Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vilsel.ajgl

Started by juanitooo , Oct 28 2010 08:52 AM

  • Please log in to reply

#1
juanitooo
Posted 28 October 2010 - 08:52 AM

juanitooo

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I'm not good at english but I'll try to comunicate with you all.

I have some trojan in my computer, the kaspersky antivirus said that it detected a trojan called vilsel.ajgl and it was located in C:\Program Files\AIM6\addressBook.exe

I chose the option of delete but kaspersky said it couldn't.

so I leave here the log of hijackthis and silent runners. I hope you could help me.

Thanks a lot in advance. :D


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:34, on 28/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
D:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe
D:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaantmon.exe
D:\Archivos de programa\Java\jre6\bin\jqs.exe
D:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe
D:\Archivos de programa\Kaspersky Lab\NetworkAgent 8\klnagent.exe
D:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
D:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
D:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaanotif.exe
D:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
D:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
D:\Archivos de programa\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\WINDOWS\system32\svchost.exe
D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
D:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe
D:\Archivos de programa\Messenger\msmsgs.exe
D:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe
D:\Archivos de programa\DAEMON Tools Lite\daemon.exe
D:\Archivos de programa\Skype\Phone\Skype.exe
D:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\Dropbox.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Archivos de programa\Hewlett-Packard\Shared\HpqToaster.exe
D:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Archivos de programa\CCleaner\CCleaner.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\regedit.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HP Software Update] D:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] D:\Archivos de programa\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] D:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] D:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IAAnotif] "D:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "D:\WINDOWS\TEMP\E_S7DBB.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NBKeyScan] "D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] D:\Archivos de programa\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copiar 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "D:\WINDOWS\TEMP\E_S1EE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVP] "D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "D:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "D:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Archivos de programa\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "D:\Archivos de programa\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-21-789336058-1454471165-839522115-500\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User 'Administrador')
O4 - HKUS\S-1-5-21-789336058-1454471165-839522115-500\..\RunOnce: [NeroHomeFirstStart] "D:\Archivos de programa\Archivos comunes\Nero\Lib\NMFirstStart.exe" (User 'Administrador')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = D:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart17.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Agregar al componente Anti-Banners - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
O8 - Extra context menu item: Append to existing PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - D:\Archivos de programa\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\ARCHIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll,D:\ARCHIV~1\KASPER~1\KASPER~1.0FO\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - D:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - D:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Agente de Red de Kaspersky Lab (klnagent) - Kaspersky Lab - D:\Archivos de programa\Kaspersky Lab\NetworkAgent 8\klnagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Rpapsd32 - REDC - (no file)

--
End of file - 16658 bytes





NOW THE LOG OF SILENT RUNNERS






"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"LightScribe Control Panel" = "D:\Archivos de programa\Archivos comunes\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"]
"MSMSGS" = ""D:\Archivos de programa\Messenger\msmsgs.exe" /background" [MS]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" ["Nero AG"]
"DAEMON Tools Lite" = ""D:\Archivos de programa\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]
"Skype" = ""D:\Archivos de programa\Skype\\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Google Update" = ""D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"]
"HP Software Update" = "D:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"QlbCtrl" = "D:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"SynTPStart" = "D:\Archivos de programa\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"SMSERIAL" = "D:\Archivos de programa\Motorola\SMSERIAL\sm56hlpr.exe" ["Motorola Inc."]
"hpWirelessAssistant" = "D:\Archivos de programa\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" ["Hewlett-Packard Development Company, L.P."]
"IAAnotif" = ""D:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"]
"EPSON Stylus DX3800 Series" = "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "D:\WINDOWS\TEMP\E_S7DBB.tmp" /EF "HKLM"" ["SEIKO EPSON CORPORATION"]
"NBKeyScan" = ""D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"HPWS myPrintMileage Agent" = "D:\Archivos de programa\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [null data]
"GrooveMonitor" = ""D:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"EPSON Stylus DX3800 Series (Copiar 1)" = "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "D:\WINDOWS\TEMP\E_S1EE.tmp" /EF "HKLM"" ["SEIKO EPSON CORPORATION"]
"QuickTime Task" = ""D:\Archivos de programa\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"KernelFaultCheck" = "D:\WINDOWS\system32\dumprep 0 -k"
"(Default)" = "(empty string)" [file not found]
"Acrobat Assistant 8.0" = ""D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]
"AVP" = ""D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"" ["Kaspersky Lab"]
"DivXUpdate" = ""D:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aplicación auxiliar de vínculos de Adobe PDF Reader"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Aplicación auxiliar de inicio de sesión"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "D:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java™ Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "D:\Archivos de programa\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
-> {HKCU...CLSID} = "DropboxExt"
\InProcServer32\(Default) = "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\DropboxExt.13.dll" ["Dropbox, Inc."]

DropboxExt2\(Default) = "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
-> {HKCU...CLSID} = "DropboxExt"
\InProcServer32\(Default) = "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\DropboxExt.13.dll" ["Dropbox, Inc."]

DropboxExt3\(Default) = "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
-> {HKCU...CLSID} = "DropboxExt"
\InProcServer32\(Default) = "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\DropboxExt.13.dll" ["Dropbox, Inc."]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Identif. de icono superpuesto para firmas digitales de AutoCAD\(Default) = "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk, Inc."]

Identificador de icono superpuesto para firmas digitales de AutoCAD\(Default) = "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Archivos de programa\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = " Previsualización de dibujo de Autodesk"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk, Inc."]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Identif. de icono superpuesto para firmas digitales de AutoCAD"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "D:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk, Inc."]

"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Archivos de programa\WinRAR\rarext.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Archivos de programa\Microsoft Office\Office12\msohevi.dll" [MS]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "D:\Archivos de programa\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "D:\Archivos de programa\Microsoft Office\Office10\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{8A0BC933-7552-42E2-A228-3BE055777227}" = "Gestor de columnas de DWG de AutoCAD"
-> {HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]

"{5800AD5B-72C1-477B-9A08-CA112DF06D97}" = "Gestor de sugerencias e informaciones DWG de AutoCAD"
-> {HKLM...CLSID} = "AcInfoTipHandler"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]

"{ADC46291-D8A1-4486-A24C-86FFB392AEFA}" = "Archivo de previsualización DGN de Autodesk "
-> {HKLM...CLSID} = "AcDgnImageExtractor"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Autodesk Shared\AcDgnCOM17.dll" ["Autodesk"]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Estadísticas del componente Antivirus Internet"
-> {HKLM...CLSID} = "Estadísticas del componente Antivirus Internet"
\InProcServer32\(Default) = "D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "D:\ARCHIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll,D:\ARCHIV~1\KASPER~1\KASPER~1.0FO\kloehk.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "D:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "D:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> cdo\CLSID = "{CD00020A-8B95-11D1-82DB-00C04FB1625D}"
-> {HKLM...CLSID} = "Microsoft PKM KnowledgePluggable Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Folders\PKMCDO.DLL" [MS]

<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GR99D3~1.DLL" [MS]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}"
-> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\ARCHIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\ARCHIV~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "D:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
-> {HKCU...CLSID} = "DropboxExt"
\InProcServer32\(Default) = "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\DropboxExt.13.dll" ["Dropbox, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\shellex.dll" ["Kaspersky Lab"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Archivos de programa\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{100BD527-7304-4b7f-BEE2-26D97B04EBA4}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
-> {HKCU...CLSID} = "DropboxExt"
\InProcServer32\(Default) = "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\DropboxExt.13.dll" ["Dropbox, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Archivos de programa\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
-> {HKCU...CLSID} = "DropboxExt"
\InProcServer32\(Default) = "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\DropboxExt.13.dll" ["Dropbox, Inc."]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

{8A0BC933-7552-42E2-A228-3BE055777227}\(Default) = "AutoCAD DWG column info"
-> {HKLM...CLSID} = "AcColumnHandler"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Autodesk Shared\AcShellEx\AcShellExtension.dll" ["Autodesk"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\shellex.dll" ["Kaspersky Lab"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Archivos de programa\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = "{100BD527-7304-4b7f-BEE2-26D97B04EBA4}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBShell.dll" ["Nero AG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Archivos de programa\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""D:\WINDOWS\notepad.exe" "%1"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDriveTypeAutoRun_KL_notset" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Juan\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "D:\Archivos de programa\Archivos comunes\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""D:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""D:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""D:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""D:\Archivos de programa\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]

NeroAutoPlay8AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay8CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay8DataDisc_CD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]

NeroAutoPlay8DataDisc_DVD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L" ["Nero AG"]

NeroAutoPlay8LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay8PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay8VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""D:\Archivos de programa\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay8ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "D:\Archivos de programa\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]


Startup items in "Juan" & "All Users" startup folders:
------------------------------------------------------

D:\Documents and Settings\Juan\Menú Inicio\Programas\Inicio
"Adobe Gamma" -> shortcut to: "D:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Dropbox" -> shortcut to: "D:\Documents and Settings\Juan\Datos de programa\Dropbox\bin\Dropbox.exe" [null data]

D:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Acelerador de inicio de AutoCAD" -> shortcut to: "D:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart17.exe" [null data]
"Adobe Acrobat Speed Launcher" -> shortcut to: "D:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe" [null data]
"Adobe Acrobat Synchronizer" -> shortcut to: "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [null data]
"Microsoft Office" -> shortcut to: "D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "D:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Google Software Updater" -> launches: "D:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"]
"GoogleUpdateTaskMachineCore" -> launches: "D:\Archivos de programa\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "D:\Archivos de programa\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-789336058-1454471165-839522115-1003Core" -> launches: "D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-789336058-1454471165-839522115-1003UA" -> launches: "D:\Documents and Settings\Juan\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Barra Yahoo! con bloqueador de ventanas emergentes"
\InProcServer32\(Default) = "D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Barra Yahoo! con bloqueador de ventanas emergentes"
\InProcServer32\(Default) = "D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Estadísticas del componente Antivirus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Referencia"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Estadísticas del componente Antivirus Internet"

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Enviar a OneNote"
"MenuText" = "&Enviar a OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "D:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "D:\Archivos de programa\PartyGaming\PartyPoker\RunApp.exe" [empty string]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Archivos de programa\Messenger\msmsgs.exe" [MS]

{FB858B22-55E2-413F-87F5-30ADC5552151}\
"ButtonText" = "PDFill PDF Editor"
"Exec" = "D:\Archivos de programa\PlotSoft\PDFill\DownloadPDF.exe" ["PlotSoft LLC"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*o" (unwritable string)
-> {HKLM...CLSID} = "Barra Yahoo! con bloqueador de ventanas emergentes"
\InProcServer32\(Default) = "D:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adaptador de rendimiento de WMI, WmiApSrv, "D:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
Agente de Red de Kaspersky Lab, klnagent, ""D:\Archivos de programa\Kaspersky Lab\NetworkAgent 8\klnagent.exe"" ["Kaspersky Lab"]
FLEXnet Licensing Service, FLEXnet Licensing Service, ""D:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]
hpqwmiex, hpqwmiex, ""D:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe"" ["Hewlett-Packard Development Company, L.P."]
Intel® Matrix Storage Event Monitor, IAANTMON, "D:\Archivos De Programa\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"]
Java Quick Starter, JavaQuickStarterService, ""D:\Archivos de programa\Java\jre6\bin\jqs.exe" -service -config "D:\Archivos de programa\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Kaspersky Anti-Virus 6.0, AVP, ""D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" -r" ["Kaspersky Lab"]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""D:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""D:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "D:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NMIndexingService, NMIndexingService, ""D:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "D:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
SQL Server (MSSMLBIZ), MSSQL$MSSMLBIZ, ""D:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ" [MS]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

Safe Mode Minimal drivers and services not found!

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

Safe Mode Network drivers and services not found!


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "D:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
HPWSLMN\Driver = "hpwslmn.dll" ["HP"]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]


---------- (launch time: 2010-10-28 16:33:44)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 3 seconds for message boxes)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP