| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Enviar a: | Herramientas |
 | 
24/03/08, 16:42:14
|  |
| |||
| Como elimino SpyBro y Trojan Banker (Terminado) Hola, Tengo un problema en mi portatil, descargue por e-mule un archivo que se suponia era un programa para transformar coordenadas, venia en un zip, cuando le di doble click el antivirus AVG me anuncio que tenia virus "Trojan horse Downloader.Generic7.AAA" pero creo que ya era demasiado tarde, pues al poco tiempo mi computador se reinicio solo. Cuando Windows inicio, tengo XP SP2, ya no cargo el AVG, intente abrirlo y me decia que no era una aplicación valida de Win32 y el uso de la CPU siempre estaba al 100% aun sin tener nada abierto. Instale entonces el AntiSpyware, pero esta no limpia, hay que pagar, tambien intente con netcom3 pero es la misma historia. Luego, instale Spybot, encontro algunas cosas y le di reparar, luego pude instalar el Avast, lo ejecute y este encontro unos virus: spyclean.exe que esta en program files\netcom3 cleaner syntpenh.exe que esta en program files\synaptics\syntp trz6.tmp que esta en program files\Synaptics\SynTP Los tres archivos con el virus Win32:Beagle-ABM[Trj], ahora estan en el baul, escanee el computador con Avast en boot y encontro: tr27.tmp que estaba en program files\Synaptics\syntp ahi le dije que lo eliminara. Despues de esto al iniciar el computador aparecen unas ventanas del spybot preguntando si se permite o no ciertas acciones, al principio le di que si, pero entonces aparecia una ventana que pedia seleccionar un archivo para crack, si seleccionaba un archivo o cerraba esa ventana el computador se reiniciaba, decidi entonces al iniciar el sistema, permitir las acciones que SpyBot pregutnaba y no hacer nada con aquella ventana, Avast ya no encuentra nada, pero spybot seguia encontrando "win32.Bagle.hi" siempre le decia que reparar pero al iniciar el sistema volvia a aparecer. Tambien aparecia en program files una carpeta llamada SpyBro. Decidi entocnes al iniciar el sistema negar las acciones por las que preguntaba Spybot y que recordara la acción, estas acciones son de C:\program files\Spybro\... la mayoria de la carpeta TracksEraserPlugins\ dentro de SpyBro. Despues de esto la ventana que se iniciaba para crack algun archivo dejo de aparecer y el rendimiento de la cpu volvio a la normalidad, Spybot ya no detecta nada y Avast tampoco. Al iniciar el sistema aparecen las ventanas de SpyBot a las que le negue la acción y se me llena la pantalla un monton de veces con eso, luego se cierran y el computador queda normal. Instale tambien la versión trial de Trojan Hunter, este me reporta un trojano llamado "Trojan.Banker.1886", le digo que lo limpie, aparentemente lo borra del registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Gbpsv pero al reiniciar el computador este virus aparece de nuevo. Quisiera saber si me pueden ayudar: Primero a quitar el trojan banker para que no aparezca cada vez que inicio el computador. Segundo eliminar del todo el SpyBro de mi computador, y para que las acciones que ya estan en lista en el SpyBot no aparezcan al iniciar el sistema pero si se ejecuten. Puedo eliminar los archivos que estan en el baul de Avast? No me atrevo a desistalar el SpyBot, pues creo que al hacerlo podria volver a aparecer aquella ventana pues no habria software que lo detuviera. Espero sus consejos. Aqui dejo el log de hijackthis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 3:30:18 PM, on 3/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\CPUTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marisol Garcia Pena\Desktop\Indy\Nuevos\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.10.2.1:3128 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [USSShReg] C:\WINDOWS\system32\ussshreg.exe /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ulead Photo Express Verificador de Calendario] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [SpybotDeletingC8666] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\7-Zip Compression.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AbsoluteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9457] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9669] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6592] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ad-aware 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8076] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec's Audio CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddSoft Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddWeb 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8965] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced Disk Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8842] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced MP3 Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9120] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Alcohol MRU.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8397] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AudioGrabber.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Avant Browser History.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9237] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BearShare.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6632] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BlazeDVD 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC880] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Borland Delphi v7.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7168] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CRT 2.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6705] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Diskeeper 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9621] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\DivX Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9720] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Downloaded Installations.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7412] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enigma Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9916] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fotostation 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6945] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\iMesh.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6614] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Homesite 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7018] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2002a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7142] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2003a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8775] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\InterQuick.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC87] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\JASC Paint Shop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7497] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jet Photo Shell.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC781] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Juno.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9793] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LingoMail 1.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8840] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LView Pro 2.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6658] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Firework MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9037] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mass Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9154] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\McAfee Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9847] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Micrografx Picture Publisher 8.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7846] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Netmeeting.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 97.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8306] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Works 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7012] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mijenix Powerdesk 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7478] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Miranda ICQ.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Naviscope.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8448] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Net Vampire 3.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9549] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetCaptor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9829] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NewsBin Pro 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC907] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Internet Security.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9688] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\OmniPage 10.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9747] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Outlook Express 5, 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7038] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC810] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoCanvas 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9471] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoDraw 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9679] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PicoZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8708] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PKZip for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7967] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealOne & RealPlayer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7148] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Roxio Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SearchWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8259] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SmartDraw 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9538] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SubmitWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7890] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SWiSH 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Teleport Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5839] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Tribal Voice's PowWow.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC173] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Trillian.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6996] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5908] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\UltraEdit.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7903] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WebFerret.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows App Log Directory.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8477] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8201] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Recent Network Drive List.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinRAR.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9314] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xing MP3 Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5753] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yamaha S-YXG100.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8073] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ZipMagic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC713] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Zone Alarm.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC104] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinAce 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1089] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1094] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Popup Purger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1226] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\HotJava Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerZip 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1184] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Photo Editor 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC130] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MicroAngelo.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1365] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PasswordSafe.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC16] cmd /c del "C:\Program Files\SpyBro\ztvcabinet.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC1613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mozart 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1653] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word Backup Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1651] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Kodak Imaging for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1604] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Spinner Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1560] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1362] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Metapad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1813] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Vueprint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1941] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Download Accelerator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1898] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xolox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2000] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\StarOffice 5.1.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2023] cmd /c del "C:\Program Files\SpyBro\signers.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC2068] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enfish Onespace.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2110] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2164] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Irfanview 32.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2189] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Graphic Workshop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Publisher 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2222] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2424] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MyWay Advertising.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2456] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Agent NewsReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2459] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cute MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2484] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealNetworks Real Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2496] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PictureIt Digital Image Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC25] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ebay Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2504] cmd /c del "C:\Program Files\SpyBro\nospylauncher.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingC2535] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Scour Exchange.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2591] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BookReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC260] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Go!Zilla.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2639] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office XP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2664] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Firewall.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Helios TextPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2764] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Winamp.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2774] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netzip Download Demon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2791] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDesk 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2803] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GetRight.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2804] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonique.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2821] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cool Edit Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2833] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\EditPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2830] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Prefetch Folder.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Eudora Mail.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2850] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Smart Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2900] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PluginBuilder.exe " O4 - HKLM\..\RunOnce: [SpybotDeletingC2944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3134] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Save Now.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3136] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Babylon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3174] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MIRC.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3185] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AX-Icons 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3193] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3234] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3317] cmd /c del "C:\Program Files\SpyBro\spybrofr.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC3254] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jasc Animation Shop 3.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Deskbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3445] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MusicMatch Jukebox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3542] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Photodex Compupic Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3465] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xara 3D 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3605] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Voyager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3674] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\KaZaA Media Desktop.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3743] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Chameleon Web Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ultimate Paint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3778] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Inoculatelt PE Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3818] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Dreamweaver MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC385] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3934] cmd /c del "C:\Program Files\SpyBro\refsig.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC4074] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Imaging.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4147] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MasterSplitter.pp w" O4 - HKLM\..\RunOnce: [SpybotDeletingC4191] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Letterbox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4218] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RegEdit Favorites and Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4294] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netsonic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4346] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteHTML.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4403] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4441] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton File Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4485] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Regedit Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC458] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4548] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LeapFTP 2.6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4582] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Morpheus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4797] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Flash MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4650] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Napster.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4815] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CoffeeCup GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4899] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FlashGet.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4889] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Recent Run Programs.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4913] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SureThing CD Labeler.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4991] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fun CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5135] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MEDA MP3 Splitter.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5146] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5153] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Axialis Media Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5179] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5242] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonic Foundry's Acid 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5252] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AOL Instant Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDVD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5386] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5449] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Personal Ancestral File.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5498] cmd /c del "C:\Program Files\SpyBro\iedefaults.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC551] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GoldWave Digital Audio Editor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cabinet Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC566] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Hotbar 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5682] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Anti-Virus 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5725] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead Photo Express.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9828] cmd /c del "C:\Program Files\SpyBro\antispy.sys" O4 - HKLM\..\RunOnce: [SpybotDeletingC9007] cmd /c del "C:\Program Files\SpyBro\ZtvUnRar3.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC7301] cmd /c del "C:\Program Files\SpyBro\spybroes.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC7182] cmd /c del "C:\Program Files\SpyBro\ZtvUnAceV2.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC610] cmd /c del "C:\Program Files\SpyBro\spybroit.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6011] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Classify 98.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6117] cmd /c del "C:\Program Files\SpyBro\LegacyHelper.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC612] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact Viewer 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ACDSee.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC620] cmd /c del "C:\Program Files\SpyBro\spybrode.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6205] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\TextPad 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6264] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetAnts.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerArc.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6324] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ThumbsPlus 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Gator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6520] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinZip.ppw" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142539884234 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 34692 bytes  |
| InfoSpyware | ||
| |
|
24/03/08, 19:11:32
| |
| ||||
| Re: Como elimino SpyBro y Trojan Banker Hola luzmara, te doy la bienvenida al Foro de InfoSpyware Estas usando una versión antigua de HijackThis, por lo que descarga y ejecuta la nueva versión de *HijackThis 2.0.2 para generar y dejarnos un nuevo log en este mismo mensaje. Salu2 Ausente hasta el 15 de Oct. En viaje al EISI 2009 (Colombia) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
25/03/08, 08:20:21
| |
| |||
| Re: Como elimino SpyBro y Trojan Banker Hola, Gracias por la rápida respuesta, aqui va de nuevo el log de HijackThis. Espero instrucciones. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:18:35 AM, on 3/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\CPUTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.10.2.1:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [USSShReg] C:\WINDOWS\system32\ussshreg.exe /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ulead Photo Express Verificador de Calendario] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [SpybotDeletingC8076] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec's Audio CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddSoft Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddWeb 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced Disk Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8397] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AudioGrabber.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Avant Browser History.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7168] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CRT 2.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6705] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Diskeeper 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7412] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enigma Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6945] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\iMesh.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6614] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Homesite 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7018] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2002a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7142] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2003a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8775] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\InterQuick.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC87] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\JASC Paint Shop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7497] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jet Photo Shell.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC781] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Juno.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6658] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Firework MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7846] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Netmeeting.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8306] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Works 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7012] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mijenix Powerdesk 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7478] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Miranda ICQ.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Naviscope.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8448] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Net Vampire 3.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7038] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC810] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoCanvas 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8708] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PKZip for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7967] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealOne & RealPlayer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7148] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Roxio Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8259] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SmartDraw 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7890] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SWiSH 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Teleport Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5839] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Tribal Voice's PowWow.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC173] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Trillian.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6996] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5908] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\UltraEdit.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7903] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WebFerret.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows App Log Directory.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8477] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8201] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Recent Network Drive List.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5753] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yamaha S-YXG100.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8073] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ZipMagic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC713] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Zone Alarm.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC104] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinAce 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1089] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1094] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Popup Purger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1226] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\HotJava Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerZip 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1184] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Photo Editor 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC130] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MicroAngelo.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1365] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PasswordSafe.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC16] cmd /c del "C:\Program Files\SpyBro\ztvcabinet.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC1613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mozart 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1653] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word Backup Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1651] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Kodak Imaging for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1604] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Spinner Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1560] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1362] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Metapad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1813] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Vueprint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1941] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Download Accelerator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1898] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xolox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2000] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\StarOffice 5.1.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2023] cmd /c del "C:\Program Files\SpyBro\signers.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC2068] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enfish Onespace.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2110] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2164] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Irfanview 32.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2189] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Graphic Workshop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Publisher 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2222] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2424] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MyWay Advertising.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2456] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Agent NewsReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2459] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cute MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2484] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealNetworks Real Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2496] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PictureIt Digital Image Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC25] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ebay Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2504] cmd /c del "C:\Program Files\SpyBro\nospylauncher.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingC2535] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Scour Exchange.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2591] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BookReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC260] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Go!Zilla.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2639] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office XP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2664] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Firewall.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Helios TextPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2764] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Winamp.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2774] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netzip Download Demon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2791] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDesk 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2803] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GetRight.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2804] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonique.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2821] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cool Edit Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2833] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\EditPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2830] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Prefetch Folder.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Eudora Mail.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2850] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Smart Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2900] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PluginBuilder.exe " O4 - HKLM\..\RunOnce: [SpybotDeletingC2944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3134] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Save Now.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3136] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Babylon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3174] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MIRC.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3185] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AX-Icons 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3193] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3234] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3317] cmd /c del "C:\Program Files\SpyBro\spybrofr.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC3254] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jasc Animation Shop 3.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Deskbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3445] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MusicMatch Jukebox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3542] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Photodex Compupic Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3465] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xara 3D 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3605] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Voyager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3674] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\KaZaA Media Desktop.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3743] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Chameleon Web Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ultimate Paint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3778] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Inoculatelt PE Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3818] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Dreamweaver MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC385] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3934] cmd /c del "C:\Program Files\SpyBro\refsig.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC4074] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Imaging.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4147] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MasterSplitter.pp w" O4 - HKLM\..\RunOnce: [SpybotDeletingC4191] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Letterbox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4218] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RegEdit Favorites and Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4294] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netsonic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4346] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteHTML.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4403] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4441] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton File Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4485] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Regedit Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC458] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4548] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LeapFTP 2.6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4582] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Morpheus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4797] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Flash MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4650] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Napster.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4815] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CoffeeCup GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4899] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FlashGet.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4889] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Recent Run Programs.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4913] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SureThing CD Labeler.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4991] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fun CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5135] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MEDA MP3 Splitter.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5146] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5153] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Axialis Media Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5179] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5242] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonic Foundry's Acid 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5252] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AOL Instant Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDVD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5386] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5449] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Personal Ancestral File.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5498] cmd /c del "C:\Program Files\SpyBro\iedefaults.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC551] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GoldWave Digital Audio Editor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cabinet Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC566] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Hotbar 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5682] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Anti-Virus 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5725] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead Photo Express.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7301] cmd /c del "C:\Program Files\SpyBro\spybroes.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC7182] cmd /c del "C:\Program Files\SpyBro\ZtvUnAceV2.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC610] cmd /c del "C:\Program Files\SpyBro\spybroit.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6011] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Classify 98.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6117] cmd /c del "C:\Program Files\SpyBro\LegacyHelper.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC612] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact Viewer 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ACDSee.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC620] cmd /c del "C:\Program Files\SpyBro\spybrode.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6205] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\TextPad 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6264] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetAnts.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerArc.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6324] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ThumbsPlus 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Gator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6520] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8666] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\7-Zip Compression.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AbsoluteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6592] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ad-aware 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6632] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BlazeDVD 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9916] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fotostation 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9847] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Micrografx Picture Publisher 8.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinRAR.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9829] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NewsBin Pro 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9828] cmd /c del "C:\Program Files\SpyBro\antispy.sys" O4 - HKLM\..\RunOnce: [SpybotDeletingC9793] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LingoMail 1.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9747] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Outlook Express 5, 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9720] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Downloaded Installations.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 97.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9688] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\OmniPage 10.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9679] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PicoZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9621] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\DivX Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9669] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9549] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetCaptor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9471] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoDraw 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9538] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SubmitWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9457] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9237] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BearShare.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9154] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\McAfee Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9314] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xing MP3 Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9120] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Alcohol MRU.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC907] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Internet Security.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SearchWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8965] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9037] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mass Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9007] cmd /c del "C:\Program Files\SpyBro\ZtvUnRar3.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC8842] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced MP3 Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC880] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Borland Delphi v7.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8840] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LView Pro 2.x.ppw" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142539884234 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 33650 bytes |
|
25/03/08, 15:23:36
| |
| ||||
| Re: Como elimino SpyBro y Trojan Banker Hola luzmara, Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun) Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale  a las siguientes entradas:O4 - HKLM\..\RunOnce: [SpybotDeletingC8076] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec's Audio CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddSoft Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddWeb 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced Disk Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8397] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AudioGrabber.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Avant Browser History.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7168] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CRT 2.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6705] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Diskeeper 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7412] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enigma Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6945] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\iMesh.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6614] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Homesite 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7018] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2002a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7142] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2003a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8775] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\InterQuick.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC87] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\JASC Paint Shop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7497] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jet Photo Shell.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC781] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Juno.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6658] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Firework MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7846] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Netmeeting.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8306] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Works 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7012] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mijenix Powerdesk 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7478] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Miranda ICQ.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Naviscope.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8448] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Net Vampire 3.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7038] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC810] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoCanvas 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8708] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PKZip for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7967] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealOne & RealPlayer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7148] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Roxio Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8259] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SmartDraw 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7890] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SWiSH 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Teleport Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5839] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Tribal Voice's PowWow.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC173] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Trillian.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6996] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5908] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\UltraEdit.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7903] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WebFerret.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows App Log Directory.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8477] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8201] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Recent Network Drive List.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5753] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yamaha S-YXG100.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8073] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ZipMagic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC713] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Zone Alarm.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC104] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinAce 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1089] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1094] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Popup Purger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1226] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\HotJava Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerZip 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1184] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Photo Editor 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC130] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MicroAngelo.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1365] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PasswordSafe.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC16] cmd /c del "C:\Program Files\SpyBro\ztvcabinet.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC1613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mozart 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1653] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word Backup Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1651] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Kodak Imaging for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1604] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Spinner Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1560] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1362] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Metapad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1813] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Vueprint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1941] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Download Accelerator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1898] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xolox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2000] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\StarOffice 5.1.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2023] cmd /c del "C:\Program Files\SpyBro\signers.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC2068] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enfish Onespace.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2110] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2164] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Irfanview 32.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2189] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Graphic Workshop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Publisher 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2222] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2424] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MyWay Advertising.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2456] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Agent NewsReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2459] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cute MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2484] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealNetworks Real Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2496] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PictureIt Digital Image Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC25] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ebay Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2504] cmd /c del "C:\Program Files\SpyBro\nospylauncher.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingC2535] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Scour Exchange.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2591] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BookReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC260] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Go!Zilla.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2639] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office XP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2664] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Firewall.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Helios TextPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2764] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Winamp.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2774] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netzip Download Demon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2791] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDesk 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2803] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GetRight.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2804] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonique.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2821] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cool Edit Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2833] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\EditPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2830] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Prefetch Folder.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Eudora Mail.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2850] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Smart Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2900] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PluginBuilder.exe " O4 - HKLM\..\RunOnce: [SpybotDeletingC2944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3134] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Save Now.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3136] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Babylon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3174] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MIRC.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3185] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AX-Icons 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3193] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3234] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3317] cmd /c del "C:\Program Files\SpyBro\spybrofr.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC3254] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jasc Animation Shop 3.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Deskbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3445] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MusicMatch Jukebox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3542] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Photodex Compupic Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3465] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xara 3D 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3605] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Voyager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3674] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\KaZaA Media Desktop.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3743] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Chameleon Web Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ultimate Paint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3778] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Inoculatelt PE Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3818] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Dreamweaver MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC385] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3934] cmd /c del "C:\Program Files\SpyBro\refsig.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC4074] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Imaging.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4147] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MasterSplitter.pp w" O4 - HKLM\..\RunOnce: [SpybotDeletingC4191] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Letterbox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4218] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RegEdit Favorites and Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4294] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netsonic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4346] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteHTML.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4403] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4441] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton File Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4485] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Regedit Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC458] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4548] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LeapFTP 2.6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4582] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Morpheus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4797] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Flash MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4650] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Napster.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4815] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CoffeeCup GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4899] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FlashGet.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4889] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Recent Run Programs.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4913] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SureThing CD Labeler.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4991] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fun CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5135] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MEDA MP3 Splitter.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5146] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5153] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Axialis Media Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5179] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5242] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonic Foundry's Acid 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5252] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AOL Instant Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDVD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5386] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5449] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Personal Ancestral File.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5498] cmd /c del "C:\Program Files\SpyBro\iedefaults.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC551] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GoldWave Digital Audio Editor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cabinet Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC566] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Hotbar 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5682] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Anti-Virus 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5725] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead Photo Express.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7301] cmd /c del "C:\Program Files\SpyBro\spybroes.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC7182] cmd /c del "C:\Program Files\SpyBro\ZtvUnAceV2.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC610] cmd /c del "C:\Program Files\SpyBro\spybroit.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6011] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Classify 98.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6117] cmd /c del "C:\Program Files\SpyBro\LegacyHelper.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC612] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact Viewer 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ACDSee.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC620] cmd /c del "C:\Program Files\SpyBro\spybrode.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6205] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\TextPad 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6264] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetAnts.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerArc.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6324] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ThumbsPlus 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Gator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6520] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8666] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\7-Zip Compression.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AbsoluteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6592] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ad-aware 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6632] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BlazeDVD 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9916] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fotostation 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9847] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Micrografx Picture Publisher 8.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinRAR.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9829] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NewsBin Pro 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9828] cmd /c del "C:\Program Files\SpyBro\antispy.sys" O4 - HKLM\..\RunOnce: [SpybotDeletingC9793] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LingoMail 1.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9747] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Outlook Express 5, 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9720] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Downloaded Installations.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 97.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9688] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\OmniPage 10.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9679] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PicoZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9621] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\DivX Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9669] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9549] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetCaptor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9471] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoDraw 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9538] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SubmitWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9457] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9237] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BearShare.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9154] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\McAfee Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9314] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xing MP3 Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9120] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Alcohol MRU.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC907] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Internet Security.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SearchWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8965] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9037] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mass Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9007] cmd /c del "C:\Program Files\SpyBro\ZtvUnRar3.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC8842] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced MP3 Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC880] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Borland Delphi v7.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8840] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LView Pro 2.x.ppw" Paso 3- Ejecuta estas herramientas, de a una:
Cita:
Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Reinicia y nos contas los resultados. junto con el reporte de Paso 5- Reinicia en modo normal y nos dejas los reportes de:
**Nota** - Para mayor comodidad imprime los pasos. - Recuerda regresar y contarnos los resultados. Salu2 Ausente hasta el 15 de Oct. En viaje al EISI 2009 (Colombia) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
Malwarebytes' Anti-Malware
Antes de usar ComboFix.... |
26/03/08, 10:12:06
| |
| |||
| Re: Como elimino SpyBro y Trojan Banker Hola, Corri las herramientas en modo seguro sesión administrador, despues de correr ComboFix el computador reinicio y entro en modo normal, mientras combofix creaba enl reporte se activaron las ventanas de SpyBro, despues corri ccleaner. Reinicie normalmente despues de ccleaner pero las ventanas de SpyBot siguen apareciendo, aquellas que indican que SpyBot esta bloqueando una acción. se llena la pantalla un buen numero de veces luego se cierran. En Administrador de tareas hay un proceso que se llama System Idle Process con username System y CPU superior a 90, no se si esto esta interfiriendo, sinembargo ene l rendimiento de la CPU todo parece normal, no es alto, depende de lo que se este haciendo. Cuando ejecuto algun juego, aparece y desaparece varias veces en la parte superior derecha un cuadro blanco, y los controles del juego se vuelven lentos. Envio el reporte de Malware Anti-Malware y el de Combo fix. Como al reiniciar normalmente volvieron a aparecer las ventanas de SpyBot, corri de nuevo el HijackThis y tambien envio reporte. Que debo hacer ahora? corro de nuevo las herramientas en la sesión normal de windows? de ser asi como desactivo temporalmente SpyBot y Avast? Espero instrucciones, muchas gracias. ///////////////////////////////////////////// Log de Malware Anti-Malware ///////////////////////// Malwarebytes' Anti-Malware 1.09 Versión de la Base de Datos: 541 Tipo de examen : Examen Completo (C:\|D:\|) Objetos examinados: 310202 Tiempo transcurrido: 2 hour(s), 33 minute(s), 43 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) ////////////////////////////////////////////// Log de ComboFix //////////////////////// ComboFix 08-03-25.1 - Administrator 2008-03-25 21:01:29.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.698 [GMT -5:00] Running from: C:\Documents and Settings\Marisol Garcia Pena\Desktop\Indy\Nuevos\Foro\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . TimedOut: progfile.dat -- Script messages for sUBs -- Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$" VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll" VFind.exe -ltf -s-1000000 -d+2007-12-26 "C:\Program Files\*" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))) . 2008-03-25 18:15 . 2008-03-25 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-03-25 15:42 . 2008-03-25 15:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-25 15:42 . 2008-03-25 15:42 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\Malwarebytes 2008-03-25 15:42 . 2008-03-25 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-25 08:01 . 2008-03-25 08:01 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb 2008-03-25 07:17 . 2008-03-25 07:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-24 20:07 . 2008-03-24 22:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-24 20:07 . 2008-03-24 22:53 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\SUPERAntiSpyware.com 2008-03-24 20:07 . 2008-03-24 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-24 19:55 . 2008-03-24 19:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-24 19:55 . 2008-03-25 07:09 <DIR> d-------- C:\Program Files\Trojan Killer 2008-03-24 15:50 . 2008-03-24 15:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-24 14:07 . 2008-03-24 14:07 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\DoctorWeb 2008-03-24 12:12 . 2008-03-24 12:12 3,922 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-24 09:08 . 2008-03-24 09:09 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-03-24 09:08 . 2008-03-25 15:46 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\MegauploadToolbar 2008-03-24 08:10 . 2005-05-17 15:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-03-24 08:10 . 2006-01-18 13:55 290,918 --a------ C:\WINDOWS\system32\Install7x.dll 2008-03-24 08:10 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys 2008-03-24 08:10 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.SYS 2008-03-24 08:10 . 2008-03-24 08:10 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-24 08:10 . 2005-11-30 11:33 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin 2008-03-24 08:10 . 2005-08-19 15:51 138 --a------ C:\WINDOWS\filespec7x 2008-03-21 22:37 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-21 22:37 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-21 22:37 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-21 22:37 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-21 22:36 . 2008-03-21 22:36 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-21 22:36 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-21 22:36 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-21 22:36 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-21 22:36 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-21 04:04 . 2008-03-21 04:05 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\Simply Super Software 2008-03-21 04:04 . 2008-03-21 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-03-21 04:04 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-03-21 04:04 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll 2008-03-21 04:04 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-03-21 04:04 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-03-21 04:04 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-03-21 00:36 . 2008-03-21 00:36 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\TrojanHunter 2008-03-20 21:37 . 2008-03-24 14:06 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-03-20 13:24 . 2008-03-20 13:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-20 13:24 . 2008-03-20 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-20 07:16 . 2008-03-22 03:46 <DIR> d-------- C:\Program Files\Netcom3 Cleaner 2008-03-20 07:11 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-20 07:11 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-20 07:11 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-20 07:11 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-20 07:10 . 2008-03-20 07:10 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\PC Tools 2008-03-19 20:07 . 2008-03-20 13:56 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\Antispyware 2008-03-18 21:00 . 2008-03-18 21:00 <DIR> d-------- C:\LinhaDefensiva 2008-03-11 15:47 . 2008-03-13 09:23 <DIR> d-------- C:\Program Files\LucasArts 2008-03-11 09:39 . 2008-03-11 09:39 35 --a------ C:\WINDOWS\scummvm.ini 2008-03-10 13:56 . 2008-03-10 13:56 1,024 --a------ C:\.rnd 2008-03-10 13:03 . 2008-03-17 14:16 350 --a------ C:\WINDOWS\DESKADV.INI 2008-03-10 12:59 . 2008-03-11 10:53 <DIR> d-------- C:\INDYDESK 2008-03-10 12:59 . 1994-08-24 00:00 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL 2008-03-10 12:59 . 1994-09-21 00:00 92,208 --a------ C:\WINDOWS\system\WING.DLL 2008-03-10 12:59 . 1994-02-18 16:47 26,112 --a------ C:\WINDOWS\system\WAVEMIX.DLL 2008-03-10 12:59 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL 2008-03-10 12:59 . 1994-09-21 00:00 6,736 --a------ C:\WINDOWS\system\WINGDIB.DRV 2008-03-10 12:59 . 1994-09-21 00:00 5,024 --a------ C:\WINDOWS\system\WINGPAL.WND 2008-03-10 12:59 . 1996-02-27 17:54 2,552 --a------ C:\WINDOWS\WAVEMIX.INI 2008-03-10 12:59 . 1994-06-20 00:00 1,966 --a------ C:\WINDOWS\system\DVA.386 2008-03-10 10:47 . 2008-03-10 10:47 <DIR> d-------- C:\VAIO 2008-03-10 10:47 . 2008-03-10 10:47 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-03-10 10:46 . 2005-08-15 10:54 1,536 --a------ C:\WINDOWS\system32\hidec.exe 2008-03-07 12:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-07 12:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-07 12:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-06 14:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-06 14:08 . 2008-03-06 14:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-06 13:53 . 2008-03-19 10:50 <DIR> d-------- C:\Program Files\Windows Live 2008-03-06 13:53 . 2008-03-06 14:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-04 15:38 . 2008-03-10 10:14 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3 2008-03-03 15:24 . 2008-03-06 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-03 14:55 . 2008-03-03 14:55 0 --a------ C:\WINDOWS\geotrans2d.INI 2008-03-03 14:17 . 2008-03-03 14:17 0 --a------ C:\WINDOWS\geotrans2.INI 2008-02-28 13:45 . 2008-02-28 13:45 <DIR> d-------- C:\Program Files\MSBuild 2008-02-28 13:43 . 2008-03-24 08:33 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-02-28 13:42 . 2008-02-28 13:42 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-02-28 13:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-02-28 13:36 . 2008-02-28 13:36 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-02-28 13:28 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-02-28 13:28 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2008-02-28 13:28 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2008-02-27 15:17 . 2008-02-28 18:30 <DIR> d-------- C:\Program Files\terraview3.2.0 2008-02-27 14:49 . 2008-02-27 14:50 <DIR> d-------- C:\MGP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-25 20:27 --------- d-----w C:\Documents and Settings\Marisol Garcia Pena\Application Data\Skype 2008-03-25 20:13 --------- d-----w C:\Documents and Settings\Marisol Garcia Pena\Application Data\tor 2008-03-25 12:41 --------- d-----w C:\Documents and Settings\Marisol Garcia Pena\Application Data\Vidalia 2008-03-24 13:10 --------- d-----w C:\Program Files\RALINK 2008-03-17 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-17 20:12 --------- d-----w C:\Program Files\eMule 2008-03-12 20:04 81,384 ----a-w C:\Documents and Settings\Marisol Garcia Pena\Application Data\GDIPFONTCACHEV1.DAT 2008-03-11 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-11 13:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-09 22:54 --------- d-----w C:\Program Files\SPSS 2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll 2004-08-04 12:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll 2004-08-04 12:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Power2GoExpress"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 01:02 11852288] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "VTTimer"="VTTimer.exe" [2006-09-21 08:36 53248 C:\WINDOWS\system32\VTTimer.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768] "SMSERIAL"="sm56hlpr.exe" [2006-02-28 04:37 544768 C:\WINDOWS\sm56hlpr.exe] "CPUTray"="C:\WINDOWS\system32\CPUTray.exe" [2005-05-13 18:46 212992] "farstone"="" [] "RestoreIT!"="C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.exe" [2005-02-03 21:18 118784] "Eval"="C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" [2005-02-19 18:39 1826816] "Guard"="C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" [2008-03-19 00:03 573440] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-03-28 03:53 188416] "USSShReg"="C:\WINDOWS\system32\ussshreg.exe" [1997-02-24 00:47 19968] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-22 13:29 98304] "Ulead Photo Express Verificador de Calendario"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 20:40 69632] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2008-03-20 18:13 45056] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 01:37 1691648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "SpybotDeletingC8076"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec's Audio CD.ppw" [ ] "SpybotDeletingC7336"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\AddSoft Log Files.ppw" [ ] "SpybotDeletingC7731"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\AddWeb 3.0.ppw" [ ] "SpybotDeletingC737"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Advanced Disk Catalog.ppw" [ ] "SpybotDeletingC8397"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\AudioGrabber.ppw" [ ] "SpybotDeletingC7048"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Avant Browser History.ppw" [ ] "SpybotDeletingC7168"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\CRT 2.x.ppw" [ ] "SpybotDeletingC6705"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Diskeeper 5.0.ppw" [ ] "SpybotDeletingC7412"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Enigma Browser.ppw" [ ] "SpybotDeletingC6945"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\iMesh.ppw" [ ] "SpybotDeletingC6614"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Homesite 4.0.ppw" [ ] "SpybotDeletingC7018"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2002a.ppw" [ ] "SpybotDeletingC7142"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2003a.ppw" [ ] "SpybotDeletingC8775"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\InterQuick.ppw" [ ] "SpybotDeletingC87"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\JASC Paint Shop Pro.ppw" [ ] "SpybotDeletingC7497"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Jet Photo Shell.ppw" [ ] "SpybotDeletingC781"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Juno.ppw" [ ] "SpybotDeletingC6658"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Firework MX.ppw" [ ] "SpybotDeletingC7846"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Netmeeting.ppw" [ ] "SpybotDeletingC8306"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Works 4.0.ppw" [ ] "SpybotDeletingC7012"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Mijenix Powerdesk 4.0.ppw" [ ] "SpybotDeletingC7478"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Miranda ICQ.ppw" [ ] "SpybotDeletingC8048"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Naviscope.ppw" [ ] "SpybotDeletingC8448"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Net Vampire 3.x.ppw" [ ] "SpybotDeletingC7038"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 5.0.ppw" [ ] "SpybotDeletingC810"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 7.0.ppw" [ ] "SpybotDeletingC8342"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PhotoCanvas 2.0.ppw" [ ] "SpybotDeletingC8708"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PKZip for Windows.ppw" [ ] "SpybotDeletingC7967"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\RealOne & RealPlayer.ppw" [ ] "SpybotDeletingC7148"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Roxio Easy CD Creator.ppw" [ ] "SpybotDeletingC8259"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\SmartDraw 6.ppw" [ ] "SpybotDeletingC7890"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\SWiSH 2.0.ppw" [ ] "SpybotDeletingC7944"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Teleport Pro.ppw" [ ] "SpybotDeletingC5839"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Tribal Voice's PowWow.ppw" [ ] "SpybotDeletingC173"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Trillian.ppw" [ ] "SpybotDeletingC6996"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Ulead GIF Animator.ppw" [ ] "SpybotDeletingC5908"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\UltraEdit.ppw" [ ] "SpybotDeletingC7903"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\WebFerret.ppw" [ ] "SpybotDeletingC8"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows App Log Directory.ppw" [ ] "SpybotDeletingC8477"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows Commander.ppw" [ ] "SpybotDeletingC8201"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows Recent Network Drive List.ppw" [ ] "SpybotDeletingC5753"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Yamaha S-YXG100.ppw" [ ] "SpybotDeletingC8073"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\ZipMagic.ppw" [ ] "SpybotDeletingC713"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Zone Alarm.ppw" [ ] "SpybotDeletingC104"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\WinAce 2.0.ppw" [ ] "SpybotDeletingC1089"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Plus.ppw" [ ] "SpybotDeletingC1094"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Popup Purger.ppw" [ ] "SpybotDeletingC1144"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Player.ppw" [ ] "SpybotDeletingC1226"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\HotJava Browser.ppw" [ ] "SpybotDeletingC1128"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PowerZip 6.0.ppw" [ ] "SpybotDeletingC1184"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Photo Editor 3.0.ppw" [ ] "SpybotDeletingC130"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MicroAngelo.ppw" [ ] "SpybotDeletingC1365"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PasswordSafe.ppw" [ ] "SpybotDeletingC16"="cmd /c del C:\Program Files\SpyBro\ztvcabinet.dll" [ ] "SpybotDeletingC1613"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Mozart 4.0.ppw" [ ] "SpybotDeletingC1653"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word Backup Files.ppw" [ ] "SpybotDeletingC1651"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Kodak Imaging for Windows.ppw" [ ] "SpybotDeletingC1604"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Spinner Plus.ppw" [ ] "SpybotDeletingC1560"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MSN Toolbar.ppw" [ ] "SpybotDeletingC1362"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Metapad.ppw" [ ] "SpybotDeletingC1813"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Vueprint.ppw" [ ] "SpybotDeletingC1941"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Download Accelerator.ppw" [ ] "SpybotDeletingC1898"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Xolox.ppw" [ ] "SpybotDeletingC2000"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\StarOffice 5.1.ppw" [ ] "SpybotDeletingC2023"="cmd /c del C:\Program Files\SpyBro\signers.db" [ ] "SpybotDeletingC2068"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Enfish Onespace.ppw" [ ] "SpybotDeletingC2110"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 2000.ppw" [ ] "SpybotDeletingC2164"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Irfanview 32.ppw" [ ] "SpybotDeletingC2189"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Graphic Workshop Pro.ppw" [ ] "SpybotDeletingC2198"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Publisher 2000.ppw" [ ] "SpybotDeletingC2222"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 5.ppw" [ ] "SpybotDeletingC2424"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MyWay Advertising.ppw" [ ] "SpybotDeletingC2456"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Agent NewsReader.ppw" [ ] "SpybotDeletingC2459"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Cute MX.ppw" [ ] "SpybotDeletingC2484"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\RealNetworks Real Download.ppw" [ ] "SpybotDeletingC2496"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PictureIt Digital Image Pro 7.0.ppw" [ ] "SpybotDeletingC25"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Ebay Toolbar.ppw" [ ] "SpybotDeletingC2504"="cmd /c del C:\Program Files\SpyBro\nospylauncher.exe" [ ] "SpybotDeletingC2535"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Scour Exchange.ppw" [ ] "SpybotDeletingC2591"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\BookReader.ppw" [ ] "SpybotDeletingC260"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Go!Zilla.ppw" [ ] "SpybotDeletingC2639"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office XP.ppw" [ ] "SpybotDeletingC2664"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Norton Firewall.ppw" [ ] "SpybotDeletingC2737"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Helios TextPad.ppw" [ ] "SpybotDeletingC2764"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Winamp.ppw" [ ] "SpybotDeletingC2774"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Netzip Download Demon.ppw" [ ] "SpybotDeletingC2791"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PowerDesk 5.ppw" [ ] "SpybotDeletingC2803"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\GetRight.ppw" [ ] "SpybotDeletingC2804"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Sonique.ppw" [ ] "SpybotDeletingC2821"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Cool Edit Pro.ppw" [ ] "SpybotDeletingC2833"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\EditPad.ppw" [ ] "SpybotDeletingC2830"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Prefetch Folder.ppw" [ ] "SpybotDeletingC285"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Eudora Mail.ppw" [ ] "SpybotDeletingC2850"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Smart Explorer.ppw" [ ] "SpybotDeletingC2900"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PluginBuilder.exe " [ ] "SpybotDeletingC2944"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\CuteFTP.ppw" [ ] "SpybotDeletingC3134"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Save Now.ppw" [ ] "SpybotDeletingC3136"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Babylon.ppw" [ ] "SpybotDeletingC3174"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MIRC.ppw" [ ] "SpybotDeletingC3185"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\AX-Icons 4.x.ppw" [ ] "SpybotDeletingC3193"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word 2000.ppw" [ ] "SpybotDeletingC3234"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Messenger.ppw" [ ] "SpybotDeletingC3317"="cmd /c del C:\Program Files\SpyBro\spybrofr.mo" [ ] "SpybotDeletingC3254"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Jasc Animation Shop 3.ppw" [ ] "SpybotDeletingC3336"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MSN Messenger.ppw" [ ] "SpybotDeletingC3396"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Google Deskbar.ppw" [ ] "SpybotDeletingC3445"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MusicMatch Jukebox.ppw" [ ] "SpybotDeletingC3542"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Photodex Compupic Pro.ppw" [ ] "SpybotDeletingC3465"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Xara 3D 4.0.ppw" [ ] "SpybotDeletingC3605"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\FTP Voyager.ppw" [ ] "SpybotDeletingC3674"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\KaZaA Media Desktop.ppw" [ ] "SpybotDeletingC3743"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Chameleon Web Browser.ppw" [ ] "SpybotDeletingC3731"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Ultimate Paint.ppw" [ ] "SpybotDeletingC3778"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Inoculatelt PE Virus Scan.ppw" [ ] "SpybotDeletingC3818"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Dreamweaver MX.ppw" [ ] "SpybotDeletingC385"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Google Toolbar.ppw" [ ] "SpybotDeletingC3934"="cmd /c del C:\Program Files\SpyBro\refsig.db" [ ] "SpybotDeletingC4074"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Imaging.ppw" [ ] "SpybotDeletingC4147"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MasterSplitter.pp w" [ ] "SpybotDeletingC4191"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Letterbox.ppw" [ ] "SpybotDeletingC4218"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\RegEdit Favorites and Recent Key.ppw" [ ] "SpybotDeletingC4294"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Netsonic.ppw" [ ] "SpybotDeletingC4346"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\CuteHTML.ppw" [ ] "SpybotDeletingC4403"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact.ppw" [ ] "SpybotDeletingC4441"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Norton File Manager.ppw" [ ] "SpybotDeletingC4485"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows Regedit Recent Key.ppw" [ ] "SpybotDeletingC458"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\FTP Explorer.ppw" [ ] "SpybotDeletingC4548"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\LeapFTP 2.6.ppw" [ ] "SpybotDeletingC4582"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Morpheus.ppw" [ ] "SpybotDeletingC4797"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Flash MX.ppw" [ ] "SpybotDeletingC4650"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Napster.ppw" [ ] "SpybotDeletingC4815"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\CoffeeCup GIF Animator.ppw" [ ] "SpybotDeletingC4899"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\FlashGet.ppw" [ ] "SpybotDeletingC4889"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Recent Run Programs.ppw" [ ] "SpybotDeletingC4913"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\SureThing CD Labeler.ppw" [ ] "SpybotDeletingC4991"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec Easy CD Creator.ppw" [ ] "SpybotDeletingC5126"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Fun CD.ppw" [ ] "SpybotDeletingC5135"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\MEDA MP3 Splitter.ppw" [ ] "SpybotDeletingC5146"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 6.0.ppw" [ ] "SpybotDeletingC5153"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Axialis Media Browser.ppw" [ ] "SpybotDeletingC5179"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Pro.ppw" [ ] "SpybotDeletingC5242"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Sonic Foundry's Acid 2.0.ppw" [ ] "SpybotDeletingC5252"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\AOL Instant Messenger.ppw" [ ] "SpybotDeletingC5285"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PowerDVD.ppw" [ ] "SpybotDeletingC5386"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Norton Commander.ppw" [ ] "SpybotDeletingC5449"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Personal Ancestral File.ppw" [ ] "SpybotDeletingC5498"="cmd /c del C:\Program Files\SpyBro\iedefaults.db" [ ] "SpybotDeletingC551"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\GoldWave Digital Audio Editor.ppw" [ ] "SpybotDeletingC5613"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Cabinet Manager.ppw" [ ] "SpybotDeletingC566"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Hotbar 3.0.ppw" [ ] "SpybotDeletingC5682"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Norton Anti-Virus 2000.ppw" [ ] "SpybotDeletingC5725"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Ulead Photo Express.ppw" [ ] "SpybotDeletingC7301"="cmd /c del C:\Program Files\SpyBro\spybroes.mo" [ ] "SpybotDeletingC7182"="cmd /c del C:\Program Files\SpyBro\ZtvUnAceV2.dll" [ ] "SpybotDeletingC610"="cmd /c del C:\Program Files\SpyBro\spybroit.mo" [ ] "SpybotDeletingC6011"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Classify 98.ppw" [ ] "SpybotDeletingC6117"="cmd /c del C:\Program Files\SpyBro\LegacyHelper.dll" [ ] "SpybotDeletingC612"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact Viewer 4.0.ppw" [ ] "SpybotDeletingC6144"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\ACDSee.ppw" [ ] "SpybotDeletingC620"="cmd /c del C:\Program Files\SpyBro\spybrode.mo" [ ] "SpybotDeletingC6205"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\TextPad 4.x.ppw" [ ] "SpybotDeletingC6264"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\NetAnts.ppw" [ ] "SpybotDeletingC6342"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PowerArc.ppw" [ ] "SpybotDeletingC6324"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\ThumbsPlus 4.0.ppw" [ ] "SpybotDeletingC6467"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Gator.ppw" [ ] "SpybotDeletingC6520"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\WinZip.ppw" [ ] "SpybotDeletingC8666"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\7-Zip Compression.ppw" [ ] "SpybotDeletingC8128"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\AbsoluteFTP.ppw" [ ] "SpybotDeletingC6592"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Ad-aware 6.ppw" [ ] "SpybotDeletingC6632"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\BlazeDVD 2.0.ppw" [ ] "SpybotDeletingC9916"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Fotostation 4.0.ppw" [ ] "SpybotDeletingC9847"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Micrografx Picture Publisher 8.ppw" [ ] "SpybotDeletingC9943"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\WinRAR.ppw" [ ] "SpybotDeletingC9829"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\NewsBin Pro 4.ppw" [ ] "SpybotDeletingC9828"="cmd /c del C:\Program Files\SpyBro\antispy.sys" [ ] "SpybotDeletingC9793"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\LingoMail 1.x.ppw" [ ] "SpybotDeletingC9747"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Outlook Express 5" [ ] "SpybotDeletingC9720"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Downloaded Installations.ppw" [ ] "SpybotDeletingC9737"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 97.ppw" [ ] "SpybotDeletingC9688"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\OmniPage 10.0.ppw" [ ] "SpybotDeletingC9679"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PicoZip.ppw" [ ] "SpybotDeletingC9621"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\DivX Player.ppw" [ ] "SpybotDeletingC9669"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 6.ppw" [ ] "SpybotDeletingC9549"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\NetCaptor.ppw" [ ] "SpybotDeletingC9471"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\PhotoDraw 2000.ppw" [ ] "SpybotDeletingC9538"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\SubmitWolf.ppw" [ ] "SpybotDeletingC943"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Windows Log Files.ppw" [ ] "SpybotDeletingC9457"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 4.ppw" [ ] "SpybotDeletingC9237"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\BearShare.ppw" [ ] "SpybotDeletingC9154"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\McAfee Virus Scan.ppw" [ ] "SpybotDeletingC9314"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Xing MP3 Player.ppw" [ ] "SpybotDeletingC9120"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Alcohol MRU.ppw" [ ] "SpybotDeletingC907"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Norton Internet Security.ppw" [ ] "SpybotDeletingC9126"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\SearchWolf.ppw" [ ] "SpybotDeletingC8965"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 7.0.ppw" [ ] "SpybotDeletingC9037"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Mass Download.ppw" [ ] "SpybotDeletingC9007"="cmd /c del C:\Program Files\SpyBro\ZtvUnRar3.dll" [ ] "SpybotDeletingC8842"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Advanced MP3 Catalog.ppw" [ ] "SpybotDeletingC880"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\Borland Delphi v7.ppw" [ ] "SpybotDeletingC8840"="cmd /c del C:\Program Files\SpyBro\TracksEraserPlugins\LView Pro 2.x.ppw" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193] Corel Family & Friends Reminders.LNK - C:\Program Files\Corel\Print House Magic\cffrem.exe [2006-10-22 09:58:47 670208] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 09:30:54 250368] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-24 08  59 593920][hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"= "C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"= "C:\\TeXmacs\\usr\\X11R6\\bin\\XWin.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2medi a.sys [2006-02-28 04:08] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.s ys [2006-02-28 04:08] R0 ptpd;Disk Filter Driver;C:\WINDOWS\system32\drivers\ptpd.sys [2005-02-11 12:25] R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.s ys [2004-05-18 16:43] R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-12-06 16:43] R2 GbpSv;Gbp Service;C:\Program Files\GbPlugin\GbpSv.exe [2007-08-08 14:29] R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 01:27] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12] R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVc d.sys [2005-02-25 19:34] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm. sys [2007-07-23 06:54] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d820eb8-f51d-11db-b437-0013d376c112}] \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar] C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}] regsvr32 /s C:\VAIO\.\vshellext.dll . Contents of the 'Scheduled Tasks' folder "2008-03-26 02:13:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-03-26 02:16:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3D04995-2EE3-4A69-BDD3-103C9A452633}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 21:08:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe . ************************************************** ************************ . Completion time: 2008-03-25 21:17:15 - machine was rebooted [Marisol Garcia Pena] ComboFix-quarantined-files.txt 2008-03-26 02:17:12 . 2008-03-19 15:57:13 --- E O F --- //////////////////////////////////////////////////////////// Cuarentena de ComboFix //////////////////////////// 1996-06-10 11:24 307200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cfx32.ocx. vir 2008-02-09 17:54 205 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lsprst7.dl l.vir 2008-02-09 17:54 73 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssprs.dll. vir 2008-03-19 15:23 8014 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ban_list.t xt.vir 2008-03-25 21:04 39 --a------ C:\Qoobox\Quarantine\catchme.log 2008-03-25 21:04 850 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA .reg.dat |
|
26/03/08, 10:14:23
| |
| |||
| Re: Como elimino SpyBro y Trojan Banker Log de HijackThis despues de correr todas las herramientas /////////////////////////////////////////////////// Log de HijackThis //////////////////////////// Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:49, on 2008-03-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\CPUTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.10.2.1:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [USSShReg] C:\WINDOWS\system32\ussshreg.exe /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ulead Photo Express Verificador de Calendario] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [SpybotDeletingC8076] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec's Audio CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddSoft Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AddWeb 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced Disk Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8397] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AudioGrabber.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Avant Browser History.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7168] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CRT 2.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6705] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Diskeeper 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7412] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enigma Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6945] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\iMesh.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6614] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Homesite 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7018] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2002a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7142] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ICQ 2003a.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8775] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\InterQuick.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC87] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\JASC Paint Shop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7497] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jet Photo Shell.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC781] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Juno.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6658] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Firework MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7846] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Netmeeting.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8306] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Works 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7012] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mijenix Powerdesk 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7478] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Miranda ICQ.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8048] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Naviscope.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8448] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Net Vampire 3.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7038] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 5.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC810] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Paint Shop Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoCanvas 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8708] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PKZip for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7967] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealOne & RealPlayer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7148] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Roxio Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8259] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SmartDraw 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7890] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SWiSH 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Teleport Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5839] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Tribal Voice's PowWow.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC173] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Trillian.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6996] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5908] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\UltraEdit.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7903] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WebFerret.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows App Log Directory.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8477] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8201] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Recent Network Drive List.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5753] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yamaha S-YXG100.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8073] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ZipMagic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC713] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Zone Alarm.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC104] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinAce 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1089] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1094] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Popup Purger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1226] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\HotJava Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerZip 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1184] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Photo Editor 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC130] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MicroAngelo.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1365] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PasswordSafe.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC16] cmd /c del "C:\Program Files\SpyBro\ztvcabinet.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC1613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mozart 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1653] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word Backup Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1651] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Kodak Imaging for Windows.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1604] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Spinner Plus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1560] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1362] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Metapad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1813] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Vueprint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1941] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Download Accelerator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC1898] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xolox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2000] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\StarOffice 5.1.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2023] cmd /c del "C:\Program Files\SpyBro\signers.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC2068] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Enfish Onespace.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2110] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2164] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Irfanview 32.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2189] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Graphic Workshop Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Publisher 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2222] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2424] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MyWay Advertising.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2456] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Agent NewsReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2459] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cute MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2484] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RealNetworks Real Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2496] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PictureIt Digital Image Pro 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC25] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ebay Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2504] cmd /c del "C:\Program Files\SpyBro\nospylauncher.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingC2535] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Scour Exchange.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2591] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BookReader.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC260] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Go!Zilla.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2639] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office XP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2664] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Firewall.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Helios TextPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2764] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Winamp.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2774] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netzip Download Demon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2791] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDesk 5.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2803] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GetRight.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2804] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonique.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2821] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cool Edit Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2833] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\EditPad.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2830] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Prefetch Folder.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Eudora Mail.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2850] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Smart Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC2900] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PluginBuilder.exe " O4 - HKLM\..\RunOnce: [SpybotDeletingC2944] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3134] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Save Now.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3136] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Babylon.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3174] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MIRC.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3185] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AX-Icons 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3193] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Word 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3234] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Yahoo! Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3317] cmd /c del "C:\Program Files\SpyBro\spybrofr.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC3254] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Jasc Animation Shop 3.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3336] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MSN Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3396] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Deskbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3445] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MusicMatch Jukebox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3542] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Photodex Compupic Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3465] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xara 3D 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3605] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Voyager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3674] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\KaZaA Media Desktop.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3743] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Chameleon Web Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3731] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ultimate Paint.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3778] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Inoculatelt PE Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3818] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Dreamweaver MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC385] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Google Toolbar.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC3934] cmd /c del "C:\Program Files\SpyBro\refsig.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC4074] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Imaging.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4147] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MasterSplitter.pp w" O4 - HKLM\..\RunOnce: [SpybotDeletingC4191] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Letterbox.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4218] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\RegEdit Favorites and Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4294] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Netsonic.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4346] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CuteHTML.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4403] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4441] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton File Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4485] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Regedit Recent Key.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC458] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FTP Explorer.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4548] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LeapFTP 2.6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4582] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Morpheus.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4797] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Macromedia Flash MX.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4650] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Napster.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4815] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\CoffeeCup GIF Animator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4899] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\FlashGet.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4889] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows XP Recent Run Programs.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4913] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SureThing CD Labeler.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC4991] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adaptec Easy CD Creator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fun CD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5135] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\MEDA MP3 Splitter.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5146] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 6.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5153] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Axialis Media Browser.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5179] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Copernic 2001 Pro.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5242] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Sonic Foundry's Acid 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5252] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AOL Instant Messenger.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5285] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerDVD.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5386] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Commander.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5449] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Personal Ancestral File.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5498] cmd /c del "C:\Program Files\SpyBro\iedefaults.db" O4 - HKLM\..\RunOnce: [SpybotDeletingC551] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\GoldWave Digital Audio Editor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5613] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Cabinet Manager.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC566] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Hotbar 3.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5682] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Anti-Virus 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC5725] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ulead Photo Express.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC7301] cmd /c del "C:\Program Files\SpyBro\spybroes.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC7182] cmd /c del "C:\Program Files\SpyBro\ZtvUnAceV2.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC610] cmd /c del "C:\Program Files\SpyBro\spybroit.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6011] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Classify 98.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6117] cmd /c del "C:\Program Files\SpyBro\LegacyHelper.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC612] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoImpact Viewer 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6144] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ACDSee.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC620] cmd /c del "C:\Program Files\SpyBro\spybrode.mo" O4 - HKLM\..\RunOnce: [SpybotDeletingC6205] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\TextPad 4.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6264] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetAnts.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6342] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PowerArc.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6324] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\ThumbsPlus 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6467] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Gator.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6520] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8666] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\7-Zip Compression.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8128] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\AbsoluteFTP.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6592] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Ad-aware 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC6632] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BlazeDVD 2.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9916] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Fotostation 4.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9847] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Micrografx Picture Publisher 8.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\WinRAR.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9829] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NewsBin Pro 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9828] cmd /c del "C:\Program Files\SpyBro\antispy.sys" O4 - HKLM\..\RunOnce: [SpybotDeletingC9793] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LingoMail 1.x.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9747] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Outlook Express 5, 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9720] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Downloaded Installations.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9737] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Microsoft Office 97.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9688] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\OmniPage 10.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9679] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PicoZip.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9621] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\DivX Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9669] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 6.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9549] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\NetCaptor.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9471] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\PhotoDraw 2000.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9538] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SubmitWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC943] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Windows Log Files.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9457] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Acrobat Reader 4.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9237] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\BearShare.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9154] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\McAfee Virus Scan.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9314] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Xing MP3 Player.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9120] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Alcohol MRU.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC907] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Norton Internet Security.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9126] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\SearchWolf.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8965] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Adobe Photoshop 7.0.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9037] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Mass Download.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC9007] cmd /c del "C:\Program Files\SpyBro\ZtvUnRar3.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC8842] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Advanced MP3 Catalog.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC880] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\Borland Delphi v7.ppw" O4 - HKLM\..\RunOnce: [SpybotDeletingC8840] cmd /c del "C:\Program Files\SpyBro\TracksEraserPlugins\LView Pro 2.x.ppw" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142539884234 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 33736 bytes |
|
26/03/08, 21:24:02
| |
| ||||
| Re: Como elimino SpyBro y Trojan Banker Hola, tendrías que desinstalar momentaneamente SpyBot S&D y así poder darle a todas las entradas del SpyBot que tenes que sacar que te puse en el primer mensaje.Salu2 Ausente hasta el 15 de Oct. En viaje al EISI 2009 (Colombia) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
27/03/08, 14:25:34
| |
| |||
| Re: Como elimino SpyBro y Trojan Banker Hola, No tendre problemas al desistalar el SpyBot? es decir, es posible que al desistalar el rendimiento de la CPU vuelva al 100%, que aparezca aquella ventana solicitando un archivo para crack, y que deje de funcionar el antivirus Avast? Gracias, |
|
27/03/08, 20:29:29
| |
| ||||
| Re: Como elimino SpyBro y Trojan Banker Hola, es necesario que sigas los pasos si quieres limpiar correctamente tu pc. De nuestra parte no podemos hacer mas que darte recomendaciones. Salu2 Ausente hasta el 15 de Oct. En viaje al EISI 2009 (Colombia) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
28/03/08, 15:51:54
| |
| |||
| Re: Como elimino SpyBro y Trojan Banker Hola, Desistale el SpyBot reinicie, corri el HijackThis y ya no aparecen las entradas del SpyBot, corri tambien las demas herramientas, todo parece normal, ahora debo instalar de nuevo SpyBot? Que debo hacer con los archivos de cuarentena del ComboFix? Envio los logs \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HijackThis \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:13, on 2008-03-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\CPUTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.10.2.1:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [USSShReg] C:\WINDOWS\system32\ussshreg.exe /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ulead Photo Express Verificador de Calendario] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142539884234 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9137 bytes \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Malwarebytes Anti-Malware \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Malwarebytes' Anti-Malware 1.09 Versión de la Base de Datos: 560 Tipo de examen : Examen Rápido Objetos examinados: 30049 Tiempo transcurrido: 3 minute(s), 30 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ComboFix \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ComboFix 08-03-25.1 - Marisol Garcia Pena 2008-03-28 13:13:39.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT -5:00] Running from: C:\Documents and Settings\Marisol Garcia Pena\Desktop\Indy\Nuevos\Foro\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . TimedOut: progfile.dat -- Script messages for sUBs -- VFind.exe -ltf -s-1300000 -d+2007-12-28 C:\WINDOWS\* VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*" VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*" Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$" VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll" VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*" ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))) . 2008-03-27 18:25 . 2008-03-27 18:26 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-03-25 21:30 . 2008-03-25 21:30 <DIR> d-------- C:\Program Files\CCleaner 2008-03-25 18:15 . 2008-03-25 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-03-25 15:42 . 2008-03-25 15:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-25 15:42 . 2008-03-25 15:42 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\Malwarebytes 2008-03-25 15:42 . 2008-03-25 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-25 08:01 . 2008-03-25 08:01 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb 2008-03-25 07:17 . 2008-03-25 07:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-24 20:07 . 2008-03-24 22:53 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\SUPERAntiSpyware.com 2008-03-24 19:55 . 2008-03-24 19:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-03-24 19:55 . 2008-03-25 07:09 <DIR> d-------- C:\Program Files\Trojan Killer 2008-03-24 15:50 . 2008-03-24 15:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-24 14:07 . 2008-03-24 14:07 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\DoctorWeb 2008-03-24 12:12 . 2008-03-24 12:12 3,922 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-24 09:08 . 2008-03-24 09:09 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-03-24 09:08 . 2008-03-28 12:30 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\MegauploadToolbar 2008-03-24 08:10 . 2005-05-17 15:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-03-24 08:10 . 2006-01-18 13:55 290,918 --a------ C:\WINDOWS\system32\Install7x.dll 2008-03-24 08:10 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys 2008-03-24 08:10 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.SYS 2008-03-24 08:10 . 2008-03-24 08:10 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-24 08:10 . 2005-11-30 11:33 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin 2008-03-24 08:10 . 2005-08-19 15:51 138 --a------ C:\WINDOWS\filespec7x 2008-03-21 22:37 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-21 22:37 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-21 22:37 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-21 22:37 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-21 22:36 . 2008-03-21 22:36 <DIR> d-------- C:\Program Files\Alwil Software 2008-03-21 22:36 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-21 22:36 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-21 22:36 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-21 22:36 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-21 04:04 . 2008-03-21 04:05 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\Simply Super Software 2008-03-21 04:04 . 2008-03-21 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-03-21 04:04 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-03-21 04:04 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll 2008-03-21 04:04 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-03-21 04:04 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-03-21 04:04 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-03-21 00:36 . 2008-03-21 00:36 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\TrojanHunter 2008-03-20 07:16 . 2008-03-22 03:46 <DIR> d-------- C:\Program Files\Netcom3 Cleaner 2008-03-20 07:11 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-20 07:11 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-20 07:11 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-20 07:11 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-20 07:10 . 2008-03-20 07:10 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\PC Tools 2008-03-19 20:07 . 2008-03-20 13:56 <DIR> d-------- C:\Documents and Settings\Marisol Garcia Pena\Application Data\Antispyware 2008-03-18 21:00 . 2008-03-18 21:00 <DIR> d-------- C:\LinhaDefensiva 2008-03-11 15:47 . 2008-03-13 09:23 <DIR> d-------- C:\Program Files\LucasArts 2008-03-11 09:39 . 2008-03-11 09:39 35 --a------ C:\WINDOWS\scummvm.ini 2008-03-10 13:56 . 2008-03-10 13:56 1,024 --a------ C:\.rnd 2008-03-10 13:03 . 2008-03-17 14:16 350 --a------ C:\WINDOWS\DESKADV.INI 2008-03-10 12:59 . 2008-03-11 10:53 <DIR> d-------- C:\INDYDESK 2008-03-10 12:59 . 1994-08-24 00:00 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL 2008-03-10 12:59 . 1994-09-21 00:00 92,208 --a------ C:\WINDOWS\system\WING.DLL 2008-03-10 12:59 . 1994-02-18 16:47 26,112 --a------ C:\WINDOWS\system\WAVEMIX.DLL 2008-03-10 12:59 . 1994-09-21 00:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL 2008-03-10 12:59 . 1994-09-21 00:00 6,736 --a------ C:\WINDOWS\system\WINGDIB.DRV 2008-03-10 12:59 . 1994-09-21 00:00 5,024 --a------ C:\WINDOWS\system\WINGPAL.WND 2008-03-10 12:59 . 1996-02-27 17:54 2,552 --a------ C:\WINDOWS\WAVEMIX.INI 2008-03-10 12:59 . 1994-06-20 00:00 1,966 --a------ C:\WINDOWS\system\DVA.386 2008-03-10 10:47 . 2008-03-10 10:47 <DIR> d-------- C:\VAIO 2008-03-10 10:47 . 2008-03-10 10:47 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-03-10 10:46 . 2005-08-15 10:54 1,536 --a------ C:\WINDOWS\system32\hidec.exe 2008-03-07 12:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-07 12:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-07 12:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-06 14:09 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-06 14:08 . 2008-03-06 14:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-06 13:53 . 2008-03-19 10:50 <DIR> d-------- C:\Program Files\Windows Live 2008-03-06 13:53 . 2008-03-06 14:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 15:24 . 2008-03-06 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-03 14:55 . 2008-03-03 14:55 0 --a------ C:\WINDOWS\geotrans2d.INI 2008-03-03 14:17 . 2008-03-03 14:17 0 --a------ C:\WINDOWS\geotrans2.INI 2008-02-28 13:45 . 2008-02-28 13:45 <DIR> d-------- C:\Program Files\MSBuild 2008-02-28 13:43 . 2008-03-24 08:33 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-02-28 13:42 . 2008-02-28 13:42 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-02-28 13:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-02-28 13:36 . 2008-02-28 13:36 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-02-28 13:28 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-02-28 13:28 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2008-02-28 13:28 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-28 18:10 --------- d-----w C:\Documents and Settings\Marisol Garcia Pena\Application Data\tor 2008-03-25 20:27 --------- d-----w C:\Documents and Settings\Marisol Garcia Pena\Application Data\Skype 2008-03-25 12:41 --------- d-----w C:\Documents and Settings\Marisol Garcia Pena\Application Data\Vidalia 2008-03-24 13:10 --------- d-----w C:\Program Files\RALINK 2008-03-17 20:12 --------- d-----w C:\Program Files\eMule 2008-03-12 20:04 81,384 ----a-w C:\Documents and Settings\Marisol Garcia Pena\Application Data\GDIPFONTCACHEV1.DAT 2008-03-11 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-11 13:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-09 22:54 --------- d-----w C:\Program Files\SPSS 2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll 2004-08-04 12:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll 2004-08-04 12:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-25_21.16.50.81 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-28 18:00:28 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_574.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Power2GoExpress"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 01:02 11852288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "VTTimer"="VTTimer.exe" [2006-09-21 08:36 53248 C:\WINDOWS\system32\VTTimer.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768] "SMSERIAL"="sm56hlpr.exe" [2006-02-28 04:37 544768 C:\WINDOWS\sm56hlpr.exe] "CPUTray"="C:\WINDOWS\system32\CPUTray.exe" [2005-05-13 18:46 212992] "farstone"="" [] "RestoreIT!"="C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.exe" [2005-02-03 21:18 118784] "Eval"="C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" [2005-02-19 18:39 1826816] "Guard"="C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" [2008-03-19 00:03 573440] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb05.exe" [2002-03-28 03:53 188416] "USSShReg"="C:\WINDOWS\system32\ussshreg.exe" [1997-02-24 00:47 19968] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-22 13:29 98304] "Ulead Photo Express Verificador de Calendario"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 20:40 69632] "Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2008-03-20 18:13 45056] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-09-25 01:37 1691648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193] Corel Family & Friends Reminders.LNK - C:\Program Files\Corel\Print House Magic\cffrem.exe [2006-10-22 09:58:47 670208] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 09:30:54 250368] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-03-24 08 59 593920][hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [2007-02-22 15:00 228392] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"= "C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"= "C:\\TeXmacs\\usr\\X11R6\\bin\\XWin.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2medi a.sys [2006-02-28 04:08] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.s ys [2006-02-28 04:08] R0 ptpd;Disk Filter Driver;C:\WINDOWS\system32\drivers\ptpd.sys [2005-02-11 12:25] R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.s ys [2004-05-18 16:43] R2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys [2004-12-06 16:43] R2 GbpSv;Gbp Service;C:\Program Files\GbPlugin\GbpSv.exe [2007-08-08 14:29] R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 01:27] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12] R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVc d.sys [2005-02-25 19:34] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm. sys [2007-07-23 06:54] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d820eb8-f51d-11db-b437-0013d376c112}] \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar] C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] "C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}] regsvr32 /s C:\VAIO\.\vshellext.dll . Contents of the 'Scheduled Tasks' folder "2008-03-28 18:18:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-03-28 18:20:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3D04995-2EE3-4A69-BDD3-103C9A452633}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 13:16:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-03-28 13:21:19 ComboFix-quarantined-files.txt 2008-03-28 18:21:17 ComboFix2.txt 2008-03-28 17:47:34 ComboFix3.txt 2008-03-28 00:47:38 ComboFix4.txt 2008-03-28 00:00:33 ComboFix5.txt 2008-03-27 23:14:16 . 2008-03-19 15:57:13 --- E O F --- \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ComboFix Cuarentena \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 1996-06-10 11:24 307200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cfx32.ocx. vir 2008-02-09 17:54 205 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lsprst7.dl l.vir 2008-02-09 17:54 73 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssprs.dll. vir 2008-03-19 15:23 8014 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ban_list.t xt.vir 2008-03-25 21:04 850 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA .reg.dat 2008-03-28 13:16 312 --a------ C:\Qoobox\Quarantine\catchme.log Debo instalar de nuevo SpyBot? Que debo hacer con los archivos de cuarentena del ComboFix? De nuevo gracias por la ayuda, Última edición por luzmara fecha: 31/03/08 a las 16:50:51. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| tengo unos problemas a ver quien me puede ayudar (Solucionado) | akira8223 | Temas Solucionados | 29 | 20/08/08 15:27:49 |
| csrss.exe , y sin panel de control | forsa | Foro Oficial de HijackThis en español | 5 | 05/05/08 22:30:05 |
| trojan generic9.wox como lo elimino? (Solucionado) | rictor13 | Temas Solucionados | 25 | 17/04/08 20:59:48 |
| Se me bloquea la pc en el arranque... (Solucionado) | vasco_990 | Temas Solucionados | 3 | 02/05/07 19:09:24 |
| cómo elimino PSW. x-Vir Trojan?? | perdida | Foro de Virus y Spywares | 10 | 11/03/07 12:06:30 |
Todas las horas son GMT -4. La hora es 05:12:30.
