Blog Registrarse Temas de Hoy AntiSpywares AntiVirus Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar problema con winhost y block.exe (Solucionado)

         

InfoSpyware sortea una T-Shirts
Participa en el sorteo por una "Camiseta Oficial de InfoSpyware" gracias al amigo Enjuto Mojamuto

Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
 
Herramientas
  post #1 (permalink)  
Antiguo 16/05/08, 19:52:29
Usuario
  
Registrado: may 2008
Ubicación: Mexico
Mensajes: 10
problema con winhost y block.exe (Solucionado)
hola a todos, soy nuevo en el foro y pues les comento que tengo un problema con mi Pc, yo tengo instalado el Antivirus Avast y desde hace dias me trae loco porque me aparece un virus referente a un archivo con nombre winhost.exe y otro con el nombre de blok.exe, y pues lo elimino y me vuelve a aparecer y a aparecer, ya no se que hacer XD. De antemano gracias.

Les dejo mi Log de Hihackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:30 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\winhost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\blok.exe
c:\blok.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\blok.exe
c:\blok.exe
c:\blok.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvGraphicsInterface] c:\blok.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_ansi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 10248 bytes
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #2 (permalink)  
Antiguo 17/05/08, 21:50:44
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Callao - Perú
Mensajes: 16.605
Re: problema con winhost y block.exe
Hola, te doy la bienvenida al Foro de InfoSpyware, sigue estos pasos:

Descarga, actualiza y ejecuta el programa:Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
  • Cuando termine, generará un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
  • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #3 (permalink)  
Antiguo 17/05/08, 23:34:14
Usuario
  
Registrado: may 2008
Ubicación: Mexico
Mensajes: 10
Re: problema con winhost y block.exe
hola y gracias por la ayuda, aqui le dejo mi reporte del combo fix.

ComboFix 08-05-15.3 - AYAX 2008-05-17 22:28:19.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1355 [GMT -5:00]
Running from: C:\Documents and Settings\AYAX\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-16 17:51 . 2008-05-16 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 16:31 . 2008-05-16 16:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 15:53 . 2008-05-16 21:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SUPERAntiSpyware.com
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 15:50 . 2008-05-16 15:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-10 23:35 . 2008-05-10 23:36 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-10 23:03 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-10 23:02 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\DIFX
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:03 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\PC Suite
2008-05-10 23:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-10 23:00 . 2008-05-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-10 13:11 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\HDDGURU LLF Tool
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 12:23 . 2008-05-10 12:29 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-05-09 18:46 . 2008-05-09 19:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-09 17:19 . 2008-05-09 17:19 30,208 --a------ C:\winhost.exe
2008-05-07 11:20 . 2008-05-07 11:20 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Uniblue
2008-05-06 21:06 . 2008-05-06 21:06 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Talkback
2008-05-06 21:05 . 2008-05-06 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-05 23:57 . 2008-05-05 23:57 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SolidWorks 2008
2008-04-30 01:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 01:26 . 2008-04-30 01:26 <DIR> d-------- C:\WINDOWS\Sun
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-29 19:14 . 2008-04-29 19:14 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 19:14 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:13 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-29 19:13 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-29 19:13 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-29 19:13 . 2007-08-09 02:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-29 19:13 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-29 19:13 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-29 19:03 . 2005-10-28 18:11 614,400 --a------ C:\WINDOWS\system32\hpotscl2.dll
2008-04-29 19:03 . 2005-10-28 18:11 602,112 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-04-29 19:03 . 2005-10-28 18:11 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-04-29 19:03 . 2008-04-29 19:15 103,193 --a------ C:\WINDOWS\hpoins08.dat
2008-04-29 19:03 . 2005-09-09 18:28 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-29 19:03 . 2005-10-27 20:23 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-04-29 19:03 . 2006-01-24 16:03 4,445 --------- C:\WINDOWS\hpomdl08.dat
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-28 14:19 . 2008-04-28 14:19 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\CyberLink
2008-04-27 14:52 . 2008-04-27 14:52 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\HP
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Sonic
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Leadertech
2008-04-25 12:41 . 2008-04-25 12:41 <DIR> d-------- C:\Program Files\URUSoft
2008-04-25 01:14 . 2008-04-25 01:15 4,316 --a------ C:\WINDOWS\desctemp.dat
2008-04-23 11:26 . 2008-04-23 11:26 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-04-19 20:48 . 2008-04-19 20:48 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-19 20:48 . 2008-05-17 22:27 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\MegauploadToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 20:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 22:00 --------- d-----w C:\Program Files\TextAloud
2008-05-10 17:27 --------- d-----w C:\Program Files\SolidWorks
2008-04-30 06:28 --------- d-----w C:\Program Files\Java
2008-04-30 00:13 --------- d-----w C:\Program Files\HP
2008-04-27 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 00:37 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Ahead
2008-04-22 13:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-16 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-16 03:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Media Player Classic
2008-04-16 03:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-16 02:43 --------- d-----w C:\Program Files\IVT Corporation
2008-04-16 02:32 --------- d-----w C:\Program Files\MSBuild
2008-04-16 02:32 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 02:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 05:39 --------- d-----w C:\Program Files\Windows Live
2008-04-12 15:05 --------- d-----w C:\Documents and Settings\AYAX\Application Data\SolidWorks
2008-04-11 01:57 --------- d-----w C:\Program Files\Loquendo
2008-04-10 01:36 --------- d-----w C:\Program Files\MSECACHE
2008-04-10 01:13 --------- d-----w C:\Program Files\Ares
2008-04-09 23:55 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-08 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-04-08 00:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-08 00:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-08 00:26 --------- d-----w C:\Program Files\MATLAB
2008-04-08 00:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Xfire
2008-04-08 00:14 --------- d-----w C:\Program Files\Xfire
2008-04-07 23:56 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-04-07 23:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-07 23:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-07 23:40 --------- d-----w C:\Documents and Settings\AYAX\Application Data\teamspeak2
2008-04-07 23:37 --------- d-----w C:\Program Files\TI Education
2008-04-07 23:37 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-04-07 23:31 --------- d-----w C:\Program Files\Microsoft Games
2008-04-07 23:27 --------- d-----w C:\Program Files\activePDF
2008-04-07 22:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-07 22:31 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-07 22:30 --------- d-----w C:\Program Files\Nero
2008-04-07 22:17 --------- d-----w C:\Program Files\Microchip
2008-04-07 22:14 --------- d-----w C:\Program Files\Hide IP Platinum
2008-04-07 22:12 --------- d-----w C:\Program Files\Festo Fluidsim
2008-04-07 22:11 --------- d-----w C:\Program Files\Electronics Workbench
2008-04-07 21:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-07 20:45 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 20:34 --------- d-----w C:\Program Files\RGB
2008-04-07 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 19:26 --------- d-----w C:\Program Files\NetWaiting
2008-04-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-07 09:58 --------- d-----w C:\Program Files\HP Pavilion Webcam Demo
2008-04-07 09:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 09:55 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG372UA#ABA)_YN_0Pavi_QCNF6410S04_E419857002_46_I 30BB_SQuanta_V66.37_BF.16_T070202_WXP2_L409_M2039_ J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG372UA#ABA)_XMOBIL E_CN10_Z.MRK
2008-04-07 09:50 --------- d-----w C:\Program Files\HPQ
2008-04-07 09:32 --------- d-----w C:\Program Files\Windows Plus
2008-04-07 09:32 --------- d-----w C:\Program Files\WildTangent
2008-04-07 09:32 --------- d-----w C:\Program Files\Synaptics
2008-04-07 09:32 --------- d-----w C:\Program Files\Sonic
2008-04-07 09:30 --------- d-----w C:\Program Files\muvee Technologies
2008-04-07 09:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-07 09:23 --------- d-----w C:\Program Files\DivX
2008-04-07 09:23 --------- d-----w C:\Program Files\CONEXANT
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\Java
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\HP
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-04-07 09:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Symantec
2008-04-07 09:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 23:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_15.21.02.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 19:44:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 21:47:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-17 00:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-09-10 15:47:42 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-09-10 15:47:42 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-17 21:47:11 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 23:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 15:17 118784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 10:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 00:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-18 18:12 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-05-12 11:39 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\AYAX\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-04-07 04:58:15 102400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\AYAX\\My Documents\\Juegos\\Age of Empires\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 11:36]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-10-18 18:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-12 11:38]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c15e9e14-08a5-11dd-9530-0018de313bcb}]
\Shell\AutoRun\command - F:\m9j.com
\Shell\explore\Command - F:\m9j.com
\Shell\open\Command - F:\m9j.com


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 22:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? ]??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\C:\Program Files\HP\QuickPlay\000.fcl"
.
Completion time: 2008-05-17 22:31:46
ComboFix-quarantined-files.txt 2008-05-18 03:31:44
ComboFix2.txt 2008-05-16 20:21:11
ComboFix3.txt 2008-05-06 05:27:03

Pre-Run: 37,398,470,656 bytes free
Post-Run: 37,386,657,792 bytes free

282 --- E O F --- 2008-05-16 05:59:11
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #4 (permalink)  
Antiguo 19/05/08, 15:10:12
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Callao - Perú
Mensajes: 16.605
Re: problema con winhost y block.exe
Sigue estos pasos:

1.-Abrir el Notepad
  • Clic en INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

Código HTML:
KillAll::

File::
C:\winhost.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
3.- Graba este archivo con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #5 (permalink)  
Antiguo 19/05/08, 19:55:16
Usuario
  
Registrado: may 2008
Ubicación: Mexico
Mensajes: 10
Re: problema con winhost y block.exe
hola de nuevo, le dejo los reportes del combofix y del hijackthis.

reporte del combofix

ComboFix 08-05-19.4 - AYAX 2008-05-19 18:39:40.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1613 [GMT -5:00]
Running from: C:\Documents and Settings\AYAX\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\AYAX\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
C:\winhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winhost.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 10:04 . 2008-05-19 10:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 10:00 . 2008-05-19 10:03 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\AdobeUM
2008-05-18 18:11 . 2008-05-18 18:11 <DIR> d-------- C:\Program Files\Hamachi
2008-05-18 18:11 . 2008-05-18 19:07 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Hamachi
2008-05-18 18:11 . 2008-05-18 18:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-16 17:51 . 2008-05-16 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 16:31 . 2008-05-16 16:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 15:53 . 2008-05-16 21:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SUPERAntiSpyware.com
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 15:50 . 2008-05-16 15:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-10 23:35 . 2008-05-10 23:36 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-10 23:03 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-10 23:02 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\DIFX
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:03 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\PC Suite
2008-05-10 23:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-10 23:00 . 2008-05-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-10 13:11 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\HDDGURU LLF Tool
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 12:23 . 2008-05-10 12:29 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-05-09 18:46 . 2008-05-09 19:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-07 11:20 . 2008-05-07 11:20 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Uniblue
2008-05-06 21:06 . 2008-05-06 21:06 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Talkback
2008-05-06 21:05 . 2008-05-06 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-05 23:57 . 2008-05-05 23:57 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SolidWorks 2008
2008-04-30 01:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 01:26 . 2008-04-30 01:26 <DIR> d-------- C:\WINDOWS\Sun
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-29 19:14 . 2008-04-29 19:14 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 19:14 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:13 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-29 19:13 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-29 19:13 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-29 19:13 . 2007-08-09 02:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-29 19:13 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-29 19:13 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-29 19:03 . 2005-10-28 18:11 614,400 --a------ C:\WINDOWS\system32\hpotscl2.dll
2008-04-29 19:03 . 2005-10-28 18:11 602,112 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-04-29 19:03 . 2005-10-28 18:11 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-04-29 19:03 . 2008-04-29 19:15 103,193 --a------ C:\WINDOWS\hpoins08.dat
2008-04-29 19:03 . 2005-09-09 18:28 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-29 19:03 . 2005-10-27 20:23 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-04-29 19:03 . 2006-01-24 16:03 4,445 --------- C:\WINDOWS\hpomdl08.dat
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-28 14:19 . 2008-04-28 14:19 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\CyberLink
2008-04-27 14:52 . 2008-04-27 14:52 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\HP
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Sonic
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Leadertech
2008-04-25 12:41 . 2008-04-25 12:41 <DIR> d-------- C:\Program Files\URUSoft
2008-04-25 01:14 . 2008-04-25 01:15 4,316 --a------ C:\WINDOWS\desctemp.dat
2008-04-23 11:26 . 2008-04-23 11:26 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-04-19 20:48 . 2008-04-19 20:48 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-19 20:48 . 2008-05-19 18:38 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\MegauploadToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 20:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 22:00 --------- d-----w C:\Program Files\TextAloud
2008-05-10 17:27 --------- d-----w C:\Program Files\SolidWorks
2008-04-30 06:28 --------- d-----w C:\Program Files\Java
2008-04-30 00:13 --------- d-----w C:\Program Files\HP
2008-04-27 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 00:37 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Ahead
2008-04-22 13:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-16 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-16 03:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Media Player Classic
2008-04-16 03:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-16 02:43 --------- d-----w C:\Program Files\IVT Corporation
2008-04-16 02:32 --------- d-----w C:\Program Files\MSBuild
2008-04-16 02:32 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 02:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 05:39 --------- d-----w C:\Program Files\Windows Live
2008-04-12 15:05 --------- d-----w C:\Documents and Settings\AYAX\Application Data\SolidWorks
2008-04-11 01:57 --------- d-----w C:\Program Files\Loquendo
2008-04-10 01:36 --------- d-----w C:\Program Files\MSECACHE
2008-04-10 01:13 --------- d-----w C:\Program Files\Ares
2008-04-09 23:55 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-08 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-04-08 00:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-08 00:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-08 00:26 --------- d-----w C:\Program Files\MATLAB
2008-04-08 00:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Xfire
2008-04-08 00:14 --------- d-----w C:\Program Files\Xfire
2008-04-07 23:56 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-04-07 23:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-07 23:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-07 23:40 --------- d-----w C:\Documents and Settings\AYAX\Application Data\teamspeak2
2008-04-07 23:37 --------- d-----w C:\Program Files\TI Education
2008-04-07 23:37 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-04-07 23:31 --------- d-----w C:\Program Files\Microsoft Games
2008-04-07 23:27 --------- d-----w C:\Program Files\activePDF
2008-04-07 22:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-07 22:31 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-07 22:30 --------- d-----w C:\Program Files\Nero
2008-04-07 22:17 --------- d-----w C:\Program Files\Microchip
2008-04-07 22:14 --------- d-----w C:\Program Files\Hide IP Platinum
2008-04-07 22:12 --------- d-----w C:\Program Files\Festo Fluidsim
2008-04-07 22:11 --------- d-----w C:\Program Files\Electronics Workbench
2008-04-07 21:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-07 20:45 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 20:34 --------- d-----w C:\Program Files\RGB
2008-04-07 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 19:26 --------- d-----w C:\Program Files\NetWaiting
2008-04-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-07 09:58 --------- d-----w C:\Program Files\HP Pavilion Webcam Demo
2008-04-07 09:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 09:55 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG372UA#ABA)_YN_0Pavi_QCNF6410S04_E419857002_46_I 30BB_SQuanta_V66.37_BF.16_T070202_WXP2_L409_M2039_ J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG372UA#ABA)_XMOBIL E_CN10_Z.MRK
2008-04-07 09:50 --------- d-----w C:\Program Files\HPQ
2008-04-07 09:32 --------- d-----w C:\Program Files\Windows Plus
2008-04-07 09:32 --------- d-----w C:\Program Files\WildTangent
2008-04-07 09:32 --------- d-----w C:\Program Files\Synaptics
2008-04-07 09:32 --------- d-----w C:\Program Files\Sonic
2008-04-07 09:30 --------- d-----w C:\Program Files\muvee Technologies
2008-04-07 09:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-07 09:23 --------- d-----w C:\Program Files\DivX
2008-04-07 09:23 --------- d-----w C:\Program Files\CONEXANT
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\Java
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\HP
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_15.21.02.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 19:44:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 23:43:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 15:05:19 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
- 2008-05-12 16:44:11 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-05-12 16:32:02 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-05-12 16:33:19 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-05-12 16:38:45 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-05-12 16:38:25 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-05-12 16:34:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-05-12 16:36:18 77,904 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-05-12 16:33:38 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2005-05-17 00:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-09-10 15:47:42 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-09-10 15:47:42 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-19 23:43:30 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 23:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 15:17 118784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 10:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 00:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-18 18:12 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\AYAX\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-04-07 04:58:15 102400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\AYAX\\My Documents\\Juegos\\Age of Empires\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-10-18 18:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-15 18:16]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c15e9e14-08a5-11dd-9530-0018de313bcb}]
\Shell\AutoRun\command - F:\m9j.com
\Shell\explore\Command - F:\m9j.com
\Shell\open\Command - F:\m9j.com

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 18:43:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? ]??????`?@?????L?@

scanning hidden files ...


C:\Documents and Settings\AYAX\Application Data\SolidWorks 2008\Scheduler_1\swbo1.ldb 64 bytes

scan completed successfully
hidden files: 1

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\C:\Program Files\HP\QuickPlay\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SOLIDW~1\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\ehome\ehmsas.exe
.
************************************************** ************************
.
Completion time: 2008-05-19 18:49:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 23:49:04
ComboFix2.txt 2008-05-18 03:31:47
ComboFix3.txt 2008-05-16 20:21:11
ComboFix4.txt 2008-05-06 05:27:03

Pre-Run: 37,159,370,752 bytes free
Post-Run: 37,255,671,808 bytes free

317 --- E O F --- 2008-05-16 05:59:11


reporte de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:52 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_ansi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 9924 bytes

y por ultimo le pido un consejo, yo manejo desde ya hace tiempo Avast y spybot search & destroy, son buenos o seria congruente cambiarme de antivirus y detector de malwares. De antemano gracias.

Saludos.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #6 (permalink)  
Antiguo 19/05/08, 20:06:41
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Callao - Perú
Mensajes: 16.605
Re: problema con winhost y block.exe
ComboFix ya se encargó de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría quitar CF de la siguiente manera:

  • Ir a Inicio > Ejecutar
  • Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:



Esto realizara las siguientes tareas:

  • Se borraran:
    • ComboFix: sus archivos y carpetas.
    • VundoFix: copias de seguridad (si está presente)
    • La carpeta C:\Deckard (si está presente)
    • La carpeta C: _OtMoveIt (si está presente)
  • Restablece la configuración del reloj.
  • Ocultar extensiones de archivo (si es necesario.)
  • Oculta los archivos que estaban ocultos
  • Reactiva el "Restaurar Sistema"


Para evitar este tipo de infecciones te recomiendo usar un navegador mas seguro como Firefox

Particularmente recomiendo esta configuración

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #7 (permalink)  
Antiguo 19/05/08, 20:40:50
Usuario
  
Registrado: may 2008
Ubicación: Mexico
Mensajes: 10
Re: problema con winhost y block.exe (Solucionado)
muchas gracias por todo en verdad son unos genios aqui, les agradezco de todo corazon, y quedo de ustedes para que se les ofrezca.

Saludos.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #8 (permalink)  
Antiguo 19/05/08, 20:43:30
Usuario
  
Registrado: may 2008
Ubicación: Mexico
Mensajes: 10
Re: problema con winhost y block.exe (Solucionado)
perdon por volver a molestar, en ejecutar no me deja borrar esa ruta, dice que no existe. Saludos.
Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita