LiitahBlossom
17/09/07, 23:45:56
Analizo con Avast y meh sale el sgt. cuadro de alerta:
Nombre del archivo: c:\windows\system32\dimbsvlo.exe
Nombre del malware: Win32:Agent-LAP [Trj]
Tipo de software perjudicial: Troyano
Versión de VPS: 000775-1, 17-09-2007
Cuando pincho en eliminar me sale esto:
avast! detectó un virus en la memoria del sistema. Es muy peligroso trabajar con el PC si un virus está activo. Se recomienda que reinicie el PC
y deje que avast! detecte el virus en la fase de arranque, antes que el virus se active. ¿Deseas programar el escáner y luego reiniciar el sistema?
Cuando pincho en Si, meh sale otro caudro y dice:
"EL CLIENTE NO DISPONE DE UN PRIVILEGIO REQUERIDO"
No se puede reiniciar el sistema operativo.
Y después no me sale nada más.
¿Cómo puedo borrar el troyano?
A demás del Avast también tengo el McAfee y de vez en cuando me sale un cuadro de alerte anunciando el bloqueo de un Spyware algo de "Spyware-Juan".
Por favor ayudenme !.. soy nueva en esto y la verdad es qe entiendoh muy poco y no sé que hacer.
Ps: Hace poco tuve el virus del MSN y usé el MessengerCleaner para borrarlo, ¿será a raíz de ese virus qe mi PC está con todo esto?, a demás se me abre una ventana de Internet de publicidad de un antivirus. Descargué el SilentRunners aquí va el informe:
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ares" = ""C:\Archivos de programa\Ares\Ares.exe" -h" ["Ares Development Group"]
"MyWebSearch Email Plugin" = "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" ["MyWebSearch.com"]
"swg" = "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"CreateCD_Reminder" = "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" ["Sony Electronics, Inc"]
"SunJavaUpdateSched" = "C:\Archivos de programa\Java\j2re1.4.2_05\bin\jusched.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"ccApp" = ""C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"IS CfgWiz" = "C:\Archivos de programa\Archivos comunes\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Archivos de programa\Norton Internet Security\UrlLstCk.exe" [file not found]
"VAIO Recovery" = "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" ["Sony Electronics Inc"]
"CnxDslTaskBar" = ""C:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"" ["Conexant Systems Inc."]
"My Web Search Bar Search Scope Monitor" = ""C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0" ["MyWebSearch.com"]
"MyWebSearch Email Plugin" = "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" ["MyWebSearch.com"]
"BigDog305" = "C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)" ["Vimicro"]
"Picasa Media Detector" = "C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"SiteAdvisor" = "C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe" ["McAfee, Inc."]
"Windows Services Registry" = "C:\WINDOWS\system\services.exe" [file not found]
"Runtime Server Subsystem" = "C:\WINDOWS\system\csrss.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = "MyWebSearch Search Assistant BHO"
-> {HKLM...CLSID} = "MyWebSearch Search Assistant BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO"
-> {HKLM...CLSID} = "mwsBar BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.dll" ["McAfee, Inc."]
{562D2105-6259-43A8-99DC-811B9587834A}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkjg.dll" [null data]
{733E9132-53CA-4C97-9AC9-145C4502FA20}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gebywww.dll" [null data]
{78317F74-4527-4B15-9250-731EFB437F2C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkjg.dll" [null data]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
-> {HKLM...CLSID} = "scriptproxy"
\InProcServer32\(Default) = "c:\archivos de programa\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Archivos de programa\Sonic\RecordNow!\shlext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{733E9132-53CA-4C97-9AC9-145C4502FA20}" = "*l" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gebywww.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> gebywww\DLLName = "gebywww.dll" [null data]
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> jkkjg\DLLName = "C:\WINDOWS\system32\jkkjg.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
-> {HKLM...CLSID} = "McVSRightclickScanner Class"
\InProcServer32\(Default) = "c:\archivos de programa\mcafee\virusscan\mcodsax.dll" ["McAfee, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
-> {HKLM...CLSID} = "McVSRightclickScanner Class"
\InProcServer32\(Default) = "c:\archivos de programa\mcafee\virusscan\mcodsax.dll" ["McAfee, Inc."]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configura ción local\Datos de programa\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Litah!\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "none" [file not found]
Startup items in "Litah!" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"hp psc 1000 series" -> shortcut to: "C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"hpoddt01.exe" -> shortcut to: "C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"McDefragTask" -> launches: "c:\archivos de programa\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."]
"McQcTask" -> launches: "c:\archivos de programa\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Web assistant"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live Toolbar\msntb.dll" [MS]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
-> {HKLM...CLSID} = "My &Web Search"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
-> {HKLM...CLSID} = "Web assistant"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" = (no title provided)
-> {HKLM...CLSID} = "My &Web Search"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live Toolbar\msntb.dll" [MS]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor"
-> {HKLM...CLSID} = "McAfee SiteAdvisor"
\InProcServer32\(Default) = "C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.dll" ["McAfee, Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Archivos de programa\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{00A6FAF6-072E-44cf-8957-5838F569A31D}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Canon Camera Access Library 8, CCALib8, "C:\Archivos de programa\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
DomainService, DomainService, "C:\WINDOWS\system32\dimbsvlo.exe /service" [null data]
McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]
McAfee Network Agent, McNASvc, ""c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]
McAfee Protection Manager, mcpromgr, "C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]
McAfee Real-time Scanner, McShield, "C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]
McAfee Redirector Service, McRedirector, "c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe" ["McAfee, Inc."]
McAfee Scanner, McODS, "C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."]
McAfee Services, mcmscsvc, "C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]
McAfee SystemGuards, McSysmon, "C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]
Servicio Lector del diario USN de Carpetas para compartir de Messenger, usnjsvc, ""C:\Archivos de programa\MSN Messenger\usnsvc.exe"" [MS]
Servicio SiteAdvisor, SiteAdvisor Service, "C:\Archivos de programa\SiteAdvisor\6172\SAService.exe" ["McAfee, Inc."]
Symantec Event Manager, ccEvtMgr, ""C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
---------- (launch time: 2007-09-17 22:54:31)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 702 seconds.
---------- (total run time: 821 seconds)
La verdad es qe no entiendo nada. Ayuda por favoooor ! :chillando
Ps2: avast! considera el MsnCleaner como un troyano .. :enfermo:
Nombre del archivo: c:\windows\system32\dimbsvlo.exe
Nombre del malware: Win32:Agent-LAP [Trj]
Tipo de software perjudicial: Troyano
Versión de VPS: 000775-1, 17-09-2007
Cuando pincho en eliminar me sale esto:
avast! detectó un virus en la memoria del sistema. Es muy peligroso trabajar con el PC si un virus está activo. Se recomienda que reinicie el PC
y deje que avast! detecte el virus en la fase de arranque, antes que el virus se active. ¿Deseas programar el escáner y luego reiniciar el sistema?
Cuando pincho en Si, meh sale otro caudro y dice:
"EL CLIENTE NO DISPONE DE UN PRIVILEGIO REQUERIDO"
No se puede reiniciar el sistema operativo.
Y después no me sale nada más.
¿Cómo puedo borrar el troyano?
A demás del Avast también tengo el McAfee y de vez en cuando me sale un cuadro de alerte anunciando el bloqueo de un Spyware algo de "Spyware-Juan".
Por favor ayudenme !.. soy nueva en esto y la verdad es qe entiendoh muy poco y no sé que hacer.
Ps: Hace poco tuve el virus del MSN y usé el MessengerCleaner para borrarlo, ¿será a raíz de ese virus qe mi PC está con todo esto?, a demás se me abre una ventana de Internet de publicidad de un antivirus. Descargué el SilentRunners aquí va el informe:
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ares" = ""C:\Archivos de programa\Ares\Ares.exe" -h" ["Ares Development Group"]
"MyWebSearch Email Plugin" = "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" ["MyWebSearch.com"]
"swg" = "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"CreateCD_Reminder" = "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" ["Sony Electronics, Inc"]
"SunJavaUpdateSched" = "C:\Archivos de programa\Java\j2re1.4.2_05\bin\jusched.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"ccApp" = ""C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"IS CfgWiz" = "C:\Archivos de programa\Archivos comunes\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Archivos de programa\Norton Internet Security\UrlLstCk.exe" [file not found]
"VAIO Recovery" = "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" ["Sony Electronics Inc"]
"CnxDslTaskBar" = ""C:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"" ["Conexant Systems Inc."]
"My Web Search Bar Search Scope Monitor" = ""C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0" ["MyWebSearch.com"]
"MyWebSearch Email Plugin" = "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" ["MyWebSearch.com"]
"BigDog305" = "C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)" ["Vimicro"]
"Picasa Media Detector" = "C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"SiteAdvisor" = "C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.exe" ["McAfee, Inc."]
"Windows Services Registry" = "C:\WINDOWS\system\services.exe" [file not found]
"Runtime Server Subsystem" = "C:\WINDOWS\system\csrss.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = "MyWebSearch Search Assistant BHO"
-> {HKLM...CLSID} = "MyWebSearch Search Assistant BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = "mwsBar BHO"
-> {HKLM...CLSID} = "mwsBar BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
{089FD14D-132B-48FC-8861-0048AE113215}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.dll" ["McAfee, Inc."]
{562D2105-6259-43A8-99DC-811B9587834A}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkjg.dll" [null data]
{733E9132-53CA-4C97-9AC9-145C4502FA20}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gebywww.dll" [null data]
{78317F74-4527-4B15-9250-731EFB437F2C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\jkkjg.dll" [null data]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
-> {HKLM...CLSID} = "scriptproxy"
\InProcServer32\(Default) = "c:\archivos de programa\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Archivos de programa\Sonic\RecordNow!\shlext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Archivos de programa\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{733E9132-53CA-4C97-9AC9-145C4502FA20}" = "*l" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gebywww.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> gebywww\DLLName = "gebywww.dll" [null data]
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> jkkjg\DLLName = "C:\WINDOWS\system32\jkkjg.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
-> {HKLM...CLSID} = "McVSRightclickScanner Class"
\InProcServer32\(Default) = "c:\archivos de programa\mcafee\virusscan\mcodsax.dll" ["McAfee, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
-> {HKLM...CLSID} = "McVSRightclickScanner Class"
\InProcServer32\(Default) = "c:\archivos de programa\mcafee\virusscan\mcodsax.dll" ["McAfee, Inc."]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configura ción local\Datos de programa\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Litah!\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "none" [file not found]
Startup items in "Litah!" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"hp psc 1000 series" -> shortcut to: "C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
"hpoddt01.exe" -> shortcut to: "C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"McDefragTask" -> launches: "c:\archivos de programa\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."]
"McQcTask" -> launches: "c:\archivos de programa\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Web assistant"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live Toolbar\msntb.dll" [MS]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
-> {HKLM...CLSID} = "My &Web Search"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
-> {HKLM...CLSID} = "Web assistant"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" = (no title provided)
-> {HKLM...CLSID} = "My &Web Search"
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\bar\1.bin\MWSBAR.DLL" ["MyWebSearch.com"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live Toolbar\msntb.dll" [MS]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" = "McAfee SiteAdvisor"
-> {HKLM...CLSID} = "McAfee SiteAdvisor"
\InProcServer32\(Default) = "C:\Archivos de programa\SiteAdvisor\6172\SiteAdv.dll" ["McAfee, Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Archivos de programa\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{00A6FAF6-072E-44cf-8957-5838F569A31D}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" ["MyWebSearch.com"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Canon Camera Access Library 8, CCALib8, "C:\Archivos de programa\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
DomainService, DomainService, "C:\WINDOWS\system32\dimbsvlo.exe /service" [null data]
McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Archivos de programa\Archivos comunes\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]
McAfee Network Agent, McNASvc, ""c:\archivos de programa\archivos comunes\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]
McAfee Protection Manager, mcpromgr, "C:\ARCHIV~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]
McAfee Real-time Scanner, McShield, "C:\ARCHIV~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]
McAfee Redirector Service, McRedirector, "c:\ARCHIV~1\ARCHIV~1\mcafee\redirsvc\redirsvc.exe" ["McAfee, Inc."]
McAfee Scanner, McODS, "C:\ARCHIV~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."]
McAfee Services, mcmscsvc, "C:\ARCHIV~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]
McAfee SystemGuards, McSysmon, "C:\ARCHIV~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]
Servicio Lector del diario USN de Carpetas para compartir de Messenger, usnjsvc, ""C:\Archivos de programa\MSN Messenger\usnsvc.exe"" [MS]
Servicio SiteAdvisor, SiteAdvisor Service, "C:\Archivos de programa\SiteAdvisor\6172\SAService.exe" ["McAfee, Inc."]
Symantec Event Manager, ccEvtMgr, ""C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
---------- (launch time: 2007-09-17 22:54:31)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 702 seconds.
---------- (total run time: 821 seconds)
La verdad es qe no entiendo nada. Ayuda por favoooor ! :chillando
Ps2: avast! considera el MsnCleaner como un troyano .. :enfermo: