Hola a todos, les comento, termine de formatear el ordenador y al conectarme a internet me entro el virus blaster, baje el parche y lo ejecute, pero el ordenador aveces se queda pillado y me sale una ventana con un error que no se pudo ejecutar tal archivo y ahi mismo salen unos signos muy raros.

Aqui el logo :

Logfile of HijackThis v1.99.1
Scan saved at 22:48:13, on 15/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rwnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\modlb.exe
C:\WINDOWS\system32\pnpsp2fix.exe
C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\system32\wstime.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis[www.trucoswindows.net].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\ssqpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C4BD05D-05A9-4E50-BE7A-BF49F4D6892E}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\SYSTEM32\ssqpp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Mod Libary (modlb) - Unknown owner - C:\WINDOWS\modlb.exe
O23 - Service: Plug-n-Play SP2 Fix (sp2pnpfix) - Unknown owner - C:\WINDOWS\system32\pnpsp2fix.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: Windows Time Sync (wservertime) - Unknown owner - C:\WINDOWS\system32\wstime.exe

Saludos.

Estas lleno de basura, mientras no actualizes tu sist. oper. te seguirás infectando.
Haz esto:
Baja este programa:
disk cleaner

http://www.trucoswindows.net/downloadview-details-110-Disk_Cleaner_1.5.5.html

Y el AdAware Se 1.06 :

http://www.trucoswindows.net/detalles-59-a...rsonal_106.html
Actualízalo al 09/11/05

Bajar ewido security suite:

http://www.ewido.net/en/download/

Actualizarlo acá:

http://www.ewido.net/en/download/updates/

Configurarlo así:

• Durante la instalacion Abajo donde dice "Additional Options" Desmarca las casillas de "Install background guard" y "Install scan via context menu".
• Lanza o abre Ewido, Dandole doble click a una gran E que aparecera en tu escritorio
• El programa te preguntara algo sobre las actualizaciones. Click en OK
• El programa te mandara a la pantalla principal.
Tu vas a tener que actualizar las definiciones a la ultima version
• En el lado derecho de la pantalla principal da click en update
• Da click en Start
El proceso se va iniciar y seas informado mediante una barra de progreso.

Una vez las actualizaciones hayan sido instaladas haz lo siguiente:
• Reinicia en el modo seguro. Puedes hacer esto reiniciando tu PC, Y pulsando muchas veces la tela F8 hasta que un menu aparezca. Dirijete con la flecha hacia arriba para seleccionar el modo seguro. Dale enter. Cuando ya se inicie abre el ewido.
• Clickea en el scaner
• Antes de escanear verifica que las siguientes casillas de verificacion esten marcadas:
o Binder
o Crypter
o Archives
• Clickea en start scan
• Deja que el programa analize tu PC
Durante el progreso se te preguntara sobre desinfectar archivos clickea en OK

Una vez que el escaneo haya terminado, hay un boton localizado en la parte baja de la pantallla que dice save report
• Clickea en save report
• Guarda tu reporte en el escritorio

Haz tambien un scan on line :

Antivirus on line:
http://www.trucoswindows.net/antivirus-online.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/products/acti...n_principal.htm
http://www.avast.com/eng/down_cleaner.html
http://www.kaspersky.com/beta?product=161744315
http://www.bitdefender.com/scan8/
http://www.ravantivirus.com/scan/
http://www.windowsecurity.com/trojanscan/

Limpia y pon un nuevo log del Hijack
Salu2
Caito

Hola,segui tus pasos aqui te dejo el logo, ya que sigue igual que antes, el logo :

Logfile of HijackThis v1.99.1
Scan saved at 0:23:45, on 18/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\lssas.exe
C:\windows\adtech2005.exe
C:\windows\mrjj.exe
C:\WINDOWS\System32\sys64mnger.exe
C:\WINDOWS\System32\ctfmon.exe
C:\ARCHIV~1\ARCHIV~1\mwmm\mwmmm.exe
C:\Archivos de programa\oara\mlsn.exe
C:\Documents and Settings\Pub_abraxas\Internet Optimizer\optimize.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\modlb.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
c:\spupdate27.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\sstqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [ZaPRK^TWmwq[IHa[T] C:\WINDOWS\System32\stwduni.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKLM\..\Run: [sqoupgtroJzir] C:\WINDOWS\System32\dhpppznvyk.exe
O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Documents and Settings\Pub_abraxas\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sysmngr32] sys64mnger.exe
O4 - HKLM\..\Run: [orpm] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [ZaPRK^TWmwq[IHa[T] C:\WINDOWS\System32\stwduni.exe
O4 - HKLM\..\RunServices: [sqoupgtroJzir] C:\WINDOWS\System32\dhpppznvyk.exe
O4 - HKLM\..\RunServices: [sysmngr32] sys64mnger.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mwmm] C:\ARCHIV~1\ARCHIV~1\mwmm\mwmmm.exe
O4 - HKCU\..\Run: [Oate] "C:\Archivos de programa\oara\mlsn.exe" -vt mt
O4 - HKCU\..\Run: [sysmngr32] sys64mnger.exe
O4 - HKCU\..\RunServices: [sysmngr32] sys64mnger.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterex...artload114a.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=4814
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E3750EB-EDF2-49F5-A6DE-7E8562B38E0F}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\dn8m01l1e.dll
O20 - Winlogon Notify: sstqn - C:\WINDOWS\SYSTEM32\sstqn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWJyYXhhcw\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: Mod Libary (modlb) - Unknown owner - C:\WINDOWS\modlb.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)

La antes de formatear actualize el sistema y me quede sin internet , ahora si actualizo me pasara lo mismo?

Saludos y gracias por ayudarme.

Antes tienes que limpiar
Pasaste el AdAware Se, el Ewido y algun antivirus on line ?
Hazlo
Salu2
Caito

Hola, he exo todo lo que me has indicado, y tambien actualize el equipo, pero al meter el sp2 no me deja , y no tengo el windows original.

Bueno aqui el logo :

Logfile of HijackThis v1.99.1
Scan saved at 11:17:26, on 19/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\modlb.exe
C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis[www.trucoswindows.net].exe

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132358435998
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E3750EB-EDF2-49F5-A6DE-7E8562B38E0F}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\hr2205foe.dll
O20 - Winlogon Notify: sstqn - C:\WINDOWS\SYSTEM32\sstqn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mod Libary (modlb) - Unknown owner - C:\WINDOWS\modlb.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)

Saludos y gracias.

Baja este programa :
http://www.atribune.org/downloads/l2mfix.exe
Guárdalo en tu escritorio.
Haz doble click en l2mfix.exe
Instálalo siguiendo las instrucciones y al aparecer este archivo : “ l2mfix “haz doble clic en : “l2mfix.bat” y elige la opción “#1” para correr “find log” poniendo 1
Y dándole Enter
Tardará unos minutos y luego se abrirá el Notepad y te dará un log que tendrás que copiar y pegar como respuesta a este post.
Es importante no darle a la opción “#2” o a otra a no ser que te lo diga en mi próximo post.

Salu2
Caito

Aqui el logo del L2mfix :

L2MFIX find log 1.04a
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hr2205foe.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqn]
"Asynchronous"=dword:00000001
"DllName"="sstqn.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Read BUILTIN\Usuarios avanzados
(ID-IO) ALLOW Read BUILTIN\Usuarios avanzados
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1EE385A7-258D-343B-8207-DB79164B8D45}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n de paneo de pantalla del Panel de control"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensiones del shell para compresi¢n de archivos"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Men£ de contexto de cifrado"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C maras y esc neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C maras y esc neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C maras y esc neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C maras y esc neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C maras y esc neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Banda multimedia"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analizador de Barra de direcciones"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BD28A92F-657B-461D-B6DE-71790B88232F}"=""
"{9AADEAAA-3D56-4320-8A9B-146713A4FC85}"=""
"{EABD496F-B3F9-40B7-AF68-33BA8771AC13}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{DA14ACE2-DE61-4F75-A9A6-356EF85029DA}"=""
"{9F86A4CC-477C-4A77-A3FC-5B78C834508F}"=""
"{8C8BF218-4E65-470E-A45F-156A92391891}"=""
"{65A253D3-DC46-4DF7-8A19-A50CF25F6327}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BD28A92F-657B-461D-B6DE-71790B88232F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD28A92F-657B-461D-B6DE-71790B88232F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD28A92F-657B-461D-B6DE-71790B88232F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BD28A92F-657B-461D-B6DE-71790B88232F}\InprocServer32]
@="C:\\WINDOWS\\system32\\tWpisrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9AADEAAA-3D56-4320-8A9B-146713A4FC85}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9AADEAAA-3D56-4320-8A9B-146713A4FC85}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9AADEAAA-3D56-4320-8A9B-146713A4FC85}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9AADEAAA-3D56-4320-8A9B-146713A4FC85}\InprocServer32]
@="C:\\WINDOWS\\system32\\syrialui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EABD496F-B3F9-40B7-AF68-33BA8771AC13}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EABD496F-B3F9-40B7-AF68-33BA8771AC13}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EABD496F-B3F9-40B7-AF68-33BA8771AC13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EABD496F-B3F9-40B7-AF68-33BA8771AC13}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcdtcuiu.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DA14ACE2-DE61-4F75-A9A6-356EF85029DA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA14ACE2-DE61-4F75-A9A6-356EF85029DA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA14ACE2-DE61-4F75-A9A6-356EF85029DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DA14ACE2-DE61-4F75-A9A6-356EF85029DA}\InprocServer32]
@="C:\\WINDOWS\\system32\\rubdyctl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9F86A4CC-477C-4A77-A3FC-5B78C834508F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F86A4CC-477C-4A77-A3FC-5B78C834508F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F86A4CC-477C-4A77-A3FC-5B78C834508F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F86A4CC-477C-4A77-A3FC-5B78C834508F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjasn1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8C8BF218-4E65-470E-A45F-156A92391891}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C8BF218-4E65-470E-A45F-156A92391891}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C8BF218-4E65-470E-A45F-156A92391891}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8C8BF218-4E65-470E-A45F-156A92391891}\InprocServer32]
@="C:\\WINDOWS\\system32\\wtninet.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{65A253D3-DC46-4DF7-8A19-A50CF25F6327}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65A253D3-DC46-4DF7-8A19-A50CF25F6327}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65A253D3-DC46-4DF7-8A19-A50CF25F6327}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{65A253D3-DC46-4DF7-8A19-A50CF25F6327}\InprocServer32]
@="C:\\WINDOWS\\system32\\skfolder.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
awvtt.dll Thu 17 Nov 2005 20:13:40 A.... 215.703 210,64 K
en88l1~1.dll Sat 19 Nov 2005 1:15:02 ..S.R 235.619 230,09 K
hr2205~1.dll Sat 19 Nov 2005 1:05:42 ..S.R 233.375 227,90 K
jkklm.dll Thu 17 Nov 2005 20:15:22 ..SH. 28.173 27,51 K
mjasn1.dll Sat 19 Nov 2005 1:05:38 ..S.R 237.314 231,75 K
mljjj.dll Thu 17 Nov 2005 7:08:12 ..SH. 28.173 27,51 K
rubdyctl.dll Fri 18 Nov 2005 21:08:26 ..S.R 236.243 230,70 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118.784 116,00 K
skfolder.dll Sat 19 Nov 2005 1:30:24 ..S.R 233.375 227,90 K
sstqn.dll Thu 17 Nov 2005 0:42:22 A.... 28.173 27,51 K
wtninet.dll Sat 19 Nov 2005 1:13:54 ..S.R 233.962 228,48 K

11 items found: 11 files (8 H/S), 0 directories.
Total of file sizes: 1.828.894 bytes 1,74 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Sat 19 Nov 2005 1:30:28 A.... 234.034 228,55 K

1 item found: 1 file, 0 directories.
Total of file sizes: 234.034 bytes 228,55 K
********************************************************************************
**
Directory Listing of system files:
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: CCA9-E889

Directorio de C:\WINDOWS\System32

19/11/2005 01:30 233.375 skfolder.dll
19/11/2005 01:29 <DIR> dllcache
19/11/2005 01:15 235.619 en88l1lu1.dll
19/11/2005 01:13 233.962 wtninet.dll
19/11/2005 01:05 233.375 hr2205foe.dll
19/11/2005 01:05 237.314 mjasn1.dll
18/11/2005 21:08 236.243 rubdyctl.dll
17/11/2005 23:46 <DIR> Microsoft
17/11/2005 20:15 28.173 jkklm.dll
17/11/2005 07:08 28.173 mljjj.dll
16/11/2005 00:51 0 .exe
9 archivos 1.466.234 bytes
2 dirs 74.917.941.248 bytes libres

Sabes como puedo instalar el sp2 Saludos y gracias.

Ahora vuelve a ejecutar el l2mfix y haz doble click en l2mfix.bat y selecciona la opción “#2” para que corra el Fix tecleando “2” y Enter, luego pulsa cualquier letra para reiniciar la pc. Al reiniciar los íconos del escritorio aparecerán y desaparecerán lo que es normal y luego el notepad aparecerá con el log que tendrás que copiar y pegar como respuesta a este post, si no te aparece ve a la carpeta del programa y haz clic en Second.bat y ya tendrás el reporte.
Además pon un log actualizado del hijack.
Es importante no ejecutar ninguna opción del programa a menos que te lo diga.

Luego ejecuta el Ewido y por último el Hijack, pon los 3 logs
Salu2
Caito

Hola caito, esto se resiste muxo , mira ejecute el l2mfix tal como me has dixo y el bloc no aparecio, asi que le di al bat que me habias dixo ejecuto todo y me desaparecio todo del escritorio , lo deje unos 5 minutos y no salio nada, reinicie.

Te dejo el logo del ewido :

---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------

+ Creado en: 22:32:17, 19/11/2005
+ Report-Checksum: 5AC88FAF

+ Scan result:

[1492] C:\WINDOWS\system32\ivetpp.dll -> Spyware.Look2Me : Limpio con backup
:mozilla.6:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.7:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.8:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.9:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.10:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.11:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.12:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.25:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.26:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.27:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.28:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.29:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.30:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.31:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.32:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.33:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.34:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.35:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.36:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.37:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.38:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.39:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.40:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.41:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.42:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.43:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.44:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.45:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.46:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.47:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.48:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.49:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.50:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.51:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.52:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.53:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.54:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Paypopup : Limpio con backup
:mozilla.55:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.57:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
:mozilla.58:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Limpio con backup
:mozilla.65:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
:mozilla.72:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Atdmt : Limpio con backup
:mozilla.79:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Clubdicecasino : Limpio con backup
:mozilla.80:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Clubdicecasino : Limpio con backup
:mozilla.81:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Clubdicecasino : Limpio con backup
:mozilla.82:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpio con backup
:mozilla.83:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpio con backup
:mozilla.84:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpio con backup
:mozilla.85:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpio con backup
:mozilla.86:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpio con backup
:mozilla.87:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Trafficmp : Limpio con backup
:mozilla.88:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Fastclick : Limpio con backup
:mozilla.89:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Fastclick : Limpio con backup
:mozilla.95:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Hypertracker : Limpio con backup
:mozilla.96:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Casinolasvegas : Limpio con backup
:mozilla.97:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Casinolasvegas : Limpio con backup
:mozilla.98:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Casinolasvegas : Limpio con backup
:mozilla.105:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Mediaplex : Limpio con backup
:mozilla.106:C:\Documents and Settings\Pub_abraxas\Datos de programa\Mozilla\Firefox\Profiles\gy56vdmb.default\cookies.txt -> Spyware.Cookie.Smartadserver : Limpio con backup
C:\l2mfix\l2mfix\backup.zip/chcui.dll -> Spyware.Look2Me : Error durante limpieza
C:\l2mfix\l2mfix\backup.zip/mjasn1.dll -> Spyware.Look2Me : Error durante limpieza
C:\l2mfix\l2mfix\backup.zip/rubdyctl.dll -> Spyware.Look2Me : Error durante limpieza
C:\l2mfix\l2mfix\backup.zip/skfolder.dll -> Spyware.Look2Me : Error durante limpieza
C:\l2mfix\l2mfix\backup.zip/wtninet.dll -> Spyware.Look2Me : Error durante limpieza
C:\l2mfix\l2mfix\backup.zip/kddycc.dll -> Spyware.Look2Me : Error durante limpieza
C:\l2mfix\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error durante limpieza
C:\WINDOWS\system32\ivetpp.dll -> Spyware.Look2Me : Limpio con backup


::Fin Report

Y el del hij :

Logfile of HijackThis v1.99.1
Scan saved at 22:35:24, on 19/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis[www.trucoswindows.net].exe

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\sstqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132358435998
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E3750EB-EDF2-49F5-A6DE-7E8562B38E0F}: NameServer = 80.58.61.250 80.58.61.254
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: sstqn - C:\WINDOWS\SYSTEM32\sstqn.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\l86o0ij3e8o.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mod Libary (modlb) - Unknown owner - C:\WINDOWS\modlb.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Archivos de programa\WinPoET Broadband Connection\WrOS.EXE
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINDOWS\csrss.exe (file missing)


Weno ya me diras que debo hacer, saludos y gracias.

Se me olvido decirte que cuando reinicie me salio este error :

Ha ocurrido una excepcion al intentar ejecutar c:\windows\system32\ivetpp.dll,Dllgetversion .

Saludos.

Baja la version trial del Spy Sweeper :
http://www.webroot.com/consumer/products/spysweeper
Instálalo usando “Standard Install “opción.
Te pedirá una dirección de email .
Se actualizará.
Luego andá a “Options”>Sweep options” y marca “Sweep all folders on selected drives”
Marca “Local disc C “ ( o pon el que quieres analizar )
Y en “What to Sweep “ selecciona todas las casillas
Haz clic en “Sweep” y comenzará el scaneo
Al finalizar haz clic en “Remove”, clic en “Selected All “ y luego pulsa “Next”
En “Results” selecciona “Session Log “, marca “Save to File “
Guarda el reporte (Log) en un lugar conveniente.
Copia y pega ese log en tu próximo pos junto a un nuevo reporte del Hijack.
Salu2
Caito

Hola aqui el log del spy sweeper :

********
1:21: | Start of Session, domingo, 20 de noviembre de 2005 |
1:21: Spy Sweeper started
1:21: Sweep initiated using definitions version 574
1:21: Starting Memory Sweep
1:22: Memory Sweep Complete, Elapsed Time: 00:00:57
1:22: Starting Registry Sweep
1:22: Registry Sweep Complete, Elapsed Time:00:00:05
1:22: Starting Cookie Sweep
1:22: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:22: Starting File Sweep
1:25: Warning: Failed to open file "c:\windows\system32\stwduni.exe:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\19.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\1d.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\5.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\7.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\1.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\a.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\2.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\c.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\8.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\e.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\18.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\windows\temp\d7.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\windows\temp\d9.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\24.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\pub_abraxas\configuración local\temp\1e.tmp:kavichs". Acceso denegado
1:26: Warning: Failed to open file "c:\documents and settings\all users\datos de programa\kaspersky anti-virus personal\5.0\policy\policy.dat:kavichs". Acceso denegado
1:27: Warning: Failed to open file "c:\windows\softwaredistribution\datastore\logs\tmp.edb:kavichs". Acceso denegado
2:10: File Sweep Complete, Elapsed Time: 00:48:23
2:10: Full Sweep has completed. Elapsed time 00:49:32
2:10: Traces Found: 0
********
0:20: | Start of Session, domingo, 20 de noviembre de 2005 |
0:20: Spy Sweeper started
0:20: Sweep initiated using definitions version 574
0:20: Starting Memory Sweep
0:20: BHO Shield: found: -- BHO installation denied at user request
0:20: Found Adware: icannnews
0:20: Detected running threat: C:\WINDOWS\system32\l86o0ij3e8o.dll (ID = 83)
0:20: BHO Shield: found: sstqq.dll-- BHO installation denied at user request
0:21: Found Adware: virtumonde
0:21: Detected running threat: C:\WINDOWS\system32\sstqq.dll (ID = 77)
0:21: Memory Sweep Complete, Elapsed Time: 00:01:33
0:21: Starting Registry Sweep
0:21: Found Adware: purityscan
0:21: HKCR\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (8 subtraces) (ID = 137348)
0:21: HKCR\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (8 subtraces) (ID = 137349)
0:21: HKLM\software\classes\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (8 subtraces) (ID = 137678)
0:21: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (8 subtraces) (ID = 137679)
0:21: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\typelib\ (2 subtraces) (ID = 137680)
0:21: HKLM\software\classes\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\ (9 subtraces) (ID = 137687)
0:21: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (ID = 137986)
0:21: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
0:21: HKCR\typelib\{5530d356-0063-41b9-b20d-e9d799e8d907}\ (9 subtraces) (ID = 139091)
0:21: Found Adware: elitemediagroup-mediamotor
0:21: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (27 subtraces) (ID = 140032)
0:21: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
0:21: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
0:21: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
0:21: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
0:21: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
0:21: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
0:21: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
0:21: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
0:21: Found Adware: targetsaver
0:21: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
0:21: Found Adware: winad
0:21: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
0:21: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
0:21: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
0:21: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
0:21: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
0:21: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
0:21: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
0:21: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
0:21: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
0:21: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
0:21: Found Adware: delfin
0:21: HKLM\software\vidmon\ (3 subtraces) (ID = 890155)
0:21: HKLM\software\microsoft\windows\currentversion\uninstall\webdp\ (2 subtraces) (ID = 890173)
0:21: Found Adware: dollarrevenue
0:21: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
0:21: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mm83.ocx (ID = 959929)
0:21: Found Trojan Horse: trojan downloader popuppers
0:21: HKCR\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960709)
0:21: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
0:21: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
0:21: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm83.ocx\ (2 subtraces) (ID = 960758)
0:21: HKLM\software\classes\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960771)
0:21: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
0:21: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
0:21: Found Trojan Horse: trojan_backdoor_bifrose
0:21: HKU\S-1-5-21-776561741-1770027372-839522115-1003\software\obsidium\ (1 subtraces) (ID = 144081)
0:21: Found Adware: findthewebsiteyouneed hijacker
0:21: HKU\S-1-5-21-776561741-1770027372-839522115-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
0:21: HKU\S-1-5-21-776561741-1770027372-839522115-1003\software\vidmon\ (1 subtraces) (ID = 890125)
0:21: HKU\S-1-5-18\software\obsidium\ (1 subtraces) (ID = 144081)
0:21: Found Trojan Horse: trojan_backdoor_irc_spybot
0:21: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || sygate personal firewall (ID = 144991)
0:21: Registry Sweep Complete, Elapsed Time:00:00:07
0:21: Starting Cookie Sweep
0:21: Cookie Sweep Complete, Elapsed Time: 00:00:00
0:21: Starting File Sweep
0:21: c:\windows\system32\vidmon (ID = -2147468683)
0:21: c:\documents and settings\all users\datos de programa\vidmon (1 subtraces) (ID = -2147468685)
0:21: c:\windows\system32\nfomon (1 subtraces) (ID = -2147468684)
0:21: c:\documents and settings\all users\datos de programa\nfo (15 subtraces) (ID = -2147468687)
0:21: mon1215.dbd (ID = 57687)
0:21: tsuninst.exe (ID = 193501)
0:21: class-barrel (ID = 78229)
0:21: mwmml.exe (ID = 195130)
0:21: Found Adware: look2me
0:21: q0860alsedq60.dll (ID = 159)
0:21: removewebdp.exe (ID = 166172)
0:21: mediaticketsinstaller.ocx (ID = 73162)
0:21: mon2007.dbd (ID = 57693)
0:21: mon0104.dbd (ID = 57676)
0:21: mon1920.dbd (ID = 57692)
0:21: iemonit