Log the hijack this

Estado
Cerrado para nuevas respuestas

amurara

Nuevo Miembro
Miembro
#1
Hola, baje el hijackthis como dice el foro y me presento el diguiente log. Todo esto lo hice debido a que el AVG me dice que tengo user32.dll y ntoskml.exe cambiados

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 17:22:43, on 12/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijack\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05

\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05

\MediaManager\grab.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01

\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1

\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1

\MI3AA1~1\INetRepl.dll

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

(file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) -

http://192.168.0.253/cab/OCXChecker_8000.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) -

http://192.168.0.253/cab/DownloadFile_8000.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9E54D877-F3C9-485A-899B-EFC39BEF476C}: NameServer =

200.40.30.245,200.40.220.245

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32

\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common

Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol

Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD

Plus\USBDeviceService.exe

--

End of file - 11671 bytes
 

lobezzno

Miembro Activo
Miembro
#2
Realiza los siguientes pasos y nos pasas los resultados:

Actualiza tu sistema Buscar actualizaciones con Windows Update (Si no te deja actualizar pasa al siguiente paso)

Borra todas las cookies y el registro con CCleaner

Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.

Pásale el AVG Antispyware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas) [Si tienes algúna duda aquí tienes un Manual de AVG Antipsyware]

Pásale también el ElistarA [Se descarga al final de esa página] (No necesita instalación, dile SI a todo) Los resultados aparecen en el archivo C:\Infosat.txt y también nos los tienes que pasar Cuando empiece el Scaneo, DESTILDAS la opción de eliminar, a la izquierda de la ventana del programa, No te saltes este paso



Que no elimine nada

Vuelve a sacar un nuevo Log del Hijackthis y nos lo pegas junto con el Report del AVG Antispyware y del Elistara.

Un Saludo
 

amurara

Nuevo Miembro
Miembro
#3
Hola, corri las diferentes aplicaciones.

Gracia, por la ayuda.

---------------------------------------------------------

AVG Anti-Spyware - Informe del análisis

---------------------------------------------------------

+ Creado en: 00:35:32 13/05/2007

+ Resultado del análisis:

HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Omitidos.

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131723.dll -> Downloader.Agent.bkd : Omitidos.

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131728.exe -> Downloader.Small.cx : Omitidos.

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131729.exe -> Downloader.Zlob.azc : Omitidos.

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131726.exe -> Downloader.Zlob.bor : Omitidos.

C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Omitidos.

C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Omitidos.

C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Omitidos.

C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Omitidos.

C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Omitidos.

C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt -> TrackingCookie.Ru4 : Omitidos.

C:\Documents and Settings\Guest\Cookies\guest@m.webtrends[2].txt -> TrackingCookie.Webtrends : Omitidos.

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131727.dll -> Trojan.BHO.a : Omitidos.

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131732.exe -> Trojan.FakeAV : Omitidos.

::Fin del informe

Sun May 13 00:37:11 2007

EliStartPage v13.94 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\Documents and Settings\Agustin Murara\Favorites\Online Security Test.url --> Eliminado (Fichero Complementario).

Eliminado Servicio, "mchInjDrv"

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Por favor, envienos una muestra del fichero

"C:\Muestras\Autorun.inf.(D)" a "virus@satinfo.es". Gracias.

Sun May 13 00:37:56 2007

EliStartPage v13.94 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Sun May 13 00:38:07 2007

EliStartPage v13.94 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Program Files\Microsoft ActiveSync\RAPIPROXYSTUB.DLL --> Infectado, FakeAlert

C:\Program Files\Online Services\Aol\United States\AOL90\comps\qt\QT.EXE --> Infectado, Puper-Isa

C:\Program Files\Online Services\Aol\United States\AOL90E\comps\qt\QT.EXE --> Infectado, Puper-Isa

C:\SWSETUP\MSWorks\US\PFILES\MSWORKS\WKDBOLE.DLL --> Infectado, ZangoSA (BHO)

C:\SWSETUP\MSWorks\US\PFILES\MSWORKS\WKSSOLE.DLL --> Infectado, ZangoSA (BHO)

C:\SWSETUP\Video\IGFXPPH.DLL --> Infectado, NetNucleus(BHO/TB)

C:\SWSETUP\Video\Win2000\IGFXPPH.DLL --> Infectado, NetNucleus(BHO/TB)

C:\SWSETUP\WLAN\BCMWLS32.EXE --> Infectado, Hotbar

C:\WINDOWS\system32\IGFXPPH.DLL --> Infectado, NetNucleus(BHO/TB)

Sun May 13 00:50:50 2007

EliStartPage v13.94 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad H:\

H:\Agustin\HTC\Spb\Spb Finance\SPBFINANCE2_SETUP_ES.EXE --> Infectado, Vundo4

H:\Agustin\HTC\Spb\Spb Weather\SPBWEATHER_SETUP_ES.EXE --> Infectado, Vundo4

Sun May 13 00:51:34 2007

EliStartPage v13.94 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Program Files\Microsoft ActiveSync\RAPIPROXYSTUB.DLL --> Infectado, FakeAlert

C:\Program Files\Online Services\Aol\United States\AOL90\comps\qt\QT.EXE --> Infectado, Puper-Isa

C:\Program Files\Online Services\Aol\United States\AOL90E\comps\qt\QT.EXE --> Infectado, Puper-Isa

C:\SWSETUP\MSWorks\US\PFILES\MSWORKS\WKDBOLE.DLL --> Infectado, ZangoSA (BHO)

C:\SWSETUP\MSWorks\US\PFILES\MSWORKS\WKSSOLE.DLL --> Infectado, ZangoSA (BHO)

C:\SWSETUP\Video\IGFXPPH.DLL --> Infectado, NetNucleus(BHO/TB)

C:\SWSETUP\Video\Win2000\IGFXPPH.DLL --> Infectado, NetNucleus(BHO/TB)

C:\SWSETUP\WLAN\BCMWLS32.EXE --> Infectado, Hotbar

C:\WINDOWS\system32\IGFXPPH.DLL --> Infectado, NetNucleus(BHO/TB)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 01:09:33, on 13/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Hijack\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179012953171

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://192.168.0.253/cab/OCXChecker_8000.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.253/cab/DownloadFile_8000.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9E54D877-F3C9-485A-899B-EFC39BEF476C}: NameServer = 200.40.30.245,200.40.220.245

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

--

End of file - 12283 bytes
 

Caito

Ex- Mod
Miembro
#4
Vuelve a ejecutar el AVG pero asegúrate de Eliminar los archivos infectados

Manual AVG:

Manual AVG Anti-spyware 7.5 | Seguridad - Trucos Windows

Saludos

Caito

Pd: luego haz un scan con este :

Descarga F-Secure Blacklight

http://www.f-secure.com/blacklight/try_blacklight.html

en la carpeta C:\ y haz doble-click al archivo blbeta.exe para activarlo.

Acepta la licencia, clic "Scan" y espere un poco..

Al fin del scan, Blacklight va a indicar el nombre de "hidden items".

Cierra el programa, y mira en la carpeta C:\, el reporte generado esta en forma de documento de texto, y su nombre comienza por "fsbl…", pega este reporte.
 

amurara

Nuevo Miembro
Miembro
#5
5/13/07 11:02:22 [Info]: BlackLight Engine 1.0.61 initialized

05/13/07 11:02:22 [Info]: OS: 5.1 build 2600 (Service Pack 2)

05/13/07 11:02:23 [Note]: 7019 4

05/13/07 11:02:23 [Note]: 7005 0

05/13/07 11:02:29 [Note]: 7006 0

05/13/07 11:02:29 [Note]: 7011 260

05/13/07 11:02:29 [Note]: 7026 0

05/13/07 11:02:29 [Note]: 7026 0

05/13/07 11:02:33 [Note]: FSRAW library versión 1.7.1021

05/13/07 11:10:14 [Note]: 7007 0
 

amurara

Nuevo Miembro
Miembro
#7
---------------------------------------------------------

AVG Anti-Spyware - Informe del análisis

---------------------------------------------------------

+ Creado en: 15:19:22 13/05/2007

+ Resultado del análisis:

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP392\A0134848.exe -> Hijacker.Small : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@2o7[2].txt -> TrackingCookie.2o7 : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@search.live[2].txt -> TrackingCookie.Live : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@server.lon.liveperson[3].txt -> TrackingCookie.Liveperson : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@www.paypal[1].txt -> TrackingCookie.Paypal : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@questionmarket[2].txt -> TrackingCookie.Questionmarket : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@specificclick[2].txt -> TrackingCookie.Specificclick : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Limpios.

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Limpios.

::Fin del informe

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:20:47, on 13/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Hijack\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05

\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05

\MediaManager\grab.html

O8 - Extra context menu item: Desconectar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Guardar Formularios - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Personalizar Menú - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Rellenar Formularios - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RF Barra de Herramientas - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01

\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1

\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1

\MI3AA1~1\INetRepl.dll

O9 - Extra button: Rellenar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Rellenar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Guardar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Guardar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Desconectar - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComLogoff.html

O9 - Extra 'Tools' menuitem: Desconectar - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComLogoff.html

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF Barra de Herramientas - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

(file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1179012953171

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) -

http://192.168.0.253/cab/OCXChecker_8000.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) -

http://192.168.0.253/cab/DownloadFile_8000.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9E54D877-F3C9-485A-899B-EFC39BEF476C}: NameServer =

200.40.30.245,200.40.220.245

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32

\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common

Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol

Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD

Plus\USBDeviceService.exe

--

End of file - 14473 bytes
 

lobezzno

Miembro Activo
Miembro
#8
Sigues infectado. Procura también que el próximo log lo pegues continuo y no así como vienes poniendolo ya que cuesta mas leerlos.

Bájate este programa Superantispyware (Actualízalo y se lo pasas)

Además haz un scan online con algúno de estos antivirus:

Los mejores antivirus online

http://support.f-secure.com/ols/start.html

Nos pones los resultados y un nuevo log de Hijackthis. Comenta si sigues con problemas.

Un saludo.
 

amurara

Nuevo Miembro
Miembro
#9
Disculpa, no entiendo que me quieres decir con que te lo pegue en continuo.

UPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/13/2007 at 08:13 PM

Application Version : 3.7.1018

Core Rules Database Version : 3237

Trace Rules Database Version: 1248

Scan type : Complete Scan

Total Scan Time : 00:45:54

Memory items scanned : 612

Memory threats detected : 0

Registry items scanned : 6676

Registry threats detected : 0

File items scanned : 54045

File threats detected : 21

Adware.Tracking Cookie

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@sales.liveperson[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@www7.addfreestats[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@dsml.clickexperts[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ads.motogp[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@questionmarket[2].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@specificclick[2].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@server.lon.liveperson[3].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@atwola[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@tribalfusion[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ad-creatividades.infojobs[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@sales.liveperson[3].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ads.pointroll[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@imrworldwide[2].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@2o7[2].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@server.lon.liveperson[2].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ads2.weblogssl[2].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@ad.yieldmanager[1].txt

C:\Documents and Settings\Agustin Murara\Cookies\agustin_murara@xiti[1].txt

Malware.SpyLocked

C:\Program Files\SpyLocked 3.7\ignored.lst

C:\Program Files\SpyLocked 3.7

C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP390\A0131722.EXE

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 21:23:27, on 13/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Hijack\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0

\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05

\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05

\MediaManager\grab.html

O8 - Extra context menu item: Desconectar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Guardar Formularios - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Personalizar Menú - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Rellenar Formularios - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RF Barra de Herramientas - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01

\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1

\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1

\MI3AA1~1\INetRepl.dll

O9 - Extra button: Rellenar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Rellenar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Guardar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Guardar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Desconectar - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComLogoff.html

O9 - Extra 'Tools' menuitem: Desconectar - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComLogoff.html

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF Barra de Herramientas - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %

windir%\bdoscandel.exe (file missing)

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

(file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1179012953171

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) -

http://192.168.0.253/cab/OCXChecker_8000.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) -

http://192.168.0.253/cab/DownloadFile_8000.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9E54D877-F3C9-485A-899B-EFC39BEF476C}: NameServer =

200.40.30.245,200.40.220.245

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32

\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common

Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol

Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD

Plus\USBDeviceService.exe

--

End of file - 15191 bytes
 

Caito

Ex- Mod
Miembro
#10
Ejecuta el hijack:

Scan y luego Fix a estas:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program

Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %

windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe

(file missing)

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) -

http://192.168.0.253/cab/OCXChecker_8000.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) -

http://192.168.0.253/cab/DownloadFile_8000.cab

Borra con el Disk Cleaner :Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc.

Vacía la Papelera

Ejecuta el Avg-antispyware

Reinicia normal, conecta Internet, pon el reporte del AVG Anti-Spyware y pega un nuevo log del Hijack.

Saludos

Caito
 

amurara

Nuevo Miembro
Miembro
#11
---------------------------------------------------------

AVG Anti-Spyware - Informe del análisis

---------------------------------------------------------

+ Creado en: 14:38:05 14/05/2007

+ Resultado del análisis:

No se encontró nada.

::Fin del informe

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 14:50:56, on 14/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sticky Password\stpass.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Hijack\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [StickyPassword] C:\Program Files\Sticky Password\stpass.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html

O8 - Extra context menu item: Desconectar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Guardar Formularios - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Personalizar Menú - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Rellenar Formularios - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RF Barra de Herramientas - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Rellenar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Rellenar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Guardar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Guardar Formularios - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Desconectar - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O9 - Extra 'Tools' menuitem: Desconectar - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF Barra de Herramientas - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179012953171

O17 - HKLM\System\CCS\Services\Tcpip\..\{9E54D877-F3C9-485A-899B-EFC39BEF476C}: NameServer = 200.40.30.245,200.40.220.245

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

--

End of file - 13437 bytes
 

amurara

Nuevo Miembro
Miembro
#13
Parece que mejor. Lo unic que no me deja trabajar en el programa de liquidacion de sueldos me da un errror en la la libreraia como que falta un dll (creo que dice algo así como dll 48)

Muchas gracias por la ayuda.
 

Lestat

Ex- Mod
Miembro
#14
Pega una captura del error o se mas especifico. ¿Probaste a reinstalar la aplicacion?

Un Saludo
 

Caito

Ex- Mod
Miembro
#15
Y elimina esta :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Saludos

Caito
 

lobezzno

Miembro Activo
Miembro
#17
Cuelga una captura del error o copia la .dll que dice el programa que falta para buscartela y la instales.

Saludos y esperamos tu respuesta.
 
Estado
Cerrado para nuevas respuestas
Arriba Pie