Foros del Web - Ver Mensaje Individual - Kazaa lite, No baje este software y tengo un spyware

Wasin · #9 (**permalink**) 20/10/2006, 13:12

Se borra la página de inico, pero solamente queda así http//, lo demas de borra.

Le adjunto parte del reporte de XSOTSPY, de donde estan los ad ware???

<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoJITSetup" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Start Page" Data = "http://antivirus.cableonda.net/"/>
<Information Value = "Search Page" Data = ""/>
<Information Value = "Search Bar" Data = "http://go.compaq.com/1Q00CDT/0C0A/bl8.asp"/>
<Information Value = "Use Custom Search URL" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Window_Placement" Data = ""/>
<Information Value = "AddToFavoritesExpanded" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "AutoSearch" Data = "(DWORD) 0x5 0 0 0"/>
<Information Value = "NscSingleExpand" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Force Offscreen Composition" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "UseThemes" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "NoWebJITSetup" Data = "(DWORD) 0 0 0 0"/>
<Information Value = "Page_Transitions" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "AllowWindowReuse" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "SmoothScroll" Data = "(DWORD) 0x1 0 0 0"/>
<Information Value = "Show image placeholders" Data = "(DWORD) 0 0 0 0"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Search Page" Data = ""/>
<Information Value = "Cache_Percent_of_Disk" Data = ""/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = ""/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Wizard_Version" Data = "6.0.2600.0000"/>
<Information Value = "Search Bar" Data = "http://go.compaq.com/1Q00CDT/0C0A/bl8.asp"/>
<Information Value = "Use Custom Search URL" Data = "(DWORD) 0x1 0 0 0"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\SearchURL"/>
<Information Value = "provider" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data = ""/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Toolbar"/>
<Information Value = "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Data = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Toolbar"/>
<Information Value = "LinksFolderName" Data = "Vínculos"/>
<Information Value = "Locked" Data = "(DWORD) 0x1 0 0 0"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\exefile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\comfile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\batfile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\piffile\shell\open\command"/>
<Information Value = "" Data = "%1 %*"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\scrfile\shell\open\command"/>
<Information Value = "" Data = "%1 /S"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SOFTWARE\Classes\htafile\shell\open\command"/>
<Information Value = "" Data = "C:\WINDOWS\System32\mshta.exe %1 %*" MD5 = "e51333359adece00d707e5462ca1d1ad" Path = ""/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Interne t Settings"/>
<Information Value = "ProxyEnable" Data = "(DWORD) 0 0 0 0"/>
<Information Directory = "C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\*" Program = "desktop.ini" MD5 = "d6a6856702e3f0953e7246a9b4a9fe35" />
<Information Directory = "C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\*" Program = "desktop.ini" MD5 = "d6a6856702e3f0953e7246a9b4a9fe35" />
<Information Directory = "C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\*" Program = "Microsoft Office.lnk" LinkFile = "C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE" MD5 = "5bc65464354a9fd3beaa28e18839734a"/>
<Scanning TIME = "20 Oct 06 13:48:46">
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "f9852f505e0699bb83d5c6321917040b"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "2b0b88652c9f6714fd4886839b3b0442"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "fa03e1fc17f38fbdba81470d08b3e416"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "fa03e1fc17f38fbdba81470d08b3e416"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "fa03e1fc17f38fbdba81470d08b3e416"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "fa03e1fc17f38fbdba81470d08b3e416"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "fa03e1fc17f38fbdba81470d08b3e416"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "da81ec57acd4cdc3d4c51cf3d409af9f"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "89c8dd146ceaf482d82822766437d93f"/>
<PROCESS NAME = "C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe" MD5 = "5ff72bb3dd3d7a206fbab530de76521a"/>
<PROCESS NAME = "C:\Archivos de programa\Ahead\InCD\InCD.exe" MD5 = "4f8c6d35632fa9cc61d725eefcb74ae8"/>
<PROCESS NAME = "C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" MD5 = "9bf46d959f713d64c8ff3de2b2437863"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 = "25ecfa69af1563fde8dfd31f9954497a"/>
<PROCESS NAME = "C:\Archivos de programa\Messenger\msmsgs.exe" MD5 = "74e6e96c6f0e2eca4edbb7f7a468f259"/>
<PROCESS NAME = "C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" MD5 = "70496eee0ddbe485f658693826f44d38"/>
<PROCESS NAME = "C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" MD5 = "66093610fa61142f6bcfd83afb7e8a29"/>
<PROCESS NAME = "C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe" MD5 = "07c595396c6f4631e88f9792e1becd7e"/>
<PROCESS NAME = "C:\Archivos de programa\Ahead\InCD\InCDsrv.exe" MD5 = "a829f0e0133479eb1ec2fd483faaadd8"/>
<PROCESS NAME = "C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe" MD5 = "11f714f85530a2bd134074dc30e99fca"/>
<PROCESS NAME = "C:\Archivos de programa\Canon\MultiPASS4\MPSERVIC.EXE" MD5 = "3a3ecbb61df01e4e37b1cb51ae6221d8"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "fa03e1fc17f38fbdba81470d08b3e416"/>
<PROCESS NAME = "C:\WINDOWS\system32\wdfmgr.exe" MD5 = "c81b8635dee0d3ef5f64b3dd643023a5"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 = "906d6932d533f1591caa84e846b9ba06"/>
<PROCESS NAME = "C:\Archivos de programa\XoftSpy\XoftSpy.exe" MD5 = "a59c0fba2410a4f119046bb34ea84ebd"/>
<ScanningRegKeys>
</ScanningRegKeys>
<ScanningRegValues>
</SW>
<SW NAME = "Media Motor">
<REGVALUE VALUE = "Media Motor software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net\*"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\interne t settings\zonemap\domains\media-motor.net\*"/>
</SW>
<SW NAME = "Media Motor">
<REGVALUE VALUE = "Media Motor software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com\*"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\interne t settings\zonemap\domains\mmohsix.com\*"/>
</SW>
<SW NAME = "New Dial">
<REGVALUE VALUE = "New Dial software\microsoft\windows\currentversion\internet settings\zonemap\domains\linkautomatici.com\www\*"/>
<REGVALUEFOUND NAME = "software\microsoft\windows\currentversion\interne t settings\zonemap\domains\linkautomatici.com\www\*"/>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
<Information Message = "Scan Aborted by User"/>
</Scanning>

<Information Message = "Starting to Quarantine 3 Items"/>
<Quarantines>
<QTFILE PATH = "C:\Archivos de programa\XoftSpy\Quarantine\Quarantine20-10-2006-13-49-58.xpy" />
<INFO ACTION = "Added"/>
<INFO TIME = "20-10-2006-13-49-58"/>
<REGVALUE RES = "* = dword:00000004
">
<REGVALUE RES = "* = dword:00000004
">
<REGVALUE RES = "* = dword:00000004
">
</Quarantines>
<QInformation Message = "Quarantining File REG BACKUP - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\regbackup.reg"/>
<Removal>
<SW NAME = "Media Motor">
<REGVALUE NAME = "software\microsoft\windows\currentversion\interne t settings\zonemap\domains\media-motor.net\*"/>
<REGVALUE RES = "Successfully Removed"/>
<REGVALUE NAME = "software\microsoft\windows\currentversion\interne t settings\zonemap\domains\mmohsix.com\*"/>
<REGVALUE RES = "Successfully Removed"/>
</SW>
<SW NAME = "New Dial">
<REGVALUE NAME = "software\microsoft\windows\currentversion\interne t settings\zonemap\domains\linkautomatici.com\www\*"/>
<REGVALUE RES = "Successfully Removed"/>
</SW>
</Removal>
</Session>