Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

(puedes realizar el scan winpfind en modo normal)

Hola a todos

Entonces no te preocupes y hacelo en Modo Normal.

Salu2

De acuerdo pero no se puede arreglar? Es que quisiera arreglarlo por si lo necesito más adelante...

Lo primero es sacar los virus, después veremos como solucionarlo, aunque no es inprescindible...

Salu2

El DelPSGuard no dio ningun archivo infectado ni nada.

El Kaspersky online:
domingo, 28 de enero de 2007 16:24:56
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.0
Ultima actualización: 28/01/2007
Registros en la base antivirus: 247910
Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero
Objetivo a analizar Mi PC
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Estadísticas
Número de objeros analizados 165715
Virus encontrados 0
Objetos infectados 0 / 0
Objetos sospechosos 0
Duración del análisis 02:02:24

Bombre del objeto infectado Nombre del virus Última acción
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-01-28_Log.ALUSchedulerSvc.LiveUpdate Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FECE7F37.TMP Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked saltado
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_801894585_20709376_2077 6 Object is locked saltado
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_801894585_32440320_2065 9 Object is locked saltado
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBEB.tmp Object is locked saltado
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBEC.tmp Object is locked saltado
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{42CB8B6B-CD9F-40D0-BB54-2B01639228E5}.TmpSBE Object is locked saltado
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{D5AE106A-9ECF-4C92-90E8-757B46C86AE1}.TmpSBE Object is locked saltado
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked saltado
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\cer t8.db Object is locked saltado
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\his tory.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\key 3.db Object is locked saltado
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\sea rch.sqlite Object is locked saltado
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\url classifier2.sqlite Object is locked saltado
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\nachor90@hotmail.com\Shar ingMetadata\Logs\Dfsr00005.log Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\nachor90@hotmail.com\Shar ingMetadata\pending.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\nachor90@hotmail.com\Shar ingMetadata\Working\database_602F_B78_2FCB_F0B9\df sr.db Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\nachor90@hotmail.com\Shar ingMetadata\Working\database_602F_B78_2FCB_F0B9\fs r.log Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\nachor90@hotmail.com\Shar ingMetadata\Working\database_602F_B78_2FCB_F0B9\fs rtmp.log Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Messenger\nachor90@hotmail.com\Shar ingMetadata\Working\database_602F_B78_2FCB_F0B9\tm p.edb Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\nachor90@hotmail.com\real\members.stg Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\nachor90@hotmail.com\shadow\members.stg Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\Cac he\_CACHE_001_ Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\Cac he\_CACHE_002_ Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\Cac he\_CACHE_003_ Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9tbj2fet.default\Cac he\_CACHE_MAP_ Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007012820070 129\index.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF122B.tmp Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF12A4.tmp Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6BBA.tmp Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6E45.tmp Object is locked saltado
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked saltado
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked saltado
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked saltado
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked saltado
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked saltado
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked saltado
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked saltado
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{42D38146-0C94-413C-A4D8-447E5D170B03}.crmlog Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\IntelDH.evt Object is locked saltado
C:\WINDOWS\system32\config\Media Ce.evt Object is locked saltado
C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado
C:\WINDOWS\system32\config\OSession.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat Object is locked saltado
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
Análisis completado.

Y el del WinPFind no puedo ponerlo porque es muy grande... Que hago?

Hola NachoR

no suspechosos archivos segun Kaspersky

corta el reporte y pegalo en 2 (o 3) mensajes sucesivos

1ª parte

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 28/01/2007 11:39:54
WinPFind v1.5.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 16/01/2007 16:24:14 HS 22029 C:\WINDOWS\SYSTEM32\cbxwwwx.dll ()
aspack 18/03/2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 26/05/2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22/07/2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 05/12/2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 03/02/2006 8:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 31/03/2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 09/08/2004 22:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 26/01/2007 2:13:42 738906 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 26/01/2007 2:13:42 738906 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
UPX! 14/01/2007 20:50:28 HS 22029 C:\WINDOWS\SYSTEM32\efcayww.dll ()
UPX! 14/01/2007 23:11:02 HS 22029 C:\WINDOWS\SYSTEM32\fccayvw.dll ()
UPX! 15/01/2007 14:54:00 HS 22029 C:\WINDOWS\SYSTEM32\hggdeby.dll ()
PTech 12/12/2006 10:45:04 1474864 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 03/01/2007 0:19:44 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 03/01/2007 0:19:44 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 09/08/2004 22:00:00 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 10/08/2004 5:00:00 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 09/08/2004 22:00:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 09/08/2004 22:00:00 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
PEC2 03/11/2006 10:04:08 8287232 C:\WINDOWS\SYSTEM32\SET11C.tmp (Microsoft Corporation)
WSUD 03/11/2006 10:04:08 8287232 C:\WINDOWS\SYSTEM32\SET11C.tmp (Microsoft Corporation)
winsync 09/08/2004 22:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 03/11/2006 10:04:08 8287232 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 03/11/2006 10:04:08 8287232 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
UPX! 18/01/2007 21:31:02 HS 22029 C:\WINDOWS\SYSTEM32\yayvtrs.dll ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
28/01/2007 11:04:24 S 2048 C:\WINDOWS\bootstat.dat ()
08/12/2006 11:01:20 H 0 C:\WINDOWS\inf\oem117.inf ()
16/01/2007 16:24:14 HS 22029 C:\WINDOWS\system32\cbxwwwx.dll ()
14/01/2007 20:50:28 HS 22029 C:\WINDOWS\system32\efcayww.dll ()
14/01/2007 23:11:02 HS 22029 C:\WINDOWS\system32\fccayvw.dll ()
15/01/2007 14:54:00 HS 22029 C:\WINDOWS\system32\hggdeby.dll ()
14/01/2007 17:41:20 HS 452085 C:\WINDOWS\system32\kjllm.bak1 ()
18/01/2007 21:11:40 HS 452513 C:\WINDOWS\system32\kjllm.bak2 ()
14/01/2007 19:23:26 HS 466021 C:\WINDOWS\system32\kjllm.ini ()
18/01/2007 21:30:14 HS 450637 C:\WINDOWS\system32\kjllm.ini2 ()
14/01/2007 19:02:16 HS 466021 C:\WINDOWS\system32\kjllm.tmp ()
23/01/2007 18:55:36 HS 442897 C:\WINDOWS\system32\knnmp.bak1 ()
28/01/2007 11:06:40 HS 445442 C:\WINDOWS\system32\knnmp.bak2 ()
24/01/2007 0:09:08 HS 460658 C:\WINDOWS\system32\knnmp.ini ()
28/01/2007 11:45:22 HS 445830 C:\WINDOWS\system32\knnmp.ini2 ()
23/01/2007 22:32:52 HS 452045 C:\WINDOWS\system32\knnmp.tmp ()
23/01/2007 18:55:24 HS 277257 C:\WINDOWS\system32\pmnnk.dll ()
14/01/2007 17:35:32 HS 22029 C:\WINDOWS\system32\qomjkli.dll ()
18/01/2007 21:31:02 HS 22029 C:\WINDOWS\system32\yayvtrs.dll ()
19/12/2006 20:09:32 S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
28/01/2007 11:19:48 H 1024 C:\WINDOWS\system32\config\default.LOG ()
28/01/2007 11:04:38 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
28/01/2007 11:07:00 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
28/01/2007 11:39:50 H 1024 C:\WINDOWS\system32\config\software.LOG ()
28/01/2007 11:34:26 H 1024 C:\WINDOWS\system32\config\system.LOG ()
10/01/2007 18:19:42 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DA T.LOG ()
14/01/2007 17:56:04 S 341 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\303572DF53 8EDD8B1D606185F1D559B8 ()
14/01/2007 17:56:04 S 413 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\79841F8EF0 0FBA86D33CC5A47696F165 ()
14/01/2007 17:56:04 S 574 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\9045902384 00AD963F77FAAAADC9BAB5 ()
06/12/2006 20:37:18 S 1039 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E4 10D69E2C6F3E2DB75C7DB3 ()
14/01/2007 17:56:04 S 126 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\303572DF5 38EDD8B1D606185F1D559B8 ()
14/01/2007 17:56:04 S 98 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF 00FBA86D33CC5A47696F165 ()
14/01/2007 17:56:04 S 136 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\904590238 400AD963F77FAAAADC9BAB5 ()
06/12/2006 20:37:18 S 126 C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E 410D69E2C6F3E2DB75C7DB3 ()
19/01/2007 0:37:10 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\190e9e83-b60e-40c7-97fb-aae9c3b587c1 ()
19/01/2007 0:37:10 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
03/12/2006 15:56:54 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\129b5f7d-126f-4649-b564-3914139a7e14 ()
03/12/2006 15:56:54 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
28/01/2007 11:04:34 H 6 C:\WINDOWS\Tasks\SA.DAT ()
18/01/2007 21:31:08 HS 43 C:\WINDOWS\Temp\removalfile.bat ()

Checking for CPL files...
09/08/2004 22:00:00 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
21/09/2005 11:25:50 299008 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
09/08/2004 22:00:00 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
09/08/2004 22:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
09/08/2004 22:00:00 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
09/08/2004 22:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
09/08/2004 22:00:00 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
09/08/2004 22:00:00 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
09/08/2004 22:00:00 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
09/08/2004 22:00:00 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
27/07/2004 15:50:48 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
09/08/2004 22:00:00 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
09/11/2006 15:07:28 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
09/08/2004 22:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
09/08/2004 22:00:00 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
09/08/2004 22:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
09/08/2004 22:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
09/08/2004 22:00:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
13/02/2006 22:05:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
09/08/2004 22:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
09/08/2004 22:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
09/08/2004 22:00:00 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
10/01/2006 14:58:40 266240 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL (Realtek Semiconductor Corp.)
09/08/2004 22:00:00 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
09/08/2004 22:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
09/08/2004 22:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
09/08/2004 22:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 3:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
09/08/2004 22:00:00 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
09/08/2004 22:00:00 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
09/08/2004 22:00:00 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
09/08/2004 22:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
09/08/2004 22:00:00 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
09/08/2004 22:00:00 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
09/08/2004 22:00:00 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
09/08/2004 22:00:00 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
09/08/2004 22:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
09/08/2004 22:00:00 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
09/08/2004 22:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
09/08/2004 22:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
09/08/2004 22:00:00 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
09/08/2004 22:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
09/08/2004 22:00:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
09/08/2004 22:00:00 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
09/08/2004 22:00:00 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
09/08/2004 22:00:00 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
09/08/2004 22:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
09/08/2004 22:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
09/08/2004 22:00:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
09/08/2004 22:00:00 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://nachor.spaces.live.com//PhotoUpload/MsnPUpld.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
30/08/2005 22:02:10 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
30/08/2005 14:52:20 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
04/09/2006 9:46:40 2212 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
18/11/2006 15:00:20 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
30/08/2005 22:02:10 HS 84 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
30/08/2005 14:52:20 HS 62 C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini ()
12/11/2006 14:18:48 0 C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.forospyware.com/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.forospyware.com/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

peag la parte 2 (y 3, y 4... si existe) tambien

podemos ver muchos archivos del adware vundo

La 2ª parte no me la deja poner, no se porque :S

La 3ª es:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPwuSchd2
hkey HKLM
command C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPHUPD08
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hphupd08
hkey HKLM
command c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iaanotif
hkey HKLM
command C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LVCOMSX
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LVCOMSX
hkey HKLM
command C:\WINDOWS\system32\LVCOMSX.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /installquiet /keeploaded /nodetect
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RECGUARD
hkey HKLM
command C:\WINDOWS\SMINST\RECGUARD.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RTHDCPL
hkey HKLM
command RTHDCPL.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{59CD7310-98A4-48BF-BE77-C12032C98D31} - = C:\WINDOWS\system32\qomjkli.dll ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\mlljk - = ()
\pmnnk - C:\WINDOWS\system32\pmnnk.dll = ()
\qomjkli - qomjkli.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)

>>> DNS Name Servers <<<
{2FBB7C5A-9C53-4BC8-B56D-1E6DFF4BE2E5} - (Wireless LAN PCI 802.11 b/g adapter WN5301A)
{892900FC-9814-4488-99C0-81491C1EE93D} - (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{D7233305-2B48-42DB-81D9-A4D122AC4F2E} - 80.58.61.250,80.58.61.254 (Intel(R) PRO/100 VE Network Connection)
{F54E6059-F80D-48A2-8BB5-049EAB023D11} - (1394 Net Adapter)
{FF95601F-EFD4-4EBF-88E4-38BA913CE8FB} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\NameSpace_Catalog5\Catalog_ Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\Protocol_Catalog9\Catalog_E ntries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ok. Descarga VundoFix.exe en el escritorio de Windows y haz doble-click al archivo VundoFix.exe para activarlo.
[*] Marque la casilla "Run VundoFix as a task".
[*] Recibirá un mensaje que dice que el programa se cerrara y que abrira nuevamente en un minuto o menos. Déle ACEPTAR.
[*] Cuando VundoFix abre nuevamente, presione el botón "Scan for Vundo"
[*] Una vez que termina la exploración, presione el botón "Remove Vundo"
[*] Recibirá un mensaje preguntado si desea quitar los archivos y ponerle YES
[*] Una vez presionado YES su escritorio parpadeara en blanco ya que esta quitando el parasito.
[*] Cuando termina presionar en OK para reiniciar el equipo en modo normal.

Y pega el reporte de VundoFix q se situa en C:\Vundofix.txt