se abren paginas de internet solas

Tema en 'Logs HijackThis' comenzado por ja07, 12/4/08.

Estado del tema:
No está abierto para más respuestas.
  1. ja07

    ja07 Nuevo Miembro Miembro

    aqui os dejo mi log por si me podeis ayudar, gracias



    Logfile of HijackThis v1.99.1

    Scan saved at 11:59:28, on 12/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\VIAudioi\HDADeck\HDeck.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\Program Files\USB Disk Win98 Driver\Res.EXE

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\Program Files\Search Settings\SearchSettings.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\eMule\emule.exe

    C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\xampp\mysql\bin\mysqld-nt.exe

    C:\xampp\apache\bin\apache.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\hijackthis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trucoswindows.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.es

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe

    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [ewgaxchzm] c:\documents and settings\lu\local settings\application data\ewgaxchzm.exe ewgaxchzm

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.medion.es

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160657450451

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160657772904

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  2. francisco.javier

    francisco.javier Nuevo Miembro Miembro

    Desactivar tea timer

    Abre el Spybot

    Click Modo,despues Modo Avanzado,click Yes(si)

    Click Herramientas (tools)

    Click en Inicio de sistema (system startup)

    Deja destildado Tea Timer

    Click en Aceptar los cambios (allow change)

    Reinicia

    Podrás activar otra vez el Tea Timer cuando tu pc esté limpia.







    ○»Sitúa el HijackThis.exe en una carpeta exclusiva para él (ej. C://Hijackthis/Hijackthis.exe)



    ○» Descarga el Disk Cleaner e instálalo.



    ○» Desactiva la opcion de Restaurar Sistema, una vez que tu sistema quede limpio la puedes volver a activar.



    ○» Asegura que tu sistema Muestre los archivos y carpetas ocultos



    ○» Reinicia en Modo Seguro



    ○» Ejecuta el HijackThis y da click en el boton "Do a system scan only"



    ○» Selecciona las casillas de las siguientes entradas y presiona el boton "Fix Checked":



    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll



    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)



    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll



    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe




    ○» Ahora busca y elimina los siguientes archivos y/o carpetas, si existen:



    C:\Program Files\Search Settings <00 elimina todo su contenido

    ○» Limpia la papelera



    ○» Reinicia tu sistema operativo normalmente



    ○» Utiliza el Disk Cleaner para eliminar todos los archivos temporales del sistema



    ○» Coméntame los resultados y publica otro log aquí ok.



    ○» No olvides actualizar la consola de java http://java.sun.com/javase/downloads/index.jsp Debes bajarte la versión Java Runtime Environment (JRE) 6u5 [Desinstala la versión de Java que tienes e instala esta otra]



    ○»Manda los siguientes archivos :



    c:\documents and settings\lu\local settings\application data\ewgaxchzm.exe





    a analizarlos a:



    http://virusscan.jotti.org/

    http://www.kaspersky.com/scanforvirus

    http://www.virustotal.com/flash/index_en.html



    y nos pasas los resultados
  3. ja07

    ja07 Nuevo Miembro Miembro

    gracias por la ayuda, el archivo (ewgaxchzm.exe) que tenia que analizar no se encuentra en el ordenador. Los resultados del log ahora son estos:



    Logfile of HijackThis v1.99.1

    Scan saved at 16:34:28, on 13/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\VIAudioi\HDADeck\HDeck.exe

    C:\Program Files\USB Disk Win98 Driver\Res.EXE

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\xampp\mysql\bin\mysqld-nt.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\h\hijackthis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trucoswindows.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.es

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.medion.es

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160657450451

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160657772904

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  4. francisco.javier

    francisco.javier Nuevo Miembro Miembro

    como va tu pc ahora?¿,

    Baja este programa:

    Dr.Web CureIt

    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe



    Doble click en drweb-cureit.exe

    Clic en Star para que comience el scaneo

    Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido

    Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…

    Cuando ese scan termine haz clic en Options > Change settings

    Elige la solapa Scan y destildas "Heuristic analysis".

    Ahora vuelve a la ventana principal y eliges los discos a scanear:

    elige “All Drives”,un punto rojo te indica cuales elegiste

    Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo

    Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos

    Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable

    Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.

    Ahora en el Menu principal clic en File y elige save report list

    Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)

    Cierra el programa

    Nos cuentas

    Salu2
  5. ja07

    ja07 Nuevo Miembro Miembro

    Gracias de nuevo, en el ordenador siguen apareciendo páginas de internet solas y la conexión es un poco lenta. He pasado el programa que me has dicho y no ha encontrado ningún virus.



    Un saludo.
  6. francisco.javier

    francisco.javier Nuevo Miembro Miembro

    Combo Fix

    1. Descarga Combofix.exe en el escritorio

    2. Haz Doble click en combofix.exe y lo ejecutas, sigues los avisos

    3. Al finalizar la ejecuccion produce un log localizado en: (C:\ComboFix.txt).



    pegas ese report y un nuevo log



    Un saludo
  7. Lestat

    Lestat Miembro Activo Miembro

    Instala, Actualiza y Ejecuta:



    Malwarebytes Anti-Malware 1.11



    Pega un nuevo log de hijackthis, pero de esta version y el report de Malwarebytes Anti-Malware 1.11:



    Hijackthis



    Ademas dime que tipo de paguinas se abre, vamos lo que pone mas o menos



    Un Saludo
  8. ja07

    ja07 Nuevo Miembro Miembro

    gracias por todas las molestias causadas.



    he realizado primero lo que me ha dicho francisco.javier y el combofix.txt da lo siguiente:



    ComboFix 08-04-13.1 - Lu 2008-04-13 21:51:38.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.365 [GMT 2:00]

    Running from: C:\Documents and Settings\Lu\Desktop\ComboFix.exe

    * Created a new restore point

    * Resident AV is active





    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .



    c:\Documents and Settings\Lu\Local Settings\Application Data\ewgaxchzm.dat

    C:\Documents and Settings\Lu\Local Settings\Application Data\ewgaxchzm.exe

    c:\Documents and Settings\Lu\Local Settings\Application Data\ewgaxchzm_nav.dat

    c:\Documents and Settings\Lu\Local Settings\Application Data\ewgaxchzm_navps.dat



    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .



    -------\Legacy_SROSA





    ((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))

    .



    2008-04-13 21:46 . 2008-04-13 21:46 <DIR> d-------- C:\Program Files\Trend Micro

    2008-04-13 21:30 . 2008-04-13 21:35 812,344 --a------ C:\HJTInstall.exe

    2008-04-13 19:15 . 2008-04-13 19:15 <DIR> d-------- C:\Documents and Settings\Lu\DoctorWeb

    2008-04-13 18:42 . 2008-04-13 18:42 <DIR> d-------- C:\Program Files\Sun

    2008-04-13 15:50 . 2008-04-13 15:51 <DIR> d-------- C:\h

    2008-04-12 12:12 . 2008-04-12 12:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2008-04-12 12:12 . 2008-04-12 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    2008-04-12 11:52 . 2008-04-13 15:56 <DIR> d-------- C:\Program Files\Disk Cleaner

    2008-03-28 18:40 . 2008-03-28 18:40 <DIR> d-------- C:\Program Files\Common Files\Adobe

    2008-03-13 22:01 . 2008-03-13 22:01 <DIR> d-------- C:\Documents and Settings\Lu\Application Data\Search Settings

    2008-03-13 19:16 . 2008-03-13 22:03 <DIR> d-------- C:\Program Files\Dealio

    2008-03-13 19:13 . 2008-03-13 22:00 <DIR> d-------- C:\Program Files\Free Audio Pack



    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-13 18:05 --------- d-----w C:\Program Files\eMule

    2008-04-13 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2008-04-13 16:42 --------- d-----w C:\Program Files\Java

    2008-04-12 10:12 --------- d-----w C:\Program Files\Lavasoft

    2008-04-12 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

    2008-03-09 18:17 --------- d-----w C:\Program Files\Common Files\MAGIX Shared

    2008-03-09 18:06 --------- d-----w C:\Documents and Settings\Lu\Application Data\MAGIX

    2008-03-09 18:04 --------- d-----w C:\Program Files\MAGIX

    2008-03-09 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX

    2008-03-07 10:07 --------- d-----w C:\Program Files\ESET

    2008-03-05 21:37 --------- d-----w C:\Program Files\Picasa2

    2008-02-27 10:08 --------- d-----w C:\Program Files\Windows Live

    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

    .



    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4



    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 14:00 15360]

    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 23:30 68856]

    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:02 204800]

    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]

    "nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]

    "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 15:36 684032]

    "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [ ]

    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]

    "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-15 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-07 20:45 949376]

    "TrayServer"="C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-25 11:30 90112]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]



    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 14:00 15360]



    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-26 17:30:43 125624]



    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

    @="Driver"



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

    @="Driver"



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\WINDOWS\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\fxsclnt.exe"=

    "C:\\Program Files\\NetMeeting\\Conf.exe"=

    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "C:\\xampp\\apache\\bin\\apache.exe"=

    "C:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=

    "C:\\Program Files\\eMule\\emule.exe"=



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "3291:UDP"= 3291:UDP:Windows Media Format SDK (firefox.exe)

    "3290:UDP"= 3290:UDP:Windows Media Format SDK (firefox.exe)

    "4662:TCP"= 4662:TCP:emule

    "4672:UDP"= 4672:UDP:emule2



    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]

    R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11:39]

    R2 Apache2.2;Apache2.2;"C:\xampp\apache\bin\apache.exe" -k runservice []

    R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]



    .

    Contents of the 'Scheduled Tasks' folder

    "2008-04-07 19:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************



    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-13 21:56:13

    Windows 5.1.2600 Service Pack 2 NTFS



    scanning hidden processes ...



    scanning hidden autostart entries ...



    scanning hidden files ...



    scan completed successfully

    hidden files: 0



    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------



    PROCESS: C:\WINDOWS\system32\lsass.exe

    -> C:\Program Files\Eset\pr_imon.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\ehome\ehrecvr.exe

    C:\WINDOWS\ehome\ehSched.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\xampp\mysql\bin\mysqld-nt.exe

    C:\Program Files\ESET\nod32krn.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe

    C:\WINDOWS\ehome\mcrdsvc.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\ehome\ehmsas.exe

    .

    **************************************************************************

    .

    Completion time: 2008-04-13 22:00:06 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-04-13 19:59:59

    Pre-Run: 148,453,249,024 bytes free

    Post-Run: 148,439,883,776 bytes free

    .

    2008-04-13 13:50:12 --- E O F ---





    ******************************************************************





    y el log es:





    Logfile of HijackThis v1.99.1

    Scan saved at 22:04:37, on 13/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\VIAudioi\HDADeck\HDeck.exe

    C:\xampp\mysql\bin\mysqld-nt.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\Program Files\USB Disk Win98 Driver\Res.EXE

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\h\hijackthis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trucoswindows.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.medion.es

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160657450451

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160657772904

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



    ******************************************************************************



    Despues he realizado los pasos que me ha dicho Lestat he instalado el

    Malwarebytes Anti-Malware 1.11 y me ha dado:



    Malwarebytes' Anti-Malware 1.11

    Versión de la Base de Datos: 622



    Tipo de examen : Examen Rápido

    Objetos examinados: 32195

    Tiempo transcurrido: 4 minute(s), 25 second(s)



    Procesos en Memoria Infectados: 0

    Módulos en Memoria Infectados: 0

    Claves del Registro Infectadas: 0

    Valores del Registro Infectados: 0

    Elementos de Datos del Registro Infectados: 0

    Carpetas Infectadas: 0

    Ficheros Infectados: 0



    Procesos en Memoria Infectados:

    (No se han detectado elementos maliciosos)



    Módulos en Memoria Infectados:

    (No se han detectado elementos maliciosos)



    Claves del Registro Infectadas:

    (No se han detectado elementos maliciosos)



    Valores del Registro Infectados:

    (No se han detectado elementos maliciosos)



    Elementos de Datos del Registro Infectados:

    (No se han detectado elementos maliciosos)



    Carpetas Infectadas:

    (No se han detectado elementos maliciosos)



    Ficheros Infectados:

    (No se han detectado elementos maliciosos)



    ***********************************************



    he pasado el Hijackthis que me has dicho y el log es:



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 22:08:29, on 13/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\VIAudioi\HDADeck\HDeck.exe

    C:\xampp\mysql\bin\mysqld-nt.exe

    C:\Program Files\Eset\nod32krn.exe

    C:\Program Files\USB Disk Win98 Driver\Res.EXE

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Eset\nod32kui.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    C:\xampp\apache\bin\apache.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trucoswindows.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1

    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE

    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

    O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.medion.es

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160657450451

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160657772904

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



    --

    End of file - 7569 bytes





    en cuanto a las páginas que se abren tengo que decir que se abren mucho menos y la ultima que se a abierto ha sido diciendome que tenia algun virus malicioso y que hiciera un escaner, no la hecho ni caso y la he cerrado



    gracias de nuevo por todo, un saludo
  9. Caito

    Caito Nuevo Miembro Miembro

Estado del tema:
No está abierto para más respuestas.

Comparte esta página