Blog Registrarse Temas de Hoy AntiSpywares AntiVirus Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Foro de Virus y Spywares
Actualizar limewireextreme
         
Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Foro de Virus y Spywares Ayuda con: Malwares - Virus - Spywares - Troyanos - Adwares - Worms - Hijackers - Dialers - Rootkits - Keylogger - etc.) Plantéanos tu problema en este sector.
No ponga su log de HijackThis aquí !!

Tema Cerrado
 
Herramientas
  post #1 (permalink)  
Antiguo 12/02/08, 10:05:50
Usuario
  
Registrado: feb 2008
Ubicación: Espanya
Mensajes: 2
limewireextreme
Hola a tod@s
Mi ordenador esta teniendo problemas desde hace unos dias. El navegador firefox no para de conectarse a la pagina limewireextreme.
Ya he visto por este foro que otros usuarios han tenido problemas parecidos, asi es que siguiendo recomendaciones anteriores he instalado los programas CCleaner y Superantispyware y los he ejecutado siguiendo las instrucciones.
De momento no he sido capaz de solucionar nada.
Ahora mismo estoy intentando hacer un escaneo online con Panda Totalscan, pero agradeceria mucho cualquier ayuda que pudierais prestarme.
Muchas gracias.
Un saludo

Alfonso
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #2 (permalink)  
Antiguo 12/02/08, 10:11:28
Avatar de Microsoft32
Usuario
  
Registrado: jul 2007
Ubicación: Chile
Mensajes: 603
Re: limewireextreme
Hola
1. - Instalá y actualizá las siguientes herramientas:

* NoLop
* SUPERAntiSpyware
* Ccleaner.

2. - Reiniciá en Modo Seguro.
3. - Ejecutá la herramienta NoLop.
4. - Analizá con SUPERAntiSpyware.
5. - Eliminá temporales y limpiá el registro con CCleaner.

Salu2
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
  post #3 (permalink)  
Antiguo 12/02/08, 17:17:51
Usuario
  
Registrado: feb 2008
Ubicación: Espanya
Mensajes: 2
Re: limewireextreme
Hola Microsoft32
Antes de nada muchas gracias por responder a mi mensaje.
He seguido los pasos tal y como me indicaste pero no consigo solucionar el problema.
He realizado un escaneo online con panda totalscan. Aqui esta el resultado:
Código HTML:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-12 19:14:21
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
AVG 7.5.516                                  7.5.516                       Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\q9fsbscz.default\COOKIES.TXT[.adultfriendfinder.com/]
00294876  Adware/SaveNow                     Adware              No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP61\A0023710.DLL
00328084  Adware/SaveNow                     Adware              No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP63\A0024071.DLL
00529681  Adware/WhenUSearch                 Adware              No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP63\A0024072.EXE
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix(2).exe[327882R2FWJFW\nircmd.cfexe]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Tete\Local Settings\Application Data\Mozilla\Firefox\Profiles\avbdaoii.default\Cache\FA4CCC3Fd01[327882R2FWJFW\nircmd.cfexe]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Tete\Local Settings\Application Data\Mozilla\Firefox\Profiles\avbdaoii.default\Cache\FA4CCC3Fd01[327882R2FWJFW\nircmd.com]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix(2).exe[327882R2FWJFW\nircmd.com]
01269187  Application/Winantivirus2006       HackTools           No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0023795.DLL
02684897  Application/AVSystemCare           HackTools           No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0024010.EXE
02889429  Application/TheSpyGuard            HackTools           No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0023813.EXE
02896681  Application/TheSpyGuard            HackTools           No        0         Yes            No           C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP62\A0023820.OLD
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Ademas he ejecutado Combo Fix:

Código HTML:
ComboFix 08-02-12.1 - Tete 2008-02-12 23:02:56.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.525 [GMT 1:00]
Running from: C:\Documents and Settings\Tete\Desktop\Mozilla Downloads\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tete\ResErrors.log
C:\SpyGuardPro
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF


(((((((((((((((((((((((((   Files Created from 2008-01-12 to 2008-02-12  )))))))))))))))))))))))))))))))
.

2008-02-12 23:01 . 2008-02-12 23:01	<DIR>	d--------	C:\Program Files\Trend Micro
2008-02-12 19:18 . 2008-02-12 19:23	212	--a------	C:\delete.bat
2008-02-12 15:49 . 2008-02-12 15:49	<DIR>	d--------	C:\Program Files\Panda Security
2008-02-12 02:04 . 2008-02-12 22:52	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-02-12 02:04 . 2008-02-12 02:04	1,409	--a------	C:\WINDOWS\QTFont.for
2008-02-11 23:20 . 2008-02-11 23:20	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2008-02-11 23:20 . 2008-02-11 23:20	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\SUPERAntiSpyware.com
2008-02-11 23:20 . 2008-02-11 23:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-11 23:06 . 2008-02-11 23:06	<DIR>	d--------	C:\Program Files\CCleaner
2008-02-09 00:32 . 2008-02-09 00:09	625,462	--a------	C:\WINDOWS\system32\ptlg.exe
2008-02-09 00:06 . 2008-02-09 00:06	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-02-08 23:44 . 2008-02-08 23:44	<DIR>	d--------	C:\Program Files\mpegable
2008-02-08 23:44 . 2008-02-08 23:44	47,104	---------	C:\WINDOWS\AKDeInstall.exe
2008-02-08 23:43 . 2008-02-08 23:43	<DIR>	d--------	C:\Program Files\MovieTransformer
2008-02-08 18:50 . 2008-02-08 18:50	<DIR>	d--------	C:\WINDOWS\SxsCaPendDel
2008-02-08 14:33 . 2008-02-08 14:33	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-08 13:56 . 2008-02-08 13:56	<DIR>	d--------	C:\Documents and Settings\Tete\.DownloadManager
2008-02-08 01:34 . 2008-02-08 01:34	107	--a------	C:\WINDOWS\VobEdit.INI
2008-02-06 16:46 . 2008-02-06 16:46	463,598	--a------	C:\WINDOWS\AdobeFnt.lst
2008-02-06 03:25 . 2008-02-06 03:25	<DIR>	d--------	C:\Documents and Settings\LocalService\Application DataPDFcreator
2008-02-04 11:44 . 2008-02-04 11:44	<DIR>	dr-h-----	C:\$VAULT$.AVG
2008-02-02 14:16 . 2008-02-02 14:16	<DIR>	d--------	C:\Program Files\IMSI
2008-02-02 13:54 . 2008-02-02 13:54	<DIR>	d--------	C:\WINDOWS\system32\GAiN LOGs
2008-02-02 13:54 . 2008-02-02 13:54	<DIR>	d--------	C:\Program Files\Sonalksis
2008-02-02 13:53 . 2008-02-02 13:53	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Waves Preferences
2008-02-02 13:52 . 2008-02-02 13:52	<DIR>	d--------	C:\Program Files\PSPaudioware
2008-02-02 13:51 . 2008-02-02 13:51	6,365,184	--a------	C:\WINDOWS\system32\PSP VintageWarmer2.dll
2008-02-02 13:41 . 2008-02-02 13:43	85,240	--a------	C:\WINDOWS\_084B21D.TTF
2008-02-02 13:41 . 2008-02-02 13:43	83,228	--a------	C:\WINDOWS\_8364E14.TTF
2008-02-02 13:41 . 2008-02-02 13:43	79,672	--a------	C:\WINDOWS\_850F2BD.TTF
2008-02-02 13:39 . 2008-02-02 13:39	<DIR>	d--------	C:\PVIVA
2008-02-02 13:39 . 1993-11-18 23:00	49,616	--a------	C:\WINDOWS\system\MSACM.DLL
2008-02-02 13:39 . 1993-11-18 23:00	22,816	--a------	C:\WINDOWS\system\MSACM.DRV
2008-02-02 13:39 . 1994-09-01 23:00	17,936	--a------	C:\WINDOWS\system\IMAADPCM.ACM
2008-02-02 13:39 . 1993-11-18 23:00	16,548	--a------	C:\WINDOWS\system\MAP_WIN.HLP
2008-02-02 13:39 . 1993-11-18 23:00	15,104	--a------	C:\WINDOWS\system\MSADPCM.ACM
2008-02-02 13:39 . 2008-02-02 13:41	233	--a------	C:\WINDOWS\mtb40.ini
2008-02-02 13:39 . 2008-02-02 13:39	111	--a------	C:\WINDOWS\asym.ini
2008-02-02 01:44 . 2008-02-02 01:44	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Azureus
2008-02-02 01:44 . 2008-02-02 01:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-01 19:40 . 2008-02-01 19:40	<DIR>	d--------	C:\Program Files\DUE
2008-02-01 16:39 . 2008-02-01 16:39	<DIR>	d--------	C:\Program Files\BSELF
2008-01-31 23:10 . 2008-01-31 23:10	<DIR>	d--------	C:\Program Files\Waves
2008-01-31 19:54 . 2008-01-31 19:54	<DIR>	d--------	C:\Program Files\Syncrosoft
2008-01-31 19:54 . 2005-11-08 20:02	708,608	--a------	C:\WINDOWS\system32\SYNSOACC.dll
2008-01-31 19:54 . 2005-11-08 11:20	147,456	--a------	C:\WINDOWS\system32\SynsoLChk.dll
2008-01-31 19:54 . 2003-07-31 19:28	147,425	--a------	C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-01-31 19:54 . 2003-05-26 14:29	120,468	--a------	C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-01-31 19:54 . 2003-05-26 14:29	114,279	--a------	C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-01-31 19:54 . 2005-11-03 17:14	45,056	--a------	C:\WINDOWS\system32\Synsopos.exe
2008-01-31 19:54 . 2005-05-09 20:08	33,792	--a------	C:\WINDOWS\system32\drivers\cledx.sys
2008-01-31 19:54 . 2005-11-03 12:17	16,896	--a------	C:\WINDOWS\system32\drivers\synasUSB.sys
2008-01-31 19:51 . 2008-01-31 19:51	<DIR>	d--------	C:\Program Files\Sonnox
2008-01-31 19:47 . 2008-01-31 19:47	<DIR>	d--------	C:\WINDOWS\Uninstall
2008-01-31 19:47 . 2008-01-31 19:47	685,913	--a------	C:\WINDOWS\Uninstall\unins000.exe
2008-01-31 19:47 . 2008-01-31 19:47	1,379	--a------	C:\WINDOWS\Uninstall\unins000.dat
2008-01-31 19:47 . 2008-01-31 19:47	45	--a------	C:\WINDOWS\Internet shortcut.url
2008-01-31 16:28 . 2008-01-31 16:28	<DIR>	d--------	C:\Program Files\Common Files\Native Instruments
2008-01-31 16:20 . 2008-01-31 16:20	<DIR>	d--------	C:\Program Files\iZotope
2008-01-31 16:05 . 2008-01-31 16:05	<DIR>	d--------	C:\Program Files\IK Multimedia
2008-01-31 16:05 . 2008-01-31 16:18	16	--a------	C:\WINDOWS\system32\w3data.vss
2008-01-31 16:05 . 2008-01-31 16:18	16	--a------	C:\WINDOWS\msocreg32.dat
2008-01-31 15:04 . 2008-01-31 15:04	<DIR>	d--------	C:\Program Files\GForce
2008-01-31 15:04 . 1999-12-17 11:13	86,016	--a------	C:\WINDOWS\unvise32.exe
2008-01-31 11:07 . 2008-01-31 11:07	<DIR>	d--------	C:\Program Files\Antares Audio Technologies
2008-01-31 11:03 . 2003-07-06 09:10	17,408	---------	C:\WINDOWS\system32\minimp3.exe
2008-01-31 10:58 . 2008-01-31 10:58	<DIR>	d--------	C:\Program Files\Waveshells
2008-01-31 10:58 . 2008-01-31 10:58	<DIR>	d--------	C:\Program Files\Plug-Ins
2008-01-31 10:58 . 2008-01-31 10:58	<DIR>	d--------	C:\Program Files\DX Utilities
2008-01-31 10:58 . 2008-01-31 10:58	<DIR>	d--------	C:\Program Files\AiR LOGS
2008-01-31 10:58 . 2008-01-31 10:58	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Waves Audio
2008-01-30 19:22 . 2008-01-30 19:27	664	--a------	C:\WINDOWS\system32\d3d9caps.dat
2008-01-30 16:56 . 2008-02-05 23:08	87,376	--a------	C:\Documents and Settings\Tete\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 15:18 . 2008-01-30 15:18	<DIR>	d--------	C:\Program Files\AnswerWorks 4.0
2008-01-30 15:16 . 2008-01-30 15:16	<DIR>	d--------	C:\Program Files\AutoCAD 2007
2008-01-30 15:16 . 2008-01-30 15:16	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Autodesk
2008-01-30 15:16 . 2008-01-30 15:16	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-30 15:14 . 2008-01-30 15:14	<DIR>	d--------	C:\Program Files\Common Files\Autodesk Shared
2008-01-30 15:14 . 2008-01-30 15:14	<DIR>	d--------	C:\Program Files\Autodesk
2008-01-30 03:35 . 2008-01-30 03:35	<DIR>	d--------	C:\Program Files\Vintage Amp Room
2008-01-30 03:35 . 2008-01-30 03:35	<DIR>	d--------	C:\Program Files\Studio Devil
2008-01-30 03:24 . 2003-09-04 10:02	311,295	--a------	C:\WINDOWS\LOOP.exe
2008-01-30 01:37 . 2008-01-30 01:37	<DIR>	d--------	C:\Program Files\Common Files\KORG
2008-01-30 01:36 . 2008-01-30 01:36	<DIR>	d--------	C:\Program Files\KORG
2008-01-30 01:28 . 2008-01-30 01:28	<DIR>	d--------	C:\Program Files\SigmaPlot
2008-01-30 01:28 . 2008-01-30 01:28	17	--a------	C:\WINDOWS\msiexec.ini
2008-01-30 01:27 . 2008-01-30 01:27	<DIR>	d--------	C:\Program Files\Downloaded Installations
2008-01-30 00:20 . 2008-01-30 00:21	<DIR>	d--------	C:\WINDOWS\system32\COLOR
2008-01-30 00:20 . 1997-08-26 10:15	298,496	--a------	C:\WINDOWS\unin040a.exe
2008-01-29 22:51 . 2008-01-29 22:51	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Publish Providers
2008-01-29 22:51 . 2008-01-29 22:51	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Cycling '74
2008-01-29 22:50 . 2008-01-29 22:50	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Sony
2008-01-29 22:49 . 2008-01-29 22:49	<DIR>	d--------	C:\Program Files\Sony
2008-01-29 12:26 . 2008-01-29 12:26	<DIR>	d--------	C:\Documents and Settings\Tete\Application Data\Applied Acoustics Systems
2008-01-29 12:11 . 2008-01-29 12:11	2,291,734	--a------	C:\WINDOWS\system32\TmpA233211453
2008-01-29 12:09 . 2005-10-18 17:20	71,168	--a------	C:\WINDOWS\system32\drivers\ni_usb.sys
2008-01-29 12:09 . 2005-10-18 17:20	23,168	--a------	C:\WINDOWS\system32\drivers\NiBoot.sys
2008-01-29 12:09 . 2005-10-18 17:20	22,016	--a------	C:\WINDOWS\system32\drivers\ni_avs.sys
2008-01-29 11:55 . 2008-01-29 11:55	<DIR>	d--------	C:\Program Files\Antares
2008-01-29 11:46 . 2008-01-29 11:46	<DIR>	d--------	C:\Program Files\Nomad Factory

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:59	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57	682,496	----a-w	C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56	156,992	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-08 23:32	87,040	----a-w	C:\WINDOWS\system32\ra32sipr.dll
2007-12-08 23:32	85,504	----a-w	C:\WINDOWS\system32\encdnet.dll
2007-12-08 23:32	81,920	----a-w	C:\WINDOWS\system32\ra3214_4.dll
2007-12-08 23:32	72,704	----a-w	C:\WINDOWS\system32\ra3228_8.dll
2007-12-08 23:32	61,952	----a-w	C:\WINDOWS\system32\decdnet.dll
2007-12-08 23:32	487,936	----a-w	C:\WINDOWS\system32\rmbe3260.dll
2007-12-08 23:32	487,424	----a-w	C:\WINDOWS\system32\msvcp70.dll
2007-12-08 23:32	352,768	----a-w	C:\WINDOWS\system32\pngu3263.dll
2007-12-08 23:32	344,064	----a-w	C:\WINDOWS\system32\msvcr70.dll
2007-12-08 23:32	21,504	----a-w	C:\WINDOWS\system32\ra32dnet.dll
2007-12-08 23:32	131,072	----a-w	C:\WINDOWS\system32\pneng50.dll
2007-12-08 23:32	130,560	----a-w	C:\WINDOWS\system32\pnc3250.dll
2006-08-13 20:16	25,214	----a-w	C:\Program Files\WavesIcon.ico
2006-08-13 20:16	191	----a-w	C:\Program Files\Waves Home Page.html
2006-08-13 20:16	16,319	----a-w	C:\Program Files\Readme for Waves SSL 4000 Collection 1.2.htm
2006-08-13 20:16	12,213	----a-w	C:\Program Files\Readme for Waves SSL 4000 Collection 1.1.htm
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{238D3403-0761-4B4D-851C-050A3A0AC40A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}

[HKEY_CLASSES_ROOT\clsid\{238d3403-0761-4b4d-851c-050a3a0ac40a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{238D3403-0761-4B4D-851C-050A3A0AC40A}"= C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll [2007-06-07 10:46 235072]

[HKEY_CLASSES_ROOT\clsid\{238d3403-0761-4b4d-851c-050a3a0ac40a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-22 10:45 579072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-21 14:48 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 ptlg;ptlg;C:\WINDOWS\system32\ptlg.exe [2008-02-09 00:09]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:28:44 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-02-06 18:02:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 23:07:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-12 23:10:00 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-12 22:09:58
.
2008-02-04 11:02:47	--- E O F ---
Por ultimo aqui esta el Log de Hijack This:

Código HTML:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:38, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ptlg.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uniovi.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liepie.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Trailfire Helper Object - {238D3404-0761-4B4D-851C-050A3A0AC40A} - C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O3 - Toolbar: Trailfire Toolbar - {238D3403-0761-4B4D-851C-050A3A0AC40A} - C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200995758140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 9520 bytes
Muchas gracias por tu ayuda.
Un saludo

Alfonso
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Tema Cerrado

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are desactivado
Refbacks are desactivado
Ir a

Temas Similares
Tema Autor Foro Respuestas Último mensaje
explorer abre solo página limewireextreme (Solucionado) antofsierra Temas Solucionados 3 11/02/08 12:26:58
Necesito ayuda con el pop up limewireextreme (Solucionado) maxcage Temas Solucionados 5 29/01/08 12:16:30




Todas las horas son GMT -4. La hora es 14:08:48.

Contáctanos - Políticas del Foro - InfoSpyware - Archivo - Blog  

Powered by: vBulletin, Versión 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435