno ahora mismo no estoy en mi pc por eso no puedo buscar los archivos pero no he podido hacer el scan porque la ventana del panda se me cierra despues de scanear un rato! no se porque pasa eso ... apenas este en mi pc busco los archivos

Hola.

1. Ok , espero , la respuesta los archivos .
2. Si panda se te cierra entonces escanea con el "KASOnline" , pegas el reporte.

salu2!
Me cuentas !

Weno estube viendo esos archivos pero no me salen buscandolos por el explorer ... y aqui está el reporte el antivirus online:

omingo, 23 de diciembre de 2007 23:24:13
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 24/12/2007
Registros en la base antivirus: 460868

Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero

Objetivo a analizar Mi PC
C:\
D:\
E:\
F:\
G:\
H:\

Estadísticas
Número de objeros analizados 79927
Virus encontrados 0
Objetos infectados 0 / 0
Objetos sospechosos 0
Duración del análisis 01:00:22

Bombre del objeto infectado Nombre del virus Última acción
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\Logs\Dfsr00005.log Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\pending.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\Working\database_B858_7DD3_587D_ 913C\dfsr.db Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\Working\database_B858_7DD3_587D_ 913C\fsr.log Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\Working\database_B858_7DD3_587D_ 913C\fsrtmp.log Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\andriel_03@hotmail.co m\SharingMetadata\Working\database_B858_7DD3_587D_ 913C\tmp.edb Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\andriel_03@hotmail.com\real\members.stg Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\andriel_03@hotmail.com\shadow\members.stg Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\MSHist0120071223200712 24\index.dat Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Temp\~DF1EEA.tmp Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Temp\~DFA70A.tmp Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Temp\~DFA70F.tmp Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Temp\~DFB466.tmp Object is locked saltado

C:\Documents and Settings\Administrador\Configuración local\Temp\~DFB46B.tmp Object is locked saltado

C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\Administrador\NTUSER.DAT.LOG Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Logs\virlog.dat Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.(Incomplete Grab).043.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.001.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.002.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.003.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.004.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.005.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.006.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.007.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.008.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.009.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.010.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.011.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.012.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.013.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.014.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.015.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.016.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.017.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.018.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.019.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.020.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.021.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.022.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.023.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.024.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.025.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.026.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.027.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.028.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.029.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.030.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.031.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.032.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.033.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.034.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.036.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.037.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.038.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.039.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.040.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.041.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.042.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.043.bc! Object is locked saltado

C:\Downloads\DC - Sonic Adventure\Sonic.Adventure.SelfBoot.7z.044.bc! Object is locked saltado

C:\Downloads\WinXP Sp2 uE v7\WinXP Sp2 uE v7.mdf.bc! Object is locked saltado

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado

C:\WINDOWS\SchedLgU.Txt Object is locked saltado

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado

C:\WINDOWS\Sti_Trace.log Object is locked saltado

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado

C:\WINDOWS\system32\config\OSession.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\wiadebug.log Object is locked saltado

C:\WINDOWS\wiaservc.log Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

Hola.

Pues el reporte de Kas , no muestra nada ,asi que por favor realiza lo siguiente :

1. Descarga el SilentRunner (dale click con el boton derecho del ratón al enlace y luego en Guardar enlace cómo, Save as o Save Link as....)
2. Ejecuta el script, al hacerlo, te hará unas preguntas, en dichas preguntas contesta 'No' y 'Si' (en ese orden)....
3. Luego, deberás esperar (aunque parezca que no hace nada) a que te aparezca un mensaje con el botón OK
4. En la misma carpeta que ejecutes el script aparecerá un archivo llamado Reporte el cual deberás colocarlo aquí (si lo abres o envías antes de ver el mensaje con el botón Ok, no estará completo)

salu2!
Me cuentas !

ok ya estoy haciendo eso... oye ahorita taba mirando con el superantispyware y me salio el trojan.downloader-gen y me salen procesos en el administador como prefs.exe. NTD2.EXE y otros asi =S

EDIT:
AQUI TA EL REPORTE:
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"AlcoholAutomount" = ""C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"GrooveMonitor" = ""C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"egui" = ""C:\Archivos de programa\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aplicación auxiliar de vínculos de Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\BitComet\tools\BitCometBHO_1.1.6.14.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Archivos de programa\Unlocker\UnlockerCOM.dll" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\msoshext.d ll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\msoshext.d ll" [MS]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.D LL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\7-Zip\7-zip.dll" ["Igor Pavlov"]
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Archivos de programa\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Archivos de programa\Unlocker\UnlockerCOM.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Attachments\

"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"ForceClassicControlPanel" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStartBanner" = (REG_DWORD) dword:0x00000001
{Remove "Click here to begin" from Start button}

"NoSMHelp" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSMMyPictures" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove My Pictures icon from Start Menu}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableStatusMessages" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"VerboseStatus" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configur ación local\Datos de programa\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [file not found]


Startup items in "Administrador" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Remote Control" -> shortcut to: "C:\Archivos de programa\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe" [empty string]


Enabled Scheduled Tasks:
------------------------

"Mantenimiento con 1 clic" -> launches: "C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Archivos de programa\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Referencia"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Enviar a OneNote"
"MenuText" = "&Enviar a OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~1\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #, Bonjour Service, ""C:\Archivos de programa\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
Eset Service, ekrn, ""C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe"" ["ESET"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
perfmons Service, perfmons, "C:\WINDOWS\system32\perfs.exe" [empty string]
Routing Service, Routing, "C:\WINDOWS\system32\routing.exe" [empty string]
Servicio Lector del diario USN de Carpetas para compartir de Messenger, usnjsvc, ""C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe"" [MS]
TuneUp Ampliación del thema, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2007-12-24 00:37:00)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 40 seconds.
---------- (total run time: 68 seconds)