Ahí van
Hijackthis: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:03, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\Notepad.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.es
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 2308 bytes
Elistara: Sun Feb 10 14:27:40 2008
EliStartPage v15.62 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
C:\Documents and Settings\All Users\Menú Inicio\Online Security Guide.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\All Users\Menú Inicio\Security Troubleshooting.url --> Eliminado (Fichero Complementario).
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Sun Feb 10 14:30:15 2008
EliStartPage v15.62 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\SRO_FREESLOT.EXE --> Eliminado, YahLover(worm)
C:\Archivos de programa\ATI Technologies\ATI Control Panel\ATIPRBXX.EXE --> Eliminado, Swizzor(lop)
C:\Archivos de programa\MessengerPlus! 3\MSGPLUS.EXE --> Infectado, MessengerPlus
C:\Documents and Settings\Usuari\Configuración local\Archivos temporales de Internet\Content.IE5\HWG3D5O1\ACCIDENTALLY-IN-LOVE-MP3-DOWNLOAD[1].HTM --> Eliminado, LowZones DLoad
C:\Documents and Settings\Usuari\Configuración local\Temp\CMDLINEEXT02.DLL --> Eliminado, Spy-CmdLineExt
C:\Documents and Settings\Usuari\Configuración local\Temp\SINTF32.DLL --> Eliminado, Spy-CmdLineExt
C:\Documents and Settings\Usuari\Configuración local\Temp\SINTFNT.DLL --> Eliminado, Spy-CmdLineExt
C:\Documents and Settings\Usuari\Configuración local\Temp\~ef05a3\~DF394B.TMP --> Eliminado, Puper-Is
C:\Documents and Settings\Usuari\Configuración local\Temp\~ef0f17\~DF394B.TMP --> Eliminado, Puper-Is
C:\Documents and Settings\Usuari\Configuración local\Temp\~efb100\~DF394B.TMP --> Eliminado, Puper-Is
C:\Documents and Settings\Usuari\Configuración local\Temp\~efb233\~DF394B.TMP --> Eliminado, Puper-Is
C:\Documents and Settings\Usuari\Configuración local\Temp\~efec8d\~DF394B.TMP --> Eliminado, Puper-Is
Nº Total de Directorios: 19656
Nº Total de Ficheros: 274727
Nº de Ficheros Analizados: 21227
Nº de Ficheros Infectados: 12
Nº de Ficheros Limpiados: 11
AVG Anti-Spyware :---------------------------------------------------------
AVG Anti-Spyware - Informe del análisis
---------------------------------------------------------
+ Creado en: 14:26:12 10/02/2008
+ Resultado del análisis:
C:\WINDOWS\system32\ascbalo3N.dll -> Adware.Balloon : Omitidos.
C:\WINDOWS\system32\ascbalon.dll -> Adware.Balloon : Omitidos.
C:\Documents and Settings\@LeX\Mis documentos\archivos winrar\habboplus.zip/Habbo Plus 3.0 BETA.exe -> Backdoor.Delf.ls : Limpios con copia de seguridad (en cuarentena).
C:\Documents and Settings\NiEvEs\Cookies\nieves[arroba]msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Limpios.
C:\Documents and Settings\NiEvEs\Cookies\nieves[arroba]adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Limpios.
C:\Documents and Settings\PaBlO\Cookies\pablo[arroba]ehg-bbva.hitbox[2].txt -> TrackingCookie.Hitbox : Limpios.
:mozilla.10:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-16.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.11:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-16.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.20:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-2.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.20:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-4.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.20:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-5.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.21:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.21:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-2.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.21:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-3.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.21:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-4.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.21:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-5.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.21:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-6.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.22:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.22:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-3.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.22:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-6.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.22:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-7.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.23:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-7.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.25:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-8.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.26:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-10.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.26:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-11.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.26:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-12.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.26:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-8.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.26:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-9.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.27:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-10.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.27:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-11.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.27:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-12.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.27:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-9.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.33:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-13.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.33:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-14.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.33:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-15.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.34:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-13.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.34:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-14.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.34:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-15.txt -> TrackingCookie.Imrworldwide : Limpios.
:mozilla.10:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-2.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.10:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-7.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.11:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-1.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.11:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-8.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.13:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-10.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.13:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-9.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.14:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-11.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.14:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-12.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.14:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-3.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.17:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-4.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.20:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-13.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.20:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-14.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.25:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-15.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.26:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-16.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.6:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-5.txt -> TrackingCookie.Realtracker : Limpios.
:mozilla.7:C:\Documents and Settings\@LeX\Datos de programa\Mozilla\Firefox\Profiles\atgx6igk.default\cookies-6.txt -> TrackingCookie.Realtracker : Limpios.
C:\Documents and Settings\NiEvEs\Cookies\nieves[arroba]tacoda[1].txt -> TrackingCookie.Tacoda : Limpios.
::Fin del informe
A ver que encontrais
Log, posible keylogger.
Feb 10 2008, 11:57 AM
