Ver la Versión Completa : Se cierran las ventanas del explorer
jocapapi 12/03/08, 09:28:55 Hola a todos, es mi primer posteo y espero me puedan ayudar
Estuve viendo anteriormente diferentes posteos sobre el mismo tema y realizando los análisis del caso he visto que la mayoria de los archivos que dicen para eliminar o cambiar no aparecen en el logfile del hickjackthis, como es la primera vez que uso este programa espero hacerlo bien.
Lo primero que hice fue descargarlo y copiarlo en la carpeta de misdocumentos, al iniciar el programa me dice que tengo que copiarlo en un archivo temporal pero igual lo corro y me sale lo siguiente.
Espero me puedan ayudar.
Gracias
Logfile of HijackThis v1.99.1
Scan saved at 08:22:25 a.m., on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
E:\Documents\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RUNFBI] c:\windows\regedit.exe -s c:\appl.zip\wxpetool\fpp_xp.reg
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AutoLogon] regedit.exe /s \appl.zip\WXPetool\logon.reg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202287667203
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtoco l.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Acabo de ver el listado de procedimientos para el uso del hijackthis pero a mi no me sale la opción de instalar, defrente comienza el escaneo.
Si sirve de ayuda el problema lo tengo con mi laptop, una hp pavilion dv9000cto.
Varias veces he tratado de restaurar el sistema con el aplicativo del windows pero lamentablemente me indica que no se pudo, no entiendo para que esta este aplicativo si al final no puedo usarlo.
Otra cosa adicional es que uso los programas de uniblue como el spyeraser, registrybooster y el speedupmy pc y como antivirus tengo el norton antivirus.
Supuse que con estos programas tenia mi laptop cubierta de cualquier intruso o problema pero al parecer no.
Gracias
ElPiedra 14/03/08, 12:26:51 Hola jocapapi, te doy la bienvenida al Foro de InfoSpyware
Estas usando una versión antigua de HijackThis, por lo que descarga y ejecuta la nueva versión de
*HijackThis 2.0.2 (http://www.forospyware.com/t68195.html#post292279) para generar y dejarnos un nuevo log en este mismo mensaje.
Salu2
Atención!! Lea las políticas antes de pegar su log de HijackThis. (http://www.forospyware.com/announcement.php?f=14)
jocapapi 14/03/08, 12:45:37 Gracias por la ayuda.
Aca pongo lo que me salio con el hjt 2.0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:53 a.m., on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RUNFBI] c:\windows\regedit.exe -s c:\appl.zip\wxpetool\fpp_xp.reg
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AutoLogon] regedit.exe /s \appl.zip\WXPetool\logon.reg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202287667203
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 15267 bytes
jocapapi 15/03/08, 01:18:49 Realisé el análisis con el antivirus kapersky y este fue el resultado(marque lo que el antivirus considera como virus o peligroso)
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
sábado, 15 de marzo de 2008 0:13:21
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 14/03/2008
Registros en la base antivirus: 630518
-------------------------------------------------------------------------------
Configuración del análisis:
Analizar usando las siguientes bases: estendidas
Analizar archivos: verdadero
Analizar bases de correo: verdadero
Objetivo a analizar - Mi PC:
C:\
D:\
E:\
Estadísticas:
Número de objeros analizados: 127599
Virus encontrados: 2
Objetos infectados: 7 / 0
Objetos sospechosos: 0
Duración del análisis: 02:23:48
Bombre del objeto infectado / Nombre del virus / Última acción
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010005.ci Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked saltado
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Application Data\Symantec\PendingAlertsQueue.log Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\PROPIETARIO\History\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Local Settings\Temp\Perflib_Perfdata_e2c.dat Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Local Settings\Temp\~DFBD5D.tmp Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Local Settings\Temp\~DFBD69.tmp Object is locked saltado
C:\Documents and Settings\PROPIETARIO\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\PROPIETARIO\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado
C:\Documents and Settings\PROPIETARIO\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado
C:\pcmrpw\vncpkg.azf/vncviewer/vncviewer.exe Infectados: not-a-virus:RemoteAdmin.Win32.WinVNC.333 saltado
C:\pcmrpw\vncpkg.azf ZIP: infectado - 1 saltado
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked saltado
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked saltado
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked saltado
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked saltado
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked saltado
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infectados: not-a-virus:AdWare.Win32.Agent.aeh saltado
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infectado - 1 saltado
C:\SWSetup\ISP4US\PeoplePC_ALL_EN_US-01.exe/hp/tmp/Bits/ISP5900/Branding/ppal3ppc.exe/data0004 Infectados: not-a-virus:AdWare.Win32.Agent.aeh saltado
C:\SWSetup\ISP4US\PeoplePC_ALL_EN_US-01.exe/hp/tmp/Bits/ISP5900/Branding/ppal3ppc.exe Infectados: not-a-virus:AdWare.Win32.Agent.aeh saltado
C:\SWSetup\ISP4US\PeoplePC_ALL_EN_US-01.exe ZIP: infectado - 2 saltado
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked saltado
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked saltado
C:\System Volume Information\catalog.wci\0001000C.ci Object is locked saltado
C:\System Volume Information\catalog.wci\cicat.fid Object is locked saltado
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked saltado
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked saltado
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked saltado
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked saltado
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked saltado
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked saltado
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8B4FFD46-F2B3-437C-B0AC-6E333A0518FF}.crmlog Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\DataStore\DataStor e.edb Object is locked saltado
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log Object is locked saltado
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\Media Ce.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
Análisis completado
ElPiedra 17/03/08, 13:54:06 Hola, busca y borra manualmente los archivos que te detecta KAS.
.:cf_icon:. - Descarga la herramienta ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe) y guárdala en el escritorio.
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff (http://www.forospyware.com/showgroups.php). Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.
Salu2
jocapapi 17/03/08, 19:35:05 Borre los archivos que me indicó el antivirus y luego corri el combofix, esto es lo que salio
ComboFix 08-03-17.1 - PROPIETARIO 2008-03-17 18:26:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.393 [GMT -5:00]
Running from: C:\Documents and Settings\PROPIETARIO\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.
2008-03-17 07:48 . 2008-03-17 07:48 <DIR> d-------- C:\Program Files\Lavalys
2008-03-15 14:31 . 2008-03-17 16:06 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\skypePM
2008-03-15 14:31 . 2008-03-15 14:31 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-15 14:27 . 2008-03-17 16:06 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\Skype
2008-03-15 14:26 . 2008-03-15 14:26 <DIR> d-------- C:\Program Files\Skype
2008-03-15 14:26 . 2008-03-15 14:26 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-15 14:26 . 2008-03-15 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-15 01:17 . 2008-03-15 01:17 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-15 01:14 . 2008-03-15 01:14 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\Talkback
2008-03-15 01:13 . 2008-03-15 01:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-14 11:35 . 2008-03-14 11:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 11:08 . 2008-03-14 11:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-14 11:08 . 2008-03-14 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 07:50 . 2008-03-14 07:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 07:55 . 2008-03-11 07:55 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\Cambridge
2008-03-11 07:51 . 2002-09-27 15:57 321,024 --a------ C:\WINDOWS\system32\textwareilluminatorbaseProtoco l.dll
2008-03-11 07:51 . 2002-11-14 15:16 91,648 --a------ C:\WINDOWS\system32\IEBrowser.ILX
2008-03-11 07:51 . 2002-10-15 14:15 75,264 --a------ C:\WINDOWS\system32\TreeView.ILX
2008-03-11 07:51 . 2001-01-19 13:55 56,320 --a------ C:\WINDOWS\system32\AlphaPic.ILX
2008-03-11 07:51 . 2002-01-21 12:20 48,128 --a------ C:\WINDOWS\system32\QFClient.ILX
2008-03-11 07:51 . 2000-04-25 18:11 17,408 --a------ C:\WINDOWS\system32\WavRecpk4.bpl
2008-03-11 07:51 . 2008-03-11 07:51 63 --a------ C:\WINDOWS\TEXTware.ini
2008-03-11 07:50 . 2008-03-11 07:50 <DIR> d-------- C:\Program Files\TEXTware
2008-03-11 07:46 . 2008-03-11 07:46 <DIR> d-------- C:\Program Files\Cambridge
2008-03-11 07:46 . 2003-01-23 08:41 66,614 --a------ C:\WINDOWS\system\TWADIB04.BMP
2008-03-08 10:46 . 2008-03-08 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-03-07 07:26 . 2008-03-07 07:26 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\MSNInstaller
2008-03-04 17:54 . 2008-03-04 17:54 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-04 11:39 . 2008-03-04 11:39 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-03-04 11:17 . 2008-03-04 11:17 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-03-04 11:14 . 2008-03-04 11:41 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\Autodesk
2008-03-04 11:14 . 2008-03-04 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-04 11:13 . 2008-03-04 11:13 <DIR> d-------- C:\New Folder
2008-03-04 08:19 . 2008-03-04 11:19 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-04 08:19 . 2008-03-04 10:37 <DIR> d-------- C:\Program Files\Autodesk
2008-03-03 23:12 . 2008-03-03 23:12 <DIR> d-------- C:\Program Files\eVision
2008-03-03 09:55 . 2008-03-03 10:12 <DIR> d--hs---- C:\Documents and Settings\PROPIETARIO\Phone Browser
2008-02-29 10:08 . 2008-02-29 10:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-27 10:39 . 2008-02-27 10:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-25 23:28 . 2008-02-25 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-02-25 19:00 . 2008-02-25 18:59 121 --a------ C:\ms7iex.sys
2008-02-25 18:58 . 2008-03-17 18:21 <DIR> d-------- C:\pcmrpw
2008-02-25 18:58 . 2003-06-04 21:47 970,752 --a------ C:\WINDOWS\system32\cdintf210.dll
2008-02-25 18:58 . 2008-02-25 18:58 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-23 14:11 . 2006-10-04 09:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-23 14:11 . 2006-10-04 09:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-23 14:11 . 2006-10-04 09:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-23 14:09 . 2008-02-25 22:49 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-22 13:42 . 2008-02-22 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-22 13:38 . 2008-02-22 13:38 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-22 12:55 . 2008-02-23 13:57 <DIR> d-------- C:\Program Files\CDex_170b2
2008-02-20 16:09 . 2008-02-20 16:14 6,890 --a------ C:\WINDOWS\ATMREG.ATM
2008-02-20 15:42 . 2008-02-20 16:11 <DIR> d-------- C:\PSFONTS
2008-02-20 15:42 . 2008-02-20 15:42 <DIR> d-------- C:\Program Files\Adobe Type Manager
2008-02-20 15:42 . 2000-05-24 15:20 15,360 --a------ C:\WINDOWS\system32\ATMsrvc.exe
2008-02-20 15:41 . 2008-02-20 15:41 <DIR> d-------- C:\temp\adobe
2008-02-20 15:41 . 2008-02-20 15:41 <DIR> d-------- C:\temp
2008-02-20 15:41 . 2008-02-20 15:41 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\WINDOWS
2008-02-20 15:41 . 2000-05-24 15:02 298,496 --a------ C:\WINDOWS\unin040a.exe
2008-02-20 13:07 . 2008-03-15 01:29 <DIR> d-------- C:\Program Files\WinMPG VideoConvert
2008-02-18 11:58 . 2008-02-18 11:58 <DIR> d-------- C:\videodvdmaker
2008-02-18 11:58 . 2008-02-18 11:58 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\Video DVD Maker FREE
2008-02-18 11:56 . 2008-02-18 11:57 <DIR> d-------- C:\Program Files\Video DVD Maker
2008-02-18 02:15 . 2008-02-18 02:20 <DIR> d-------- C:\Documents and Settings\PROPIETARIO\Application Data\muvee Technologies
2008-02-18 02:15 . 2008-02-18 02:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-17 23:43 . 2008-02-17 23:43 <DIR> d-------- C:\Program Files\eRightSoft
2008-02-17 23:43 . 2008-02-17 23:43 <DIR> d-------- C:\Program Files\AviSynth 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-17 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-17 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-12 04:05 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-08 15:46 --------- d-----w C:\Program Files\Uniblue
2008-03-08 15:46 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Uniblue
2008-03-08 14:41 --------- d-----w C:\Program Files\music_now
2008-03-08 14:41 --------- d-----w C:\Program Files\Encarta Online
2008-03-04 04:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 04:26 --------- d-----w C:\Program Files\Nokia
2008-02-26 04:26 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-26 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-26 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-23 19:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-22 18:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-13 17:13 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-13 17:12 --------- d-----w C:\Program Files\Macromedia
2008-02-10 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-10 16:21 4 ----a-w C:\Bomba_CD3.dat
2008-02-09 22:30 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\THQ
2008-02-09 21:45 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-09 19:51 --------- d-----w C:\Program Files\Symantec
2008-02-09 14:53 114,048 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-02-09 13:59 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Sonic
2008-02-09 13:58 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Leadertech
2008-02-09 06:15 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\AdobeUM
2008-02-08 21:51 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Nokia
2008-02-08 21:44 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Nokia Multimedia Player
2008-02-08 21:41 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\PC Suite
2008-02-08 16:29 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-08 16:28 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-08 16:04 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\GTek
2008-02-08 15:54 --------- d-----w C:\Program Files\DIFX
2008-02-08 12:58 --------- d-----w C:\Program Files\Google
2008-02-07 23:29 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-07 21:43 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-07 21:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-07 21:42 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-07 18:07 --------- d-----w C:\Program Files\Electronic Arts
2008-02-07 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-02-07 17:15 --------- d-----w C:\Program Files\Quicken
2008-02-07 16:39 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-07 16:18 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-07 16:18 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-07 16:18 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-07 16:18 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-07 15:47 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-07 15:47 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-07 15:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-07 15:45 --------- d-----w C:\Program Files\Windows Live
2008-02-06 21:52 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-06 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-06 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-06 06:19 --------- d-----w C:\Program Files\HPQ
2008-02-06 06:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-06 05:48 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-06 05:47 --------- d-----w C:\Program Files\HP Rhapsody
2008-02-06 05:35 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Intuit
2008-02-06 05:35 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Intuit
2008-02-06 05:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-06 05:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
2008-02-06 05:34 --------- d-----w C:\Program Files\Quickensetup
2008-02-06 05:34 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard
2008-02-06 05:33 --------- d-----w C:\Program Files\muvee Technologies
2008-02-06 05:33 --------- d-----w C:\Program Files\DivX
2008-02-06 05:33 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-02-06 05:30 --------- d-----w C:\Program Files\Yahoo!
2008-02-06 05:30 --------- d-----w C:\Program Files\Netscape
2008-02-06 05:28 --------- d-----w C:\Program Files\HP
2008-02-06 05:17 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\CyberLink
2008-02-06 05:17 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\CyberLink
2008-02-06 05:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-06 05:16 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\HP
2008-02-06 05:16 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\HP
2008-02-06 05:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP
2008-02-06 05:13 --------- d-----w C:\Program Files\WildTangent
2008-02-06 05:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-06 05:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-06 05:07 --------- d-----w C:\Program Files\Synaptics
2008-02-06 05:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-06 05:04 --------- d-----w C:\Program Files\Microsoft Works
2008-02-06 05:02 --------- d-----w C:\Program Files\RGB
2008-02-06 04:59 --------- d-----w C:\Program Files\GemMaster
2008-02-06 04:59 --------- d-----w C:\Program Files\EnglishOtto
2008-02-06 04:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-06 04:52 1,662 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv9000 (EY797AV#ABA)_YN_0Pavi_QCNF6391030_E419857002_46_I 30BD_SQuanta_V66.3E_BF.27_T070626_WXP2_L409_M1023_ J100_7Intel_8T2250_91.73_#080205_N8086109A_(EY797A V#ABA)_XMOBILE_CN10_Z_2Rev 1_G.MRK
2008-02-06 04:50 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Symantec
2008-02-06 04:50 --------- d-----w C:\Documents and Settings\PROPIETARIO\Application Data\Symantec
2008-02-06 04:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-06 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-06 04:46 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-02-06 04:43 --------- d-----w C:\Program Files\CONEXANT
2008-02-06 04:29 --------- d-----w C:\Program Files\Windows Plus
2008-02-06 04:29 --------- d-----w C:\Program Files\Sonic
2008-02-06 04:29 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-06 04:29 --------- d-----w C:\Program Files\Java
2008-02-06 04:29 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-02-06 04:29 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-06 04:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-06 04:29 --------- d-----w C:\Program Files\Common Files\Java
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-29 09:46 9442584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 06:00 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:25 21686568]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 06:56 64512]
"RUNFBI"="c:\windows\regedit.exe" [2006-03-16 06:00 146432]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 07:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 06:03 36975]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 18:14 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 10:58 213936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 13:50 40960]
"AutoLogon"="regedit.exe" [2006-03-16 06:00 146432 C:\WINDOWS\regedit.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]
"nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 10:58 213936]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 22:39]
S3 iComp;HP Analog TV Tuner;C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-03-18 01:34]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 22:48:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-07 15:59:49 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - PROPIETARIO.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-08 14:18:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-08 12:54:45 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-08 15:46:44 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 18:29:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????X??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-03-17 18:30:36
.
2008-03-13 12:26:47 --- E O F ---
------------------------------------------------------------------------------------------------
Acabo de reiniciar la laptop pero sigue igual, felizmente solo se cierra el hi5, pero despues de haber borrado los archivos nada paso, espero me puedan ayudar.
Gracias
ElPiedra 18/03/08, 15:56:35 Descarga CCleaner (http://www.forospyware.com/t105564.html) y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
Una vez que este termine de limpiar todo, actualiza "Java" (http://www.forospyware.com/t94506-2.html#post502357), hace una Desfragmentación del disco con la opción de Windows y pasa por www.windowsupdate.com para descargar todos los parches disponibles (si tu sistema lo permite)
Descarga y ejecuta la utilidad Advanced WindowsCare (http://www.infospyware.com/Herramientas.htm), para reparar y optimizar a fondo tu PC.
Reinicia y nos contas los resultados.
Salu2
| |