Navipromo Removal version 3.6.0 started on 01/07/2008 at 22:09:06,61

Fix running from C:\Program Files\navilog1
Actual User Account : "Leiretxu"

Updated on 27.06.2008 at 23h00 by IL-MAFIOSO


Microsoft Windows XP [Versi¢n 5.1.2600]
Internet Explorer : 7.0.5730.13
Filesystem type : FAT32

Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Documents and Settings\Leiretxu\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\LEIRE\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\ANDONI~1.YOU\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\ares\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\LEIRE_2\locals~1\applic~1" *


* Deletion in "C:\DOCUME~1\ARES~1.YOU\locals~1\applic~1" *



*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Program Files" ***


*** Deleting folders in "c:\docume~1\alluse~1\applic~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\startm~1\programs" ***


*** Deleting folders in "C:\Documents and Settings\Leiretxu\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\LEIRE\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ANDONI\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ANDONI~1.YOU\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ANDONI~1.000\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\LEIRE_2\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ARES~1.YOU\applic~1" ***


*** Deleting folders in "C:\Documents and Settings\Leiretxu\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\LEIRE\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ANDONI~1.YOU\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ares\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\LEIRE_2\locals~1\applic~1" ***


*** Deleting folders in "C:\DOCUME~1\ARES~1.YOU\locals~1\applic~1" ***


*** Deleting folders in "C:\Documents and Settings\Leiretxu\startm~1\programs" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Deleting folders in "C:\DOCUME~1\LEIRE_2\startm~1\programs" ***


*** Deleting folders in "C:\DOCUME~1\ARES~1.YOU\startm~1\programs" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\Leiretxu\locals~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


* In "C:\Documents and Settings\Leiretxu\locals~1\applic~1" *


* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


* In "C:\DOCUME~1\LEIRE\locals~1\applic~1" *


* In "C:\DOCUME~1\ANDONI~1.YOU\locals~1\applic~1" *


* In "C:\DOCUME~1\ares\locals~1\applic~1" *


* In "C:\DOCUME~1\LEIRE_2\locals~1\applic~1" *

dwhdcoyxzf.dat found !
Copy dwhdcoyxzf.dat done !
dwhdcoyxzf.dat deleted !

dwhdcoyxzf_nav.dat found !
Copy dwhdcoyxzf_nav.dat done !
dwhdcoyxzf_nav.dat deleted !

dwhdcoyxzf_navps.dat found !
Copy dwhdcoyxzf_navps.dat done !
dwhdcoyxzf_navps.dat deleted !


* In "C:\DOCUME~1\ARES~1.YOU\locals~1\applic~1" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Cleaning stage complete on 01/07/2008 at 22:19:35,14 ***



acabo de hacer lo del navilog1, aun me falta lo demas, pero todavia sigue sin dejarme analiozarlo con el panda.

Ya he hecho todo deja.. aun siguen las ventanas.. :S

Realiza lo siguiente:

• Descarga el SilentRunner (dale click con el boton derecho del ratón al enlace y luego en Guardar enlace cómo, Save as o Save Link as....)
  1. Ejecuta el script, al hacerlo, te hará unas preguntas, en dichas preguntas contesta 'No' y 'Si' (en ese orden)....
     
  2. Luego, deberás esperar (aunque parezca que no hace nada) a que te aparezca un mensaje con el botón OK.
     
  3. En la misma carpeta que ejecutes el script aparecerá un archivo llamado Reporte el cual deberás colocarlo aquí (si lo abres o envías antes de ver el mensaje con el botón Ok, no estará completo)
  
  
  Se paciente hasta que finalice el proceso

cuando intento abrirlo, me sale una ventana en la que pone script bloqueado! y solo me da las opciones de cerrar o ayuda.. que hago para abrirlo?

Hola.

Desactiva la proteccion residente del antivirus.

Luego realiza lo indicado sin saltarte ningun paso; para mayor comodidad imprime las indicaciones.

Saludos.

y como la desactivo? lo siento.. pero esuqe para estas cosas soy muy lenta.. gracias.

Hola.

Dale un clic con el boton derecho del raton (mouse) al icono del antivirus, que se encuentra junto al reloj y busca alguna opcion que permita desactivar la proteccion de este.

Saludos.

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" ["Google Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"bash junk" = "C:\DOCUME~1\Leiretxu\APPLIC~1\PILEAC~1\bikeamen.e xe" [null data]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]
"OPSE reminder" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\EregSpa\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregSpa\ereg.ini"" ["ScanSoft, Inc."]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"VX1000" = "C:\WINDOWS\vVX1000.exe" [MS]
"LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS]
"mpeg heck log link" = "C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Body for.exe" [null data]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Aplicación auxiliar de inicio de sesión"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {HKLM...CLSID} = "KodakShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProv iders\
<<!>> ("" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> avldr\DLLName = "avldr.dll" ["Panda Software"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.scr\(Default) = "scrfile"
<<!>> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\( Default) = ""%1" %*" [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Leiretxu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\AutoplayHandlers\Handlers\

CanonMPN200PictureOnArrival\
"Provider" = "MP Navigator Ver2.0"
"InvokeProgID" = "MPNavigator200.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\MPNavigator200.AutoplayHandl er\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /AUTOPLAY %1" ["CANON INC."]

DVDDecrypterPlayDVDMovieOnArrival\
"Provider" = "DVD Decrypter"
"InvokeProgID" = "DVDDecrypter"
"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMo vieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

EHomeMusicDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDr opTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}"
-> {HKLM...CLSID} = "EHomeMusicDropTarget Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomePhotosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosH andler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}"
-> {HKLM...CLSID} = "EHomePhotosHandler Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideoDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDr opTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}"
-> {HKLM...CLSID} = "EHomeVideoDropTarget Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosH andler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}"
-> {HKLM...CLSID} = "EHomeVideosHandler Class"
\InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

MSVideoCameraArrival\
"Provider" = "@C:\Program Files\Movie Maker\3082\wmm2res.dll,-100"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Movie Maker\moviemk.exe" /RECORD"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExe cute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleC DBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDA udioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleC DBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart "
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleC DBurningOnArrival_LaunchNeroStartSmart\command\(De fault) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\C ommand\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PTSOnArrivalHandler\
"Provider" = "Software Kodak EasyShare"
"InvokeProgID" = "Ptswia.WiaEvents.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\shell\ope n\DropTarget\CLSID = "{66A41C80-C64A-45A9-8BC9-0D58DE47C007}"
-> {HKLM...CLSID} = "WiaEvents Class"
\LocalServer32\(Default) = "C:\PROGRA~1\Kodak\KODAKE~1\bin\ptswia.exe" [empty string]


Startup items in "Leiretxu" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"Software Kodak EasyShare" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data]


Enabled Scheduled Tasks:
------------------------

"AE7CD75E918B45A2" -> launches: "c:\docume~1\andoni~1.000\applic~1\pileac~1\infowa vethird.exe" [null data]
"AA156BE6918AEA82" -> launches: "c:\docume~1\ares~1.you\applic~1\pileac~1\infowave third.exe" [null data]
"B789BFFB918E28D3" -> launches: "c:\docume~1\leiretxu\applic~1\pileac~1\infowaveth ird.exe" [null data]
"B58CFBE6918B672E" -> launches: "c:\docume~1\leire_2\applic~1\pileac~1\infowavethi rd.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
c:\program files\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
MSCamSvc, MSCamSvc, ""C:\Program Files\Microsoft LifeCam\MSCamS32.exe"" [MS]
Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"]
Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe"" ["Panda Software"]
Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
Canon BJ Language Monitor MP150\Driver = "CNMLM7K.DLL" ["CANON INC."]


---------- (launch time: 2008-07-17 11:18:23)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 113 seconds.
---------- (total run time: 186 seconds)

Realiza lo siguiente:

• Descargate OTMoveIt2 by OldTimer lo guardas en el Escritorio.
  • Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
  • Asegurate que este marcado "Unregister Dll's and Ocx's".
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste Standar List of Files / Folders to be moved.
  Código HTML:

  C:\DOCUME~1\Leiretxu\APPLIC~1\PILEAC~1\bikeamen.exe
  C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Body for.exe
  c:\docume~1\andoni~1.000\applic~1\pileac~1\infowavethird.exe
  c:\docume~1\ares~1.you\applic~1\pileac~1\infowavethird.exe.
  c:\docume~1\leiretxu\applic~1\pileac~1\infowavethird.exe
  c:\docume~1\leire_2\applic~1\pileac~1\infowavethird.exe
  C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
  

  • Haz clic en MoveIt! Para lanzar la supresión.
  • Cuando el resultado aparece en el marco Results, haz clic en Exit.
  • Reinicia el PC (Este paso es muy importante)
  • Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles.
  
  
• Descarga y ejecuta: Advanced Windows care.

*Nota*
- Pega el reporte de OTMoveIt2, luego borra: C:\_OtMoveIt.
- Recuerda regresar y comentar los resultados.

Salu2!.

C:\DOCUME~1\Leiretxu\APPLIC~1\PILEAC~1\bikeamen.ex e moved successfully.
C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\Body for.exe moved successfully.
c:\docume~1\andoni~1.000\applic~1\pileac~1\infowav ethird.exe moved successfully.
c:\docume~1\ares~1.you\applic~1\pileac~1\infowavet hird.exe. moved successfully.
c:\docume~1\leiretxu\applic~1\pileac~1\infowavethi rd.exe moved successfully.
c:\docume~1\leire_2\applic~1\pileac~1\infowavethir d.exe moved successfully.
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll unregistered successfully.
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07182008_215026


al darle al boton de reiniciar se a apagado derrepente el ordenador. Ahora de momento aun no me a salido ninguna ventana emergente de esas, pero acabo de reiniciar hace poco.. esperemos que no salgan mas. Aun me falta hacer el segundo paso, que lo voy a hacer ahora. Si vuelve a aparecer alguna de esas ventanas ya avisare!