necesito ayuda porfavor

Estado
Cerrado para nuevas respuestas

loriel_roan

Nuevo Miembro
Miembro
hola a todos!

tengo un problema con internet.. casi siempre va lento y no me deja descargar nada. Cada vez que quiero descargar algo me dice que no puedo porque hay un elevado número de solicitudes desde mi dirección IP. Pero yo no he descargado nada!!!

Por lo que he leido en los foro, debo descargarme el hijackthis, eso es lo que he hecho os copio mi log para ver si podéis ayudarme, y decirme que puedo hacer porque yo no tengo ni idea.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:46:48, on 07/09/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Users\PALOMA\AppData\Local\ilebces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Sitecom\Common\WLANUtil.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\PALOMA\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Acer\Acer VCM\VC.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [{EC2170E3-0FB2-4C41-ACB9-F2C494F92C67}] E:\AT\asistente.exe C:\Users\PALOMA\AppData\Local\Temp\GLF2FE8.tmp\settings.ini

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [ilebces] "c:\users\paloma\appdata\local\ilebces.exe" ilebces

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12492 bytes

Un saludo y gracias
 

viru

Ex- Mod
Miembro
Realiza los siguientes pasos y nos pasas los resultados:

Actualiza tu sistema Buscar actualizaciones con Windows Update (Si no te deja actualizar pasa al siguiente paso)

Borra todas las cookies y el registro con CCleaner

Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.

Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.

Pásale el Malwarebytes AntiMalware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas) [Si tienes algúna duda aquí tienes un Manual de Malwarebytes AntiMalware]

Ademas, haz un scan on line: Los mejores antivirus online

Debes usar el Internet Explorer y aceptar los active x

Le pones que elimine lo que te detecte.

Nos copias ese reporte, el del Malwarebytes Antimalware y un nuevo log del hijackthis.

Saludos, viru.
 

loriel_roan

Nuevo Miembro
Miembro
Hola viru!gracias por la ayuda.

el log de hijackthis es este:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:46:48, on 07/09/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Users\PALOMA\AppData\Local\ilebces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Sitecom\Common\WLANUtil.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\PALOMA\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Acer\Acer VCM\VC.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [{EC2170E3-0FB2-4C41-ACB9-F2C494F92C67}] E:\AT\asistente.exe C:\Users\PALOMA\AppData\Local\Temp\GLF2FE8.tmp\settings.ini

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [ilebces] "c:\users\paloma\appdata\local\ilebces.exe" ilebces

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12492 bytes

el report de Malwarebytes Antimalware es este:

Malwarebytes' Anti-Malware 1.40

Versión de la Base de Datos: 2758

Windows 6.0.6001 Service Pack 1

08/09/2009 16:20:05

mbam-log-2009-09-08 (16-20-05).txt

Tipo de examen : Examen Completo (C:\|D:\|)

Objetos examinados: 169017

Tiempo transcurrido: 53 minute(s), 16 second(s)

Procesos en Memoria Infectados: 0

Módulos en Memoria Infectados: 0

Claves del Registro Infectadas: 4

Valores del Registro Infectados: 1

Elementos de Datos del Registro Infectados: 0

Carpetas Infectadas: 0

Ficheros Infectados: 1

Procesos en Memoria Infectados:

(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:

(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.

Valores del Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ilebces (Trojan.Agent.H) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:

(No se han detectado elementos maliciosos)

Carpetas Infectadas:

(No se han detectado elementos maliciosos)

Ficheros Infectados:

c:\Users\PALOMA\AppData\Local\ilebces.exe (Trojan.Agent.H) -> Delete on reboot.

No he conseguido hacer el Scan on line... espero que sirva con esto.

Muchas gracias. Espero tu respuesta

Saludos
 

Caito

Ex- Mod
Miembro
Baja este programa:

Dr.Web CureIt

Dr.Web CureIt!

Manual:Dr. Web CureIt

Doble click en drweb-cureit.exe

Clic en Star para que comience el scaneo

Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido

Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…

Cuando ese scan termine haz clic en Options > Change settings

Elige la solapa Scan y destildas "Heuristic analysis".

Ahora vuelve a la ventana principal y eliges los discos a scanear:

elige “All Drives”,un punto rojo te indica cuales elegiste

Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo

Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos

Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable

Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.

Ahora en el Menu principal clic en File y elige save report list

Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)

Cierra el programa.

Pon ese reporte y un nuevo log

saludos

caito
 

loriel_roan

Nuevo Miembro
Miembro
hola! hice lo que me dijiste, baje el programa y lo scanee, pero no encontró virus, con lo cual, no puede guardar nada. No se si lo he hecho bien...

Te envio el nuevo log, a ver que me dices... GRACIAS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:46:48, on 07/09/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Users\PALOMA\AppData\Local\ilebces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Sitecom\Common\WLANUtil.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\PALOMA\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Acer\Acer VCM\VC.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [{EC2170E3-0FB2-4C41-ACB9-F2C494F92C67}] E:\AT\asistente.exe C:\Users\PALOMA\AppData\Local\Temp\GLF2FE8.tmp\settings.ini

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [ilebces] "c:\users\paloma\appdata\local\ilebces.exe" ilebces

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12492 bytes

UN SALUDO
 

Caito

Ex- Mod
Miembro
Busca este archivo:

c:\users\paloma\appdata\local\ilebces.exe

y lo analizas acá:

http://virusscan.jotti.org/

http://www.virustotal.com/flash/index_en.html

nos pones esos reportes

saludos

caito
 

loriel_roan

Nuevo Miembro
Miembro
Hola. Lo he analizado en las dos paginas y no ha encontrado nada, de todas formas te copio los resultados...

http://virusscan.jotti.org/

Escaneador

2009-09-11 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada 2009-09-11 No se encontró nada

2009-09-10 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada 2009-09-10 No se encontró nada

2009-09-11 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada 2009-09-10 No se encontró nada

2009-09-10 No se encontró nada 2009-09-11 No se encontró nada

2009-09-11 No se encontró nada

--------------------------------------------------------------------------------

http://www.virustotal.com/flash/index_en.html[/url]

Análisis del archivo ilebces.dat recibido el 2009.09.11 16:05:30 (UTC)

Estado actual: Cargando ... en cola en espera en proceso análisis terminado NO ENCONTRADO DETENIDO

Resultado: 0/41 (0%)

Motor antivirus Versión Última actualización Resultado

a-squared 4.5.0.24 2009.09.11 -

AhnLab-V3 5.0.0.2 2009.09.11 -

AntiVir 7.9.1.14 2009.09.11 -

Antiy-AVL 2.0.3.7 2009.09.11 -

Authentium 5.1.2.4 2009.09.11 -

Avast 4.8.1351.0 2009.09.10 -

AVG 8.5.0.412 2009.09.11 -

BitDefender 7.2 2009.09.11 -

CAT-QuickHeal 10.00 2009.09.11 -

ClamAV 0.94.1 2009.09.11 -

Comodo 2283 2009.09.11 -

DrWeb 5.0.0.12182 2009.09.11 -

eSafe 7.0.17.0 2009.09.10 -

eTrust-Vet 31.6.6732 2009.09.11 -

F-Prot 4.5.1.85 2009.09.10 -

F-Secure 8.0.14470.0 2009.09.11 -

Fortinet 3.120.0.0 2009.09.11 -

GData 19 2009.09.11 -

Ikarus T3.1.1.72.0 2009.09.11 -

Jiangmin 11.0.800 2009.09.11 -

K7AntiVirus 7.10.842 2009.09.11 -

Kaspersky 7.0.0.125 2009.09.11 -

McAfee 5737 2009.09.10 -

McAfee+Artemis 5737 2009.09.10 -

McAfee-GW-Edition 6.8.5 2009.09.11 -

Microsoft 1.5005 2009.09.11 -

NOD32 4417 2009.09.11 -

Norman 6.01.09 2009.09.11 -

nProtect 2009.1.8.0 2009.09.11 -

Panda 10.0.2.2 2009.09.10 -

PCTools 4.4.2.0 2009.09.11 -

Prevx 3.0 2009.09.11 -

Rising 21.46.44.00 2009.09.11 -

Sophos 4.45.0 2009.09.11 -

Sunbelt 3.2.1858.2 2009.09.11 -

Symantec 1.4.4.12 2009.09.11 -

TheHacker 6.3.4.4.400 2009.09.10 -

TrendMicro 8.950.0.1094 2009.09.11 -

VBA32 3.12.10.10 2009.09.11 -

ViRobot 2009.9.11.1930 2009.09.11 -

VirusBuster 4.6.5.0 2009.09.11 -

Información adicional

Tamano archivo: 3333 bytes

MD5...: 4e53b2b20b512f21643db00707eeb475

SHA1..: daff3571f98e9e7aaf5ff1801e902db19e26813e

SHA256: 4aa5ffeb940ee2ec09e94c8081504cef7b90c363efdb15176738da6adfc152b7

ssdeep: 96:xk/lTZppgoRJiHiK3IbX6sU0gGOQ:)c2ZHmz1dI5hn99tmR:wTZp64sCbbX6T

TGOSvGz1dI3zy



PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

trid..: Unknown!

pdfid.: -

Un saludo
 

loriel_roan

Nuevo Miembro
Miembro
HOLA!

pues la verdad es que sigue llendo lento de vez en cuando y cuando queremos descargar algo nos pone:

Su dirección IP xx.xx.xxx.xx. se encuentra descargando 200000000 bites del archivo RAR.

Por favor finalice esta descarga antes de iniciar otra. Su usted acaba de cancelar esta descarga, por favor inténtelo nuevamente transcurridos unos minutos dado que la conexión de descarga puede no haber finalizado todavía. Si xx.xx.xxx.xx. no es su dirección IP, usted podría estar compartiendo con otros usuarios un proxy o un Gateway NAT. Si usted ha configurado en su navegador un proxy HTTP, desactívelo en inténtelo nuevamente. Si usted no tiene configurado un proxy, el uso de un puerto de descarga distinto puede generar problemas con el proxy ISP. Si a continuación usted puede ver su dirección IP, por favor seleccionela e inicie nuevamente la descarga.

Please upgrade your browser(Port 80)

Please upgrade your browser(Port 800)

Please upgrade your browser(Port 1723)

No entendemos porque pone esto si no estamos descargando nada!!!!!

Que está pasando?

UN SALUDO
 

Caito

Ex- Mod
Miembro
Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP)

Combofix.exe

Desactiva temporalmente el Antivirus y/o Antispyware.

Cierra todas las ventanas abiertas.



*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.

*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

-Ejecuta ComboFix.exe para iniciar el programa.

-Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza.

-Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine".

- A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient".

-Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt".

-Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC.

-Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá

- Además pon un nuevo log del hijack

Saludos

Caito
 

loriel_roan

Nuevo Miembro
Miembro
Hola!

He hecho lo que me has dicho aquí lo tienes:

ComboFix 09-09-12.A0 - PALOMA 13/09/2009 20:42.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.34.3082.18.2046.1081 [GMT 2:00]

Running from: c:\users\PALOMA\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 090907-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1351 [VPS 090907-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\PALOMA\AppData\Local\ilebces.dat

c:\users\PALOMA\AppData\Local\ilebces_nav.dat

c:\users\PALOMA\AppData\Local\ilebces_navps.dat

c:\windows\Downloaded Program Files\bdcore.dll

c:\windows\Downloaded Program Files\libfn.dll

c:\windows\Installer\16b1f18.msi

.

((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))

.

2009-09-13 18:51 . 2009-09-13 18:51 -------- d-----w- c:\users\PALOMA\AppData\Local\temp

2009-09-13 18:51 . 2009-09-13 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-09-13 09:55 . 2009-09-13 09:55 -------- d-----w- c:\program files\DivX

2009-09-13 09:55 . 2009-09-13 09:55 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-09-09 08:34 . 2009-09-09 08:34 -------- d-----w- c:\programdata\McAfee

2009-09-08 22:41 . 2009-09-08 22:41 -------- d-----w- c:\programdata\McAfee Security Scan

2009-09-08 22:41 . 2009-09-08 22:41 -------- d-----w- c:\program files\McAfee Security Scan

2009-09-08 21:33 . 2009-09-08 22:28 -------- d-----w- c:\users\PALOMA\DoctorWeb

2009-09-08 20:26 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll

2009-09-08 20:26 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll

2009-09-08 20:26 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll

2009-09-08 20:26 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe

2009-09-08 20:26 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe

2009-09-08 20:26 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll

2009-09-08 20:26 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2009-09-08 20:26 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll

2009-09-08 20:26 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll

2009-09-08 20:26 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys

2009-09-08 20:26 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll

2009-09-08 20:26 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll

2009-09-08 13:24 . 2009-09-08 13:24 -------- d-----w- c:\users\PALOMA\AppData\Roaming\Malwarebytes

2009-09-08 13:24 . 2009-09-08 13:24 -------- d-----w- c:\programdata\Malwarebytes

2009-09-08 12:58 . 2009-09-08 12:58 -------- d-----w- C:\PerfLogs

2009-09-08 12:42 . 2009-09-08 12:42 -------- d-----w- c:\windows\BDOSCAN8

2009-09-08 12:38 . 2004-08-04 05:00 506368 ----a-w- c:\windows\system32\msxml.dll

2009-09-07 17:39 . 2009-09-07 17:39 -------- d-----w- c:\users\PALOMA\AppData\Local\Mozilla

2009-09-07 12:58 . 2009-09-07 12:58 -------- d-----w- c:\program files\Trend Micro

2009-09-05 08:49 . 2009-09-05 08:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-09-02 20:42 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-02 20:42 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-30 11:48 . 2009-09-08 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-27 08:48 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-08-24 10:40 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll

2009-08-24 10:40 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-08-24 10:40 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-08-24 10:40 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe

2009-08-24 10:40 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll

2009-08-24 10:39 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-08-24 10:39 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-13 18:18 . 2006-11-02 15:46 664368 ----a-w- c:\windows\system32\perfh00A.dat

2009-09-13 18:18 . 2006-11-02 15:46 128552 ----a-w- c:\windows\system32\perfc00A.dat

2009-09-13 09:57 . 2009-03-28 15:23 -------- d-----w- c:\program files\Google

2009-09-13 09:42 . 2008-11-09 20:14 27430 ----a-w- c:\users\PALOMA\AppData\Roaming\nvModes.dat

2009-09-12 23:13 . 2008-11-08 12:55 1660 ----a-w- c:\windows\bthservsdp.dat

2009-09-09 01:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-09 01:01 . 2007-08-14 05:29 -------- d-----w- c:\programdata\Microsoft Help

2009-09-08 13:08 . 2009-08-09 09:03 91 ----a-w- c:\users\PALOMA\AppData\Local\mqmiqoo.bat

2009-09-08 12:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-09-08 12:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-09-08 12:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-09-08 12:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-09-08 12:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-09-08 12:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-09-08 12:45 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2009-09-08 12:45 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2009-09-08 08:16 . 2009-06-10 12:47 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-05 08:42 . 2008-11-08 11:30 -------- d-----w- c:\program files\Yahoo!

2009-08-17 16:10 . 2009-08-12 17:35 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:05 . 2009-08-12 17:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2009-08-12 17:35 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:05 . 2009-08-12 17:35 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-08-17 16:04 . 2009-08-12 17:35 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2009-08-12 17:35 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:02 . 2009-08-12 17:35 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-14 17:07 . 2009-09-08 20:27 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 16:29 . 2009-09-08 20:27 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-14 16:29 . 2009-09-08 20:27 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 14:16 . 2009-09-08 20:27 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 14:16 . 2009-09-08 20:27 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 14:16 . 2009-09-08 20:27 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 14:16 . 2009-09-08 20:27 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 14:16 . 2009-09-08 20:27 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 14:16 . 2009-09-08 20:27 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 14:16 . 2009-09-08 20:27 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-13 18:03 . 2009-08-13 18:03 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}

2009-08-13 09:23 . 2009-07-07 12:34 -------- d-----w- c:\programdata\Norton

2009-08-13 09:23 . 2007-08-14 05:39 -------- d-----w- c:\programdata\Symantec

2009-08-13 09:23 . 2007-08-14 05:39 -------- d-----w- c:\program files\Symantec

2009-08-13 09:23 . 2007-08-14 05:39 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-12 21:11 . 2009-08-12 21:11 -------- d-----w- c:\program files\Timed Shutdown

2009-08-12 17:36 . 2009-08-12 17:35 -------- d-----w- c:\users\PALOMA\AppData\Roaming\uTorrent

2009-08-12 17:35 . 2009-08-12 17:35 -------- d-----w- c:\program files\Alwil Software

2009-08-12 17:32 . 2009-08-12 17:32 -------- d-----w- c:\programdata\eMule

2009-08-12 17:31 . 2009-08-12 17:31 -------- d-----w- c:\program files\eMule

2009-08-09 09:00 . 2009-05-31 16:45 91 ----a-w- c:\users\PALOMA\AppData\Local\qoscmym.bat

2009-08-08 18:35 . 2009-08-08 17:03 -------- d-----w- c:\programdata\Comodo

2009-08-08 17:11 . 2009-08-08 17:03 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-08-08 17:11 . 2009-08-08 17:03 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-08-08 17:11 . 2009-08-08 17:03 179792 ----a-w- c:\windows\system32\guard32.dll

2009-08-08 17:11 . 2009-08-08 17:03 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-08-08 17:02 . 2009-08-08 17:02 -------- d-----w- c:\program files\COMODO

2009-08-02 17:03 . 2009-08-02 17:03 -------- d-----w- c:\users\PALOMA\AppData\Roaming\InterTrust

2009-07-21 21:52 . 2009-08-09 12:15 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-08-09 12:14 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-08-09 12:15 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-08-09 12:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 14:35 . 2009-08-11 21:21 71680 ----a-w- c:\windows\system32\atl.dll

2009-07-14 13:00 . 2009-08-11 21:20 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-14 12:59 . 2009-08-11 21:20 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-07-14 12:58 . 2009-08-11 21:20 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-07-14 10:59 . 2009-08-11 21:20 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-07-11 19:32 . 2009-09-08 20:27 293376 ----a-w- c:\windows\system32\wlanmsm.dll

2009-07-11 19:32 . 2009-09-08 20:27 513024 ----a-w- c:\windows\system32\wlansvc.dll

2009-07-11 19:32 . 2009-09-08 20:27 302592 ----a-w- c:\windows\system32\wlansec.dll

2009-07-11 19:29 . 2009-09-08 20:27 127488 ----a-w- c:\windows\system32\L2SecHC.dll

2008-12-17 22:51 . 2009-09-13 09:56 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-17 22:51 . 2009-09-13 09:56 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-17 22:51 . 2009-09-13 09:56 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-17 22:51 . 2009-09-13 09:56 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-17 22:51 . 2009-09-13 09:56 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"PLFSet"="c:\windows\PLFSet.dll" [2007-08-08 45056]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-04 4702208]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-09-04 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-11-8 1208320]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-14 535336]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\WLANUtil.exe [2009-5-28 987136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{AD19BD1B-78C3-40BF-A83B-F862868EE462}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{24501975-6586-4A07-AC0E-2D58AE9BDC1C}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{1FFD7B52-F154-45DF-A387-CAA2925C4E04}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{45DAB927-BD97-49DE-A0CE-6E443075BEDA}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{5EC72F45-AE32-48B1-B228-617BC4535BD2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{568C91ED-3E80-4D91-A57B-45CC057F48CC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3AAEC8BD-8B2F-47EE-8BD0-ECD55369B4AD}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{A5B2439A-F740-4F55-9FE7-D9EA6935547C}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{45D231B7-67ED-4C89-BD30-8790BC72B721}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{4BFC03EA-D48E-438D-87B5-C93FE8A0A7CA}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM

"{12F479A4-79BD-4C1A-AC98-D63FFC493CDE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{10DDC3CE-B847-477E-9339-B941EE627928}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B3D219F2-0E17-4510-A1A4-EE481C6E2511}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{6CC0FCC0-B05D-4810-B8CA-7743E47CD39C}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{F868F0C4-04B5-495A-A5C0-D215579DF6CE}"= UDP:990:LocalSubnet:LocalSubnet|IF={365FC49D-EC3B-46C0-AB0A-6E04CA92DD8B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:mad:%systemroot%\WindowsMobile\wmdSync.exe,-4001

"TCP Query User{A814923B-32AB-4C62-86D1-BB786FCFB20D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{55930796-7D28-4F3E-B7DD-646A3C47F61A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{39A38D3F-974E-4C7A-8F8E-D9A5448782EB}c:\\program files\\telefonica\\asistcfg69\\awcbrwsr.exe"= UDP:c:\program files\telefonica\asistcfg69\awcbrwsr.exe:Aplicación MFC awcbrwsr

"UDP Query User{91A7115B-C3D1-4036-8E28-865AA7159DBC}c:\\program files\\telefonica\\asistcfg69\\awcbrwsr.exe"= TCP:c:\program files\telefonica\asistcfg69\awcbrwsr.exe:Aplicación MFC awcbrwsr

"{78FD8440-F271-46BA-9328-FFAF577CD1CE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{C2240630-4CC9-4B5B-9B8C-0526DC70E9EB}"= UDP:990:LocalSubnet:LocalSubnet|IF={365FC49D-EC3B-46C0-AB0A-6E04CA92DD8B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:mad:%systemroot%\WindowsMobile\wmdSync.exe,-4001

"{74DD2B49-107E-4447-BD8F-DBEE2589D76F}"= UDP:990:LocalSubnet:LocalSubnet|IF={365FC49D-EC3B-46C0-AB0A-6E04CA92DD8B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:mad:%systemroot%\WindowsMobile\wmdSync.exe,-4001

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [08/11/2008 13:27 210432]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/08/2009 19:35 114768]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [08/08/2009 19:03 128888]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [08/08/2009 19:03 29520]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [08/11/2008 14:35 13560]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/08/2009 19:35 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/08/2009 19:35 53328]

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [14/08/2007 14:53 43008]

S2 gupdate1ca34585e741a10;Servicio Google Update (gupdate1ca34585e741a10);c:\program files\Google\Update\GoogleUpdate.exe [13/09/2009 11:55 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [14/08/2007 14:53 179712]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [28/05/2009 20:48 419328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2008-12-18 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 09:55]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 09:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.es/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://es.yahoo.com

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx

IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} - hxxps://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB

FF - ProfilePath - c:\users\PALOMA\AppData\Roaming\Mozilla\Firefox\Profiles\js52t6yc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.es/

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-13 20:51

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\?\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)

c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(768)

c:\windows\system32\guard32.dll

.

Completion time: 2009-09-13 20:53

ComboFix-quarantined-files.txt 2009-09-13 18:53

Pre-Run: 31.343.685.632 bytes libres

Post-Run: 30.836.015.104 bytes libres

298 --- E O F --- 2009-09-10 14:47

El log del hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:46:48, on 07/09/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Users\PALOMA\AppData\Local\ilebces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Sitecom\Common\WLANUtil.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\PALOMA\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Acer\Acer VCM\VC.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [{EC2170E3-0FB2-4C41-ACB9-F2C494F92C67}] E:\AT\asistente.exe C:\Users\PALOMA\AppData\Local\Temp\GLF2FE8.tmp\settings.ini

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [ilebces] "c:\users\paloma\appdata\local\ilebces.exe" ilebces

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12492 bytes

Saludos
 

loriel_roan

Nuevo Miembro
Miembro
Hola!

Si. Seguimos sin poder descargar nada poque nos dice que nuestra dirección IP xx.xx.xxx.xx. se encuentra descargando xxxxxxxx bites del archivo RAR, pero no estamos descargando nada!!!

Un saludo
 
Estado
Cerrado para nuevas respuestas
Arriba Pie