el log del spybot 1.3.2 es el siguiente
--- Search result list ---
¡Felicidades!: No se ha encontrado ningún robot espía. ()
--- Spybot - Search & Destroy version: 1.3.2 ß (build: 20041027) ---
2004-11-28 unins000.exe (51.15.0.0)
2004-09-27 blindman.exe (1.0.0.0)
2004-10-29 SpybotSD.exe (1.3.2.15)
2004-10-27 TeaTimer.exe (1.3.0.14)
2004-09-27 Update.exe (1.3.0.0)
2004-10-04 advcheck.dll (1.0.1.0)
2004-09-27 borlndmm.dll (7.0.4.453)
2004-09-27 delphimm.dll (7.0.4.453)
2004-09-27 SDHelper.dll (1.3.0.12)
2004-09-27 Tools.dll (2.0.0.0)
2004-09-27 UnzDll.dll (1.73.1.1)
2004-09-27 ZipDll.dll (1.73.2.0)
2004-08-11 Includes\Cookies.sbi (*)
2004-11-17 Includes\Dialer.sbi (*)
2004-11-17 Includes\Hijackers.sbi (*)
2004-11-17 Includes\Keyloggers.sbi (*)
2004-11-17 Includes\Malware.sbi (*)
2004-10-05 Includes\Revision.sbi (*)
2004-10-25 Includes\Security.sbi (*)
2004-11-17 Includes\Spybots.sbi (*)
2004-11-17 Includes\Trojans.sbi (*)
2004-08-12 Includes\LSP.sbi (*)
2004-10-21 Includes\Tracks.uti
--- System information ---
Windows 98 (Build: 2222) A
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
/ DirectX: DirectX Update 819696
--- Startup entries list ---
Located: HK_LM:Run, CookiePatrol
command: C:\ARCHIV~1\PESTPA~1\CookiePatrol.exe
file: C:\ARCHIV~1\PESTPA~1\CookiePatrol.exe
size: 69632
MD5: bd0110a00ed856ad4601c20f82def09c
Located: HK_LM:Run, farstone
command:
file:
Located: HK_LM:Run, mdac_runonce
command: C:\WINDOWS\SYSTEM\runonce.exe
file: C:\WINDOWS\SYSTEM\runonce.exe
size: 36864
MD5: 2270a909e909b40b1e94f17157c650e3
Located: HK_LM:Run, MemoryBoost
command: "C:\Archivos de programa\MemoryBoost\MemoryBoost.exe"
file: C:\Archivos de programa\MemoryBoost\MemoryBoost.exe
size: 73845
MD5: 0854a3469b1a3082de55c038bc0ffa98
Located: HK_LM:Run, nod32kui
command: "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
file: C:\Archivos de programa\Eset\nod32kui.exe
size: 823296
MD5: 10393d361281ddb36b50e688ce3259c8
Located: HK_LM:Run, PestPatrol Control Center
command: C:\ARCHIV~1\PESTPA~1\PPControl.exe
file: C:\ARCHIV~1\PESTPA~1\PPControl.exe
size: 53248
MD5: e2362c0cb43d5911007775e2ef99b2ba
Located: HK_LM:Run, RestoreIT!
command: "C:\Program Files\FarStone\RestoreIT_98\VBPTASK.EXE" VBStart
file: C:\Program Files\FarStone\RestoreIT_98\VBPTASK.EXE
size: 237568
MD5: 68ac4a9875b5f80ae70bcbd502cc706f
Located: HK_LM:RunServices, NOD32kernel
command: "C:\Archivos de programa\Eset\nod32krn.exe"
file: C:\Archivos de programa\Eset\nod32krn.exe
size: 286720
MD5: de2f3780eb228d0bedf8c87e32f05cd7
Located: HK_LM:Run, ATIPTA (DISABLED)
command: C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: e7d70592d84fe14e4a6c1f09d9c1bd34
Located: HK_LM:Run, BrowserWebCheck (DISABLED)
command: loadwc.exe
file: C:\WINDOWS\SYSTEM\loadwc.exe
size: 15360
MD5: a68370eb9da6f4ac332a74e492d3ee74
Located: HK_LM:Run, LoadPowerProfile (DISABLED)
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WINDOWS\Rundll32.exe
size: 24576
MD5: ef3897e3c533f016c3a446eae0f6cd84
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: C:\WINDOWS\RUNDLL32.EXE
size: 24576
MD5: ef3897e3c533f016c3a446eae0f6cd84
Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\SYSTEM\nwiz.exe
size: 360448
MD5: bf8da6a516b0244def95d50fbb6baa35
Located: HK_LM:Run, ScanRegistry (DISABLED)
command: C:\WINDOWS\scanregw.exe /autorun
file: C:\WINDOWS\scanregw.exe
size: 90112
MD5: d6e3cae0d92870b972377f7f29265ed7
Located: HK_LM:Run, SchedulingAgent (DISABLED)
command: mstinit.exe /logon
file: C:\WINDOWS\SYSTEM\mstinit.exe
size: 8464
MD5: 92cf410f43470d515de0ea5ff9e0c965
Located: HK_LM:RunServices, ATIPOLL (DISABLED)
command: ati2evxx.exe
file:
Located: HK_LM:RunServices, ATISmart (DISABLED)
command: C:\WINDOWS\SYSTEM\ati2s9ag.exe
file:
Located: HK_LM:RunServices, LoadPowerProfile (DISABLED)
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WINDOWS\Rundll32.exe
size: 24576
MD5: ef3897e3c533f016c3a446eae0f6cd84
Located: HK_LM:RunServices, Machine Debug Manager (DISABLED)
command: C:\WINDOWS\SYSTEM\MDM.EXE
file: C:\WINDOWS\SYSTEM\MDM.EXE
size: 119400
MD5: 95d85d69ffc099c516d99cb9581e3fe2
Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 113424
MD5: 450f388f2bed1a6bad36f4ecd8b0871c
Located: Inicio (usuario), Lotus Organizer EasyClip.lnk
command: C:\lotus\organize\easyclip.exe
file: C:\lotus\organize\easyclip.exe
size: 87040
MD5: 72f949692b2e8dafe96021f4cb56b1b9
Located: Inicio (usuario), Lotus SmartSuite 9.6 - Español Registro.lnk
command: C:\lotus\register\remind32.exe
file: C:\lotus\register\remind32.exe
size: 45056
MD5: 41efd9efcdc42f0f217f4be5e1592b7e
Located: Inicio (usuario), Microsoft Office.lnk
command: C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
file: C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 74452af1c8ab4d762b3fca05dbf2a555
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein
Path: C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 01/06/04 18:17:04
Date (last access): 01/12/04
Date (last write): 16/04/01 16:39:02
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/ info source: Patrick M. Kolla
Path: C:\Archivos de programa\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 27/09/04 1:03:02
Date (last access): 01/12/04
Date (last write): 27/09/04 1:03:02
Filesize: 770560
Attributes: archive
MD5: 904E5E75C345E6BDE03370C9BE525E6A
CRC32: F6BCC9B5
Version: 1.3.0.12
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\iejava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
Installer:
Codebase:
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab Path: C:\Archivos de programa\Opera7\Program\Plugins\
Long name: NPJPI142_01.dll
{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
DPF name:
CLSID name: Update Class
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase:
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38320.5580671296 description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM\
Long name: iuctl.dll
Short name: IUCTL.DLL
Date (created): 21/08/03 16:47:54
Date (last access): 01/12/04
Date (last write): 21/08/03 16:47:54
Filesize: 162400
Attributes:
MD5: DB2F1F57D3057FEBC19C61AB9AA77198
CRC32: 5A03D776
Version: 5.3.3790.13
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase:
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab Path: C:\Archivos de programa\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 28/09/04 20:26:10
Date (last access): 01/12/04
Date (last write): 28/09/04 20:26:00
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 1.4.2.60
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase:
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Archivos de programa\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 28/09/04 20:26:10
Date (last access): 01/12/04
Date (last write): 28/09/04 20:26:00
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 1.4.2.60
--- Process list ---
PID: -1070999 (2123372949) C:\WINDOWS\SYSTEM\KERNEL32.DLL
size: 479232
MD5: F02E46EEFFFAE43CCF96F3D76DAA5218
PID: -5195 (-1070999) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
size: 12215
MD5: 65D940EB0831ACE8E462EBED7412013F
PID: -6651 (-5195) C:\WINDOWS\SYSTEM\MPREXE.EXE
size: 28672
MD5: 0B209ACF1143353A8EE42E980EF9038D
PID: -2081647 (-6651) C:\ARCHIVOS DE PROGRAMA\ESET\NOD32KRN.EXE
size: 286720
MD5: DE2F3780EB228D0BEDF8C87E32F05CD7
PID: -2084787 (-5195) C:\WINDOWS\SYSTEM\mmtask.tsk
size: 1184
MD5: 38BAE36E67C8B1AE3ABC077837953B89
PID: -2022723 (-5195) C:\WINDOWS\EXPLORER.EXE
size: 180224
MD5: 52AF7902128D03E8C894E33FE09738EB
PID: -1983123 (-2022723) C:\ARCHIVOS DE PROGRAMA\MEMORYBOOST\MEMORYBOOST.EXE
size: 73845
MD5: 0854A3469B1A3082DE55C038BC0FFA98
PID: -1979267 (-2022723) C:\ARCHIVOS DE PROGRAMA\ESET\NOD32KUI.EXE
size: 823296
MD5: 10393D361281DDB36B50E688CE3259C8
PID: -1950387 (-2022723) C:\PROGRAM FILES\FARSTONE\RESTOREIT_98\VBPTASK.EXE
size: 237568
MD5: 68AC4A9875B5F80AE70BCBD502CC706F
PID: -1931619 (-2022723) C:\LOTUS\ORGANIZE\EASYCLIP.EXE
size: 87040
MD5: 72F949692B2E8DAFE96021F4CB56B1B9
PID: -1942147 (-2022723) C:\LOTUS\REGISTER\REMIND32.EXE
size: 45056
MD5: 41EFD9EFCDC42F0F217F4BE5E1592B7E
PID: -1925299 (-2022723) C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
size: 4284928
MD5: 59C41681A1D3BDF2324EAE1A0264824F
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 01/12/04 1:23:04
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.es/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.esHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s--- Winsock Layered Service Provider list ---
Protocol 0: MS.w95.spi.osp
GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\mswsosp.dll
Description: Microsoft Windows 9x/ME name space provider
DB filename: %windir%\system\mswsosp.dll
DB protocol: MS.w95.spi.*
Protocol 1: MS.w95.spi.tcp
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*
Protocol 2: MS.w95.spi.udp
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*
Protocol 3: MS.w95.spi.raw
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*
Protocol 4: MS.w95.spi.rsvptcp
GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
Filename: C:\WINDOWS\SYSTEM\rsvpsp.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\rsvoso.dll
DB protocol: MS.w95.spi.*
Protocol 5: MS.w95.spi.rsvpudp
GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
Filename: C:\WINDOWS\SYSTEM\rsvpsp.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\rsvoso.dll
DB protocol: MS.w95.spi.*
Namespace Provider 0: DNS Name Space Provider.
GUID: {FF017DE2-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\rnr20.dll
Description: Microsoft Windows 9x/ME name space provider
DB filename: %windir%\system\rnr20.dll
DB protocol: DNS Name Space Provider.
--- System Services ---
Service (registry key): Class
Start: 0
Type: 0
Error Control: 0
Service (registry key): VxD
Start: 0
Type: 0
Error Control: 0
Service (registry key): Winsock
Start: 0
Type: 0
Error Control: 0
Service (registry key): WDMFS
Display name: WDM Windows File System Mapper
Image path: \SystemRoot\System32\Drivers\wdmfs.sys
Start: 0
Type: 0
Error Control: 0
Service (registry key): RemoteAccess
Start: 0
Type: 0
Error Control: 0
Service (registry key): ACPI
Start: 0
Type: 0
Error Control: 0
Service (registry key): USB
Start: 0
Type: 0
Error Control: 0
Service (registry key): NPSTUB
Start: 0
Type: 0
Error Control: 0
Service (registry key): EventLog
Start: 0
Type: 0
Error Control: 0
Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0
Service (registry key): MSNP32
Start: 0
Type: 0
Error Control: 0
Service (registry key): wdmaud
Image path: \SystemRoot\system32\drivers\wdmaud.sys
Start: 0
Type: 0
Error Control: 0
Service (registry key): redbook
Image path: \SystemRoot\system32\drivers\redbook.sys
Start: 0
Type: 0
Error Control: 0
Service (registry key): sbemul
Image path: \SystemRoot\system32\drivers\sbemul.sys
Start: 0
Type: 0
Error Control: 0
Service (registry key): Arbitrators
Start: 0
Type: 0
Error Control: 0
Service (registry key): ProtectedStorage
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0
Service (registry key): VFILT
Start: 0
Type: 0
Error Control: 0