Hola a todos...
Soy nuevo aca, la verdad entre porq tengo un problemilla q creo q es comun por estos lados...
Creo q se me pego el spyware Vx2, he tratado de parar esas ventanillas q se me abren con propagandas como las q terminan en yyy34 y monos q se mueven...
He leido cuanto foro he encontrado pero como no soy muy conocedor de estas cosas, no he podido aun liberar este spy...estaría muy agradecido si me prestasen algo de ayuda...

Les envio mi log de HiJackThis y lo q me sale con el Vx2 finder...

Logfile of HijackThis v1.99.1
Scan saved at 18:17:54, on 24-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sistray.EXE
C:\Archivos de programa\DU Meter\DUMeter.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documentos\HiJackThis\HijackThis_1.99.1.exe
C:\WINDOWS\explorer.exe
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Archivos de programa\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_38.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\kt02l7do1.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\smc.exe

____________________________________________________________________


Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
WebCheck


Guardian Key--- is called:

Guardian Key--- :

User Agent String---
{39F92335-898C-654E-CE59-4A2AB26DA83E}

Muchas gracias!!!!!!!!

Baja este programa :
http://www.sysinternals.com/Files/ProcessExplorerNt.zip

Y este :
http://www.atribune.org/downloads/KillBox.exe

Baja el Ewido :
Bajar ewido security suite:
http://www.ewido.net/en/download/
Actualizarlo acá :
http://www.ewido.net/en/download/updates/

configurarlo así:

• Durante la instalacion Abajo donde dice "Additional Options" Desmarca las casillas de "Install background guard" y "Install scan via context menu".
• Lanza o abre Ewido, Dandole doble click a una gran E que aparecera en tu escritorio
• El programa te preguntara algo sobre las actualizaciones. Click en OK
• El programa te mandara a la pantalla principal.
Tu vas a tener que actualizar las definiciones a la ultima version
• En el lado derecho de la pantalla principal da click en update
• Da click en Start
El proceso se va iniciar y seas informado mediante una barra de progreso.

Una vez las actualizaciones hayan sido instaladas haz lo siguiente:
• Reinicia en el modo seguro. Puedes hacer esto reiniciando tu PC, Y pulsando muchas veces la tela F8 hasta que un menu aparezca. Dirijete con la flecha hacia arriba para seleccionar el modo seguro. Dale enter. Cuando ya se inicie abre el ewido.
• Clickea en el scaner
• Antes de escanear verifica que las siguientes casillas de verificacion esten marcadas:
o Binder
o Crypter
o Archives
• Clickea en start scan
• Deja que el programa analize tu PC
Durante el progreso se te preguntara sobre desinfectar archivos clickea en OK

Una vez que el escaneo haya terminado, hay un boton localizado en la parte baja de la pantallla que dice save report
• Clickea en save report
• Guarda tu reporte en el escritorio
Por ahora no lo uses

Baja este programa :
http://www.downloads.subratam.org/l2mfix.exe

Guárdalo en tu escritorio.
Haz doble click en l2mfix.exe
Instálalo siguiendo las instrucciones y al aparecer este archivo : “ l2mfix “haz doble clic en : “l2mfix.bat” y elige la opción “#1” para correr “find log” poniendo 1
Y dándole Enter
Tardará unos minutos y luego se abrirá el Notepad y te dará un log que tendrás que copiar y pegar como respuesta a este post.
Es importante no darle a la opción “#2” o a otra a no ser que te lo diga en mi próximo post.

Salu2
Caito

Gracias por la ayuda, Caito!!

Aqui van los logs q me dijiste q pusiera... los saque los 2 en el modo seguro...
El del ewido, no pude encontrar esos botones de
Binder
Crypter
Archives

Si esta malo me puedes decir q hacer nuevamente?? Te lo agradeceria mucho!!

PD: Por si acaso va tambien mi log del Vx2 finder...



---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------

+ Creado en: 7:08:25, 25-10-2005
+ Report-Checksum: B512A60F

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll\\.Owner -> Spyware.WinFavorites : Limpio con backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Limpio con backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AdmilliServX.dll\\.Owner -> Spyware.WinFavorites : Limpio con backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AdmilliServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Limpio con backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe\\.Owner -> Spyware.MarketScore : Limpio con backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe\\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} -> Spyware.MarketScore : Limpio con backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Limpio con backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} -> Spyware.eXact : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} -> Spyware.MarketScore : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} -> Spyware.XXXToolbar : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53CBEE82-D747-11D3-9ED0-005004189684} -> Spyware.UCmore : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC327B3F-377B-4CB7-8B61-27CD69816BC3} -> Spyware.SaveNow : Limpio con backup
HKU\S-1-5-21-3726202556-128491539-2593594812-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF521631-31DA-48AC-B4E9-390A7694C906} -> Dialer.Generic : Limpio con backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Error durante limpieza
[648] C:\WINDOWS\system32\imetpp.dll -> Spyware.Look2Me : Error durante limpieza
[712] C:\WINDOWS\system32\lvnkinfo.dll -> Spyware.Look2Me : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\4TQB2709\drsmartload[1].exe -> Spyware.SmartLoad : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\89SBUDEF\ysbinstall_1003585[1].exe -> TrojanDownloader.IstBar.is : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\CZQZIT2H\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\CZQZIT2H\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\H3RBHLKE\installer[1].exe -> Spyware.Look2Me : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\H3RBHLKE\mte3ndi6odoxng[1].exe -> Spyware.ISearch : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Archivos temporales de Internet\Content.IE5\O5UJW1I3\msresearch[1].exe -> Spyware.Hijacker.Generic : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Temp\Cookies\usuario@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Temp\Cookies\usuario@com[2].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Temp\Cookies\usuario@paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\usuario\Configuración local\Temp\Cookies\usuario@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@112.2o7[2].txt -> Spyware.Cookie.2o7 : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@ads34.bpath[1].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@ads44.bpath[1].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@burstnet[1].txt -> Spyware.Cookie.Burstnet : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@com[1].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@paypopup[2].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@search.com[1].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\usuario\Cookies\usuario@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Limpio con backup
C:\Documents and Settings\usuario\Escritorio\eicar.com -> Not-A-Virus.Eicar.TestFile : Limpio con backup
C:\Documents and Settings\Vale\Configuración local\Temp\Cookies\vale@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@ads23.bpath[1].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@burstnet[1].txt -> Spyware.Cookie.Burstnet : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@com[1].txt -> Spyware.Cookie.Com : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@e-2dj6wjny-1idjch.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@germany.bpath[1].txt -> Spyware.Cookie.Bpath : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\Documents and Settings\Vale\Cookies\vale@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Limpio con backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar : Limpio con backup
C:\WINDOWS\msresearch.exe -> Spyware.Hijacker.Generic : Limpio con backup
C:\WINDOWS\system32\aasmsext.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\bvicore.dll -> Spyware.MediaBack : Limpio con backup
C:\WINDOWS\system32\EGDACCESS_1055.dll -> Dialer.Generic : Limpio con backup
C:\WINDOWS\system32\en68l1ju1.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\irl0l53m1.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\kedsl.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\khdaze.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\lvnkinfo.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\mmratelc.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\nvscvr32.exe -> Spyware.Hijacker.Generic : Limpio con backup
C:\WINDOWS\system32\ofcache.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\pxh.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\spdwnw32.exe -> Spyware.Hijacker.Generic : Limpio con backup
C:\WINDOWS\system32\uhnphost.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\system32\whidx.dll -> Spyware.Look2Me : Limpio con backup
C:\WINDOWS\Temp\Cookies\usuario@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\WINDOWS\Temp\Cookies\vale@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup


::Fin Report

____________________________________________________________________


L2MFIX find log 1.04a
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\imetpp.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{3881F52C-3221-AC00-EDA9-253899FA31C9}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C maras y esc neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C maras y esc neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C maras y esc neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C maras y esc neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C maras y esc neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del  rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Carpetas Web"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{7A0D0513-F007-4D9A-BFB7-7169BBE67E19}"=""
"{3ACD71F6-08F9-46D0-874A-F8D906B91F5E}"=""
"{A52B2F84-46DB-499B-A681-71319CD44D28}"=""
"{87B784F9-C3C3-42F4-A690-5993D493B6DD}"=""
"{F1CF1945-C806-4F02-AC2C-4D2A0D11FBE7}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7A0D0513-F007-4D9A-BFB7-7169BBE67E19}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A0D0513-F007-4D9A-BFB7-7169BBE67E19}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A0D0513-F007-4D9A-BFB7-7169BBE67E19}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7A0D0513-F007-4D9A-BFB7-7169BBE67E19}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3ACD71F6-08F9-46D0-874A-F8D906B91F5E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ACD71F6-08F9-46D0-874A-F8D906B91F5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ACD71F6-08F9-46D0-874A-F8D906B91F5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3ACD71F6-08F9-46D0-874A-F8D906B91F5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\NATVideoCompose.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A52B2F84-46DB-499B-A681-71319CD44D28}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A52B2F84-46DB-499B-A681-71319CD44D28}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A52B2F84-46DB-499B-A681-71319CD44D28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A52B2F84-46DB-499B-A681-71319CD44D28}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmratelc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{87B784F9-C3C3-42F4-A690-5993D493B6DD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87B784F9-C3C3-42F4-A690-5993D493B6DD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87B784F9-C3C3-42F4-A690-5993D493B6DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87B784F9-C3C3-42F4-A690-5993D493B6DD}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdaze.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F1CF1945-C806-4F02-AC2C-4D2A0D11FBE7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1CF1945-C806-4F02-AC2C-4D2A0D11FBE7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1CF1945-C806-4F02-AC2C-4D2A0D11FBE7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1CF1945-C806-4F02-AC2C-4D2A0D11FBE7}\InprocServer32]
@="C:\\WINDOWS\\system32\\uhnphost.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Fri 2 Sep 2005 21:06:12 A.... 1.020.416 996,50 K
cdfview.dll Fri 2 Sep 2005 21:06:12 A.... 151.552 148,00 K
cdosys.dll Fri 9 Sep 2005 22:55:12 A.... 2.067.968 1,97 M
danim.dll Fri 2 Sep 2005 21:06:14 A.... 1.055.744 1,00 M
dxtrans.dll Fri 2 Sep 2005 21:06:14 A.... 205.312 200,50 K
e602lg~1.dll Tue 25 Oct 2005 19:41:46 ..S.R 233.851 228,37 K
extmgr.dll Fri 2 Sep 2005 21:06:14 ..... 55.808 54,50 K
haspvdd.dll Thu 22 Sep 2005 20:04:54 A.... 6.656 6,50 K
iepeers.dll Fri 2 Sep 2005 21:06:14 A.... 251.392 245,50 K
imetpp.dll Tue 25 Oct 2005 0:03:54 ..S.R 236.547 231,00 K
inseng.dll Fri 2 Sep 2005 21:06:14 A.... 96.768 94,50 K
linkinfo.dll Wed 31 Aug 2005 22:43:36 A.... 19.968 19,50 K
mshtml.dll Tue 4 Oct 2005 17:27:26 A.... 3.013.120 2,87 M
mshtmled.dll Fri 2 Sep 2005 21:06:14 A.... 448.512 438,00 K
msrating.dll Fri 2 Sep 2005 21:06:14 A.... 146.432 143,00 K
mstime.dll Fri 2 Sep 2005 21:06:14 A.... 530.432 518,00 K
natvid~1.dll Tue 25 Oct 2005 19:41:46 ..S.R 236.547 231,00 K
netman.dll Mon 22 Aug 2005 15:34:58 A.... 197.632 193,00 K
pngfilt.dll Fri 2 Sep 2005 21:06:14 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 0:55:42 A.... 1.293.312 1,23 M
shdocvw.dll Fri 2 Sep 2005 21:06:14 A.... 1.484.288 1,41 M
shell32.dll Fri 23 Sep 2005 0:06:56 A.... 8.492.544 8,10 M
shlwapi.dll Fri 2 Sep 2005 21:06:14 A.... 474.112 463,00 K
sirenacm.dll Sat 13 Aug 2005 22:41:12 A.... 118.784 116,00 K
umpnpmgr.dll Tue 23 Aug 2005 0:39:10 A.... 124.416 121,50 K
urlmon.dll Fri 2 Sep 2005 21:06:14 A.... 604.672 590,50 K
wininet.dll Fri 2 Sep 2005 21:06:14 A.... 660.992 645,50 K
winsrv.dll Wed 31 Aug 2005 22:43:38 A.... 292.352 285,50 K

28 items found: 28 files (3 H/S), 0 directories.
Total of file sizes: 23.559.553 bytes 22,46 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Tue 25 Oct 2005 19:41:54 A.... 234.262 228,77 K

1 item found: 1 file, 0 directories.
Total of file sizes: 234.262 bytes 228,77 K
********************************************************************************
**
Directory Listing of system files:
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 00F5-2055

Directorio de C:\WINDOWS\System32

25-10-2005 19:41 236.547 NATVideoCompose.dll
25-10-2005 19:41 233.851 e602lgdo160c.dll
25-10-2005 00:03 236.547 imetpp.dll
18-10-2005 23:29 <DIR> dllcache
07-08-2005 23:59 10.856 KGyGaAvL.sys
04-01-2005 13:33 56 A9A63149B3.sys
21-01-2004 18:33 <DIR> Microsoft
5 archivos 717.857 bytes
2 dirs 9.177.006.080 bytes libres

____________________________________________________________________


Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
Shell Extensions


Guardian Key--- is called:
Asynchronous 000
DllName
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Shutdown WinShutdown

Guardian Key--- :

User Agent String---
{39F92335-898C-654E-CE59-4A2AB26DA83E}




GRACIAS!!!!!!!

Se me olvido ponerte el log de HiJackThis, por si lo necesitabas....

Logfile of HijackThis v1.99.1
Scan saved at 20:01:00, on 25-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Archivos de programa\DU Meter\DUMeter.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\usuario\Escritorio\HiJackThis\HijackThis_1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Archivos de programa\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_38.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\e602lgdo160c.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\smc.exe

Grax!!

Ahora vuelve a ejecutar el l2mfix y haz doble click en l2mfix.bat y selecciona la opción “#2” para que corra el Fix tecleando “2” y Enter, luego pulsa cualquier letra para reiniciar la pc. Al reiniciar los íconos del escritorio aparecerán y desaparecerán lo que es normal y luego el notepad aparecerá con el log que tendrás que copiar y pegar como respuesta a este post, si no te aparece el log ve a la carpeta del programa y haz click en Second.bat y ahí te va a aparecer el reporte.
Es importante no ejecutar ninguna opción del programa a menos que te lo diga.

Ejecuta el ewido y luego el hijack (pon los log de los 3 programas )
Salu2
Caito

Gracias Caito por tu ayuda!!

Ojala q sirva todo esto...pero creo q sip!!!

Aqui van los logs....


L2Mfix 1.04a

Running From:
C:\Documents and Settings\usuario\Escritorio\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set todo:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administradores
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

Setting Directory
C:\Documents and Settings\usuario\Escritorio\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\usuario\Escritorio\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1344 'explorer.exe'
Killing PID 1344 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
No se encuentra el archivo: C:\WINDOWS\system32\apvpack.dll
No se encuentra el archivo: C:\WINDOWS\system32\l22slcf71f2.dll
No se encuentra el archivo: C:\WINDOWS\system32\qcgr.dll
Backing Up: C:\WINDOWS\system32\apvpack.dll
El sistema no puede hallar el archivo especificado.
Backing Up: C:\WINDOWS\system32\l22slcf71f2.dll
El sistema no puede hallar el archivo especificado.
Backing Up: C:\WINDOWS\system32\qcgr.dll
El sistema no puede hallar el archivo especificado.
deleting: C:\WINDOWS\system32\apvpack.dll
Successfully Deleted: C:\WINDOWS\system32\apvpack.dll
deleting: C:\WINDOWS\system32\l22slcf71f2.dll
Successfully Deleted: C:\WINDOWS\system32\l22slcf71f2.dll
deleting: C:\WINDOWS\system32\qcgr.dll
Successfully Deleted: C:\WINDOWS\system32\qcgr.dll


Zipping up files for submission:
updating: apvpack.dll (140 bytes security) (deflated 5%)
updating: l22slcf71f2.dll (140 bytes security) (deflated 4%)
updating: qcgr.dll (140 bytes security) (deflated 5%)
updating: clear.reg (140 bytes security) (deflated 2%)
updating: echo.reg (140 bytes security) (deflated 12%)
adding: cleanup.reg (140 bytes security) (deflated 45%)
updating: direct.txt (140 bytes security) (deflated 2%)
updating: lo2.txt (140 bytes security) (deflated 75%)
updating: readme.txt (140 bytes security) (deflated 52%)
updating: report.txt (140 bytes security) (deflated 64%)
updating: test.txt (140 bytes security) (stored 0%)
updating: test2.txt (140 bytes security) (stored 0%)
updating: test3.txt (140 bytes security) (stored 0%)
updating: test5.txt (140 bytes security) (stored 0%)
updating: xfind.txt (140 bytes security) (deflated 44%)
updating: backregs/3ACD71F6-08F9-46D0-874A-F8D906B91F5E.reg (140 bytes security) (deflated 70%)
updating: backregs/7A0D0513-F007-4D9A-BFB7-7169BBE67E19.reg (140 bytes security) (deflated 70%)
updating: backregs/87B784F9-C3C3-42F4-A690-5993D493B6DD.reg (140 bytes security) (deflated 70%)
updating: backregs/A52B2F84-46DB-499B-A681-71319CD44D28.reg (140 bytes security) (deflated 70%)
updating: backregs/F1CF1945-C806-4F02-AC2C-4D2A0D11FBE7.reg (140 bytes security) (deflated 70%)
updating: backregs/notibac.reg (140 bytes security) (deflated 87%)
updating: backregs/shell.reg (140 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rga:(ci)) - There is no ACE to remove!


Registry permissions set todo:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:

deleting local copy: apvpack.dll
deleting local copy: l22slcf71f2.dll
deleting local copy: qcgr.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\apvpack.dll
C:\WINDOWS\system32\l22slcf71f2.dll
C:\WINDOWS\system32\qcgr.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************




____________________________________________________________________



---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------

+ Creado en: 18:51:17, 26-10-2005
+ Report-Checksum: 25ACBB45

+ Scan result:

C:\Documents and Settings\usuario\Configuración local\Temp\Cookies\usuario@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
C:\Documents and Settings\usuario\Escritorio\l2mfix\backup.zip/apvpack.dll -> Spyware.Look2Me : Limpio con backup
C:\Documents and Settings\usuario\Escritorio\l2mfix\backup.zip/l22slcf71f2.dll -> Spyware.Look2Me : Limpio con backup
C:\Documents and Settings\usuario\Escritorio\l2mfix\backup.zip/qcgr.dll -> Spyware.Look2Me : Limpio con backup


::Fin Report


____________________________________________________________________



Logfile of HijackThis v1.99.1
Scan saved at 18:52:27, on 26-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\usuario\Escritorio\HiJackThis\HijackThis_1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Archivos de programa\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_38.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\smc.exe






Si se fue, te juro q te pongo un altar!!!

Empieza a construirlo
Lo veo limpio

Limpia con este programa archivos innecesarios :
Disk Cleaner para borrar:
Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc.
disk cleaner
http://www.trucoswindows.net/downloadview-details-110-Disk_Cleaner_1.5.5.html

Limpiar el Registro:
http://www.hoverdesk.net/dl/en/RegSeeker.zip
Cómo funciona ?
salu2
Caito

Te pasaste Caito...

MUCHAS GRACIAS!!!

Ten por seguro q si tengo algun otro problema me volvere a pasar por aca...jejej...

Bueno mejor prefiero que pases a saludar no más
Cerramos este tema
Salu2
Caito