Problemas con PSGUARD y otros

Estado
Cerrado para nuevas respuestas.
J

j_sep

Guest
Agarre el virus PCguard y realice lo que dice el Norton Antivirus.

con un back up del Registro.

El norton no agarro nada y lo unico que he logrado hasta el momento es quitar la pagina que te dice que compres el PSGuard tengo en cambio un fondo de pantalla blanco que que no esta bien tampoco.

les envio mi Log, necesito por favor me ayuden

ogfile of HijackThis v1.99.1

Scan saved at 10:54:06 PM, on 8/14/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\HPQ\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\shnlog.exe

C:\WINDOWS\system32\msole32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\system32\intmon.exe

C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\HJT\HJT\HijackThiswww.trucoswindows.net]trucoswindows.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe

O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp8627.tmp

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe

O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - AppInit_DLLs: ASAPHook

O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
 

Caito

Ex- Mod
Miembro
Pasar un buen antivirus on line, luego ejecuta el AdAware Se o el Microsoft Antispyware (actualizados), para luego pegar un nuevo log.

Y el Disk Cleaner para borrar:

Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc.

disk cleaner

Disk Cleaner - Descargas Trucos Windows

Antivirus on line:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

http://www.avast.com/eng/down_cleaner.html

http://www.kaspersky.com/beta?product=161744315

http://www.bitdefender.com/scan8/

http://www.ravantivirus.com/scan/

http://www.windowsecurity.com/trojanscan/

Bajar AdAwareSe 1.06 :

Ad-Aware

Bajar Microsoft Antispyware:

Microsoft Security Essentials

Bajar ewido security suite:

Ewido Anti-Malware

Actualizarlo acá :

Ewido Anti-Malware

Actualizar el SO o el IE:

http://www.windowsupdate.com

La limpieza la tienes que realizar deshabilitando Restaurar sistema y en modo Seguro( si tienes XP o ME ) ( el scan on line "con funciones de red" en XP).

Si no sabes cómo hacer algúnos de los procedimientos mira esto:Manual pasos a seguir para el uso HijackThis

Luego de realizar esta limpieza comienza un nuevo post y pega el log del hijack acá :

Logs HijackThis

Saludos

Caito
 
Estado
Cerrado para nuevas respuestas.
Arriba Pie