Foro de Spyware - Ver Mensaje Individual - me han salido ventanas emergentes diciendome que tenía virus...(Solucionado)

Tema: me han salido ventanas emergentes diciendome que tenía virus...(Solucionado)

Ver Mensaje Individual

post #9 (permalink)

07/08/07, 13:55:23

Souichi

Usuario

Registrado: jun 2007

Ubicación: Argentina

Mensajes: 33

Re: Ayuda! Se los agradesco!!!

Hola!!!

Bueno Primero que nada quería agradecer a los dos por contestar a mi consulta!!

Espero que jdrp2089 no lo tome a mal pero eh decidido realizar los procedimientos de **Devil May Cry** `ya que fue él quien me arranco diciendo los procedimientos. Igualmente le estoy muy agradecido a jdrp2089 por haber contestado a mi pedido de ayuda!

Bien aca pego el informe de los programas que me has dicho.

"Silent Runners.vbs", revision R51, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"ares" = ""C:\Archivos de programa\Ares\Ares.exe" -h" ["Ares Development Group"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"SigmatelSysTrayApp" = "sttray.exe" ["SigmaTel, Inc."]
"AVG7_CC" = "C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"HP Software Update" = ""C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"CHotkey" = "mHotkey.exe" ["Chicony"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office10\msohev.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL" ["SUPERAntiSpyware.com"]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
FAExt\(Default) = "{05672D66-9736-42F5-8BEB-FA1DD3CA51C4}"
-> {HKLM...CLSID} = "FAExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\FILEAS~1\FILEAS~1.DLL" ["Malwarebytes"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configur ación local\Datos de programa\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Alexis\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"

Startup items in "Alexis" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\Alexis\Menú Inicio\Programas\Inicio
<<!>> "PowerReg Scheduler.exe" [empty string]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Adobe Gamma Loader" -> shortcut to: "C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Scheduler for OEM" -> shortcut to: "C:\Archivos de programa\honestech\honestech TVR\scheduleTV.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"At1" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At10" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At11" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At12" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At13" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At14" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At15" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At16" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At17" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At18" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At19" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At20" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At21" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At22" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At23" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At24" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At25" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At26" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At27" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At28" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At29" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At3" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At30" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At31" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At32" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At33" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At34" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At35" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At36" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At37" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At38" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At39" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At4" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At40" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At41" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At42" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At43" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At44" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At45" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At46" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At47" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At48" -> launches: "C:\WINDOWS\system32\tSAgEe1N.exe" [file not found]
"At5" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At6" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At7" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At8" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]
"At9" -> launches: "C:\WINDOWS\system32\HXee5eNp.exe" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Canon Camera Access Library 8, CCALib8, "C:\Archivos de programa\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
Machine Debug Manager, MDM, ""C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NMIndexingService, NMIndexingService, ""C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Servicio Lector del diario USN de Carpetas para compartir de Messenger, usnjsvc, ""C:\Archivos de programa\MSN Messenger\usnsvc.exe"" [MS]
SigmaTel Audio Service, STacSV, "C:\Archivos de programa\SigmaTel\C-Major Audio\WDM\STacSV.exe" ["SigmaTel, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]

---------- (launch time: 2007-08-07 13:30:05)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 94 seconds.
---------- (total run time: 144 seconds)

F-Secure Blacklight

08/07/07 13:34:52 [Info]: BlackLight Engine 1.0.64 initialized
08/07/07 13:34:52 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/07/07 13:34:53 [Note]: 7019 4
08/07/07 13:34:53 [Note]: 7005 0
08/07/07 13:35:09 [Note]: 7006 0
08/07/07 13:35:09 [Note]: 7011 1940
08/07/07 13:35:10 [Note]: 7026 0
08/07/07 13:35:10 [Note]: 7026 0
08/07/07 13:35:14 [Note]: FSRAW library version 1.7.1022
08/07/07 13:37:48 [Note]: 4013 43090
08/07/07 13:37:48 [Note]: 4020 3337 1703936
08/07/07 13:37:48 [Note]: 4020 3337 1703936
08/07/07 13:37:48 [Note]: 4018 3337 1703936
08/07/07 13:37:48 [Note]: 4013 43090
08/07/07 13:37:48 [Note]: 4020 3337 1703936
08/07/07 13:37:48 [Note]: 4018 3337 1703936
08/07/07 13:40:46 [Note]: 2000 1012
08/07/07 13:44:42 [Note]: 7007 0

Bueno como me han dicho pego los reportes.

Espero su respuesta para saber si el tema esta solucionado, o si tengo que realizar algun procedimiento mas para completarlo.
Por lo pronto no eh visto ninguna ventana emergente que saltase.

Desde Ya Muchisimas Gracias Por su ayuda!!!

Son unos genios!!!!

Saludos

Alexis