 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
04/07/08, 00:49:12
|  |
| |||
| Se cierra solo explorer.exe + archivos saltados por antivirus Resulta que después de instalar un programa el explorer.exe se cerraba solo cada vez que yo abría una carpeta, mostrando solo el escritorio sin ningún icono, tenía que darle a Control+Alt+Supr para ejecutarlo de nuevo y se volvía a cerrar. Desactivé Restaurar el sistema, reinicié en modo a prueba de fallos, le pasé el antivirus avast, el ad-aware y el spybot s&d y le eliminé lo que me encontró. Reinicié y seguía pasando, pero se me abre solo el pando y de repente el avast me dice que hay virus y que mande al baúl un archivo, lo mando al baúl y ya deja de pasar lo del explorer.exe Como no me quedo tranquilo abro el kaspersky online y se lo paso, y después de tres horas me sale que tengo virus, y también una lista enorme de archivos que se ha saltado! Luego voy a ver si restaurar sistema sigue desactivado y resulta que está activado de nuevo!! :S Le he vuelto a pasar el kaspersky desactivando de nuevo Restaurar sistema y en modo seguro, los virus ya no están (he borrado los archivos infectados) pero sigue habiendo archivos bloqueados que se ha saltado... Os pego el log de hijackthis y el del kaspersky online HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:28, on 04/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Windows Media Connect 2\WMCCFG.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\Notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local;*.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7ACAD91C-EE11-468B-8B75-917417BAD41E} - C:\WINDOWS\system32\byXOgdcd.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EE.EXE /FU "C:\WINDOWS\TEMP\E_SBA.tmp" /EF "HKLM" O4 - HKLM\..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\WINDOWS\system32\udcs.exe O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EE.EXE /FU "C:\WINDOWS\TEMP\E_S73.tmp" /EF "HKLM" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Monitor de recursos de Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08EC5265-BFFB-48C1-8B3B-B96B19921616} (ReveladoOnline Control) - http://media.fotoprix.com/ReveladoOnline/1.3.1.11/setup.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173007113984 O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www4.aeat.es/es13/h/cactivex.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4BBB00DF-D5C0-451E-8D2A-127EAF7E5D93}: NameServer = 80.58.61.250,80.58.61.254 O20 - Winlogon Notify: yayyVnlK - yayyVnlK.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14522 bytes KASPERSKY PRIMERA PASADA ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER INFORME viernes, 04 de julio de 2008 6:31:06 Sistema operativo: Microsoft Windows XP Professional, Service Pack 3 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.1 Ultima actualización: 3/07/2008 Registros en la base antivirus: 812118 ------------------------------------------------------------------------------- Configuración del análisis: Analizar usando las siguientes bases: standard Analizar archivos: verdadero Analizar bases de correo: verdadero Objetivo a analizar - Mi PC: C:\ D:\ F:\ G:\ H:\ I:\ J:\ Estadísticas: Número de objeros analizados: 174059 Virus encontrados: 2 Objetos infectados: 5 / 0 Objetos sospechosos: 0 Duración del análisis: 03:52:30 Bombre del objeto infectado / Nombre del virus / Última acción C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Ga therLogs\SystemIndex\SystemIndex.3.Crwl Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Ga therLogs\SystemIndex\SystemIndex.3.gthr Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MS S.log Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MS Stmp.log Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010011.ci Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010011.wsb Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\00010029.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001002B.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001002C.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\0001002E.wid Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\CiMG0006.000 Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\PropMap\CiPT0000.000 Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\PropMap\Used0000.000 Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\SecStore\CiST0000.000 Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\SystemIndex.chk1.gthr Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\SystemIndex.chk2.gthr Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\SystemIndex.Crwl0.gthr Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Pr ojects\SystemIndex\SystemIndex.Ntfy3.gthr Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tm p.edb Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Wi ndows.edb Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4.tmp Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_ Perfdata_be4.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\$_hpcst$.hpc Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\cer t8.db Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\con tent-prefs.sqlite Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\coo kies.sqlite Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\dow nloads.sqlite Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\key 3.db Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\par ent.lock Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\per missions.sqlite Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\pla ces.sqlite Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\pla ces.sqlite-journal Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\pla ces.sqlite-stmtjrnl Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\Cac he\_CACHE_001_ Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\Cac he\_CACHE_002_ Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\Cac he\_CACHE_003_ Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\Cac he\_CACHE_MAP_ Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fglcqwus.default\url classifier3.sqlite Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012008070420080 705\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\WCESLog.log Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFA438.tmp Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\003.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\004.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\005.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\006.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\007.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\008.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\009.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\010.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\011.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\012.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\013.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\014.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\015.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\016.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\Archivos emule\Temp\018.part Object is locked saltado C:\Documents and Settings\Compaq_Administrator\My Documents\sniffer\aircap\AirCap.exe Infectados: Trojan.Win32.Agent.jdp saltado C:\Documents and Settings\Compaq_Administrator\My Documents\sniffer.zip/aircap/AirCap.exe Infectados: Trojan.Win32.Agent.jdp saltado C:\Documents and Settings\Compaq_Administrator\My Documents\sniffer.zip ZIP: infectado - 1 saltado C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked saltado C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP0\A0000049.dll Infectados: Trojan.Win32.Monderc.gen saltado C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP0\change.log Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7A3A8D21-D261-49C6-95E3-C09ABCC76180}.crmlog Object is locked saltado C:\WINDOWS\SchedLgU.Txt Object is locked saltado C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado C:\WINDOWS\Sti_Trace.log Object is locked saltado C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\default.LOG Object is locked saltado C:\WINDOWS\system32\config\Internet.evt Object is locked saltado C:\WINDOWS\system32\config\Media Ce.evt Object is locked saltado C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado C:\WINDOWS\system32\config\OSession.evt Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\software.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\system.LOG Object is locked saltado C:\WINDOWS\system32\drivers\atapi.sys Object is locked saltado C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado C:\WINDOWS\system32\h323log.txt Object is locked saltado C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_7b4.dat Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_a54.dat Object is locked saltado C:\WINDOWS\Temp\_avast4_\unp158221916.tmp Infectados: Trojan.Win32.Monderc.gen saltado C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado C:\WINDOWS\wiadebug.log Object is locked saltado C:\WINDOWS\wiaservc.log Object is locked saltado C:\WINDOWS\WindowsUpdate.log Object is locked saltado Análisis completado. KASPERSKY EN MODO SEGURO SEGUNDA PASADA *KASPERSKY ONLINE SCANNER INFORME* viernes, 04 de julio de 2008 10:21:35 Sistema operativo: Microsoft Windows XP Professional, Service Pack 3 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.1 Ultima actualización: 4/07/2008 Registros en la base antivirus: 813433 *Configuración del análisis* Analizar usando las siguientes bases standard Analizar archivos verdadero Analizar bases de correo verdadero *Objetivo a analizar* Mi PC C:\ D:\ F:\ G:\ H:\ I:\ J:\ *Estadísticas* Número de objeros analizados 174161 Virus encontrados 0 Objetos infectados 0 / 0 Objetos sospechosos 0 Duración del análisis 02:59:18 *Bombre del objeto infectado* *Nombre del virus* *Última acción* C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012008070420080 705\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked saltado C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\CSC\00000001 Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\default.LOG Object is locked saltado C:\WINDOWS\system32\config\Internet.evt Object is locked saltado C:\WINDOWS\system32\config\Media Ce.evt Object is locked saltado C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado C:\WINDOWS\system32\config\OSession.evt Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\software.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\system.LOG Object is locked saltado C:\WINDOWS\system32\drivers\atapi.sys Object is locked saltado C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado *Análisis completado.* ------------- Edito: Este archivo es el que me ha detectado avast como virus y está en el baúl: O2 - BHO: (no name) - {7ACAD91C-EE11-468B-8B75-917417BAD41E} - C:\WINDOWS\system32\byXOgdcd.dll (file missing) MUCHAS GRACIAS!! Última edición por ximo_nacho fecha: 04/07/08 a las 04:36:48.      |
|
04/07/08, 09:55:43
| |
| ||||
| Re: Se cierra solo explorer.exe + archivos saltados por antivirus Hola te doy la Bienvenida al Foro Descarga y/o Actualiza: Realiza lo Siguiente:  Con todos los programas cerrados ejecuta el HijackThis y dale  a estas entradas:O2 - BHO: (no name) - {7ACAD91C-EE11-468B-8B75-917417BAD41E} - C:\WINDOWS\system32\byXOgdcd.dll (file missing) O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file) O4 - HKLM\..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\WINDOWS\system32\udcs.exe O20 - Winlogon Notify: yayyVnlK - yayyVnlK.dll (file missing)  Ejecuta estas herramientas, de a una:
Cita:
 Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).Reinicia y nos cuentas los resultados. junto con el reporte de C:\ComboFix.txt en este mismo mensaje. Saludos nos comentas.  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
Malwarebytes' Anti-Malware
Antes de usar ComboFix.... |
04/07/08, 18:39:13
| |
| |||
| Re: Se cierra solo explorer.exe + archivos saltados por antivirus Buenas!! Gracias por responder!! He pasado el Malwarebytes Anti-Malware y me ha detectado lo siguiente Malwarebytes' Anti-Malware 1.19 Versión de la Base de Datos: 921 Windows 5.1.2600 Service Pack 3 23:39:33 04/07/2008 mbam-log-7-4-2008 (23-39-33).txt Tipo de examen : Examen Rápido Objetos examinados: 46989 Tiempo transcurrido: 6 minute(s), 14 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 2 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 1 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) -------- Luego el ComboFix me ha generado este log: ComboFix 08-07-04.1 - Compaq_Administrator 2008-07-04 23:47:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.961 [GMT 2:00] Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe C:\WINDOWS\Downloaded Program Files\setup.dll C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\dcdgOXyb.ini C:\WINDOWS\system32\dcdgOXyb.ini2 D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))) . 2008-07-04 23:30 . 2008-07-04 23:30 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes 2008-07-04 23:30 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-04 23:29 . 2008-07-04 23:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-04 23:29 . 2008-07-04 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-04 23:29 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-04 12:40 . 2008-07-04 12:40 <DIR> d-------- C:\Program Files\Innovative Solutions 2008-07-04 11:53 . 2008-07-04 11:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-07-04 11:53 . 2008-07-04 11:53 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com 2008-07-04 11:53 . 2008-07-04 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-04 11:50 . 2008-07-04 11:51 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-04 11:50 . 2008-07-04 11:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-04 06:35 . 2008-07-04 06:35 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-03 02:17 . 2008-07-03 02:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-02 07:52 . 2008-07-02 07:52 <DIR> d-------- C:\Program Files\NeroInstall.bak 2008-07-02 07:49 . 2008-07-02 07:49 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Nero 2008-07-02 07:40 . 2008-07-02 07:43 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-07-02 07:40 . 2008-07-02 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-07-01 12:43 . 2008-07-01 12:43 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-01 11:17 . 2008-07-01 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-26 19:18 . 2008-06-26 19:18 <DIR> d-------- C:\Program Files\Common Files\Acronis 2008-06-26 19:18 . 2008-06-26 19:18 <DIR> d-------- C:\Program Files\Acronis 2008-06-26 19:18 . 2008-06-26 19:18 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2008-06-18 13:58 . 2008-06-18 14:09 <DIR> d-------- C:\Program Files\Bonjour 2008-06-13 21:37 . 2008-06-13 21:39 <DIR> d-------- C:\Program Files\AveIconifier2 2008-06-13 20:41 . 2008-06-13 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents 2008-06-13 18:56 . 2008-06-13 18:56 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\FindeXer 2008-06-13 18:54 . 2008-06-27 01:02 <DIR> d-------- C:\Program Files\RocketDock 2008-06-13 18:34 . 2008-06-13 18:34 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Styler 2008-06-13 18:33 . 2008-06-13 18:58 <DIR> d-------- C:\Program Files\Styler 2008-06-12 21:08 . 2008-06-12 21:09 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\PgcEdit 2008-06-11 15:01 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-11 15:01 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-05 11:29 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2008-06-05 11:17 . 2008-06-05 11:17 <DIR> d-------- C:\Program Files\Ubisoft 2008-06-05 09:26 . 2008-06-05 09:26 <DIR> d-------- C:\Program Files\Traction Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-07-04 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-04 09:28 --------- d-----w C:\Program Files\PeerGuardian2 2008-07-04 09:19 --------- d-----w C:\Program Files\Real 2008-07-04 05:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 05:40 --------- d-----w C:\Program Files\Nero 2008-07-01 10:52 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent 2008-07-01 10:47 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Orbit 2008-07-01 10:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-13 18:46 --------- d-----w C:\Program Files\DVDVideoSoft 2008-06-13 18:46 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 19:12 --------- d-----w C:\Program Files\MagicISO 2008-06-06 06:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 07:28 --------- d-----w C:\Documents and Settings\MCX5\Application Data\Mujeres Desesperadas 2008-05-27 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-27 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-24 20:11 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Hide IP NG 2008-05-22 22:17 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-05-22 22:17 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab 2008-05-15 20:29 --------- d-----w C:\Program Files\iTunes 2008-05-15 20:29 --------- d-----w C:\Program Files\iPod 2008-05-15 20:28 --------- d-----w C:\Program Files\QuickTime 2008-05-15 20:22 --------- d-----w C:\Program Files\Safari 2008-05-15 20:21 --------- d-----w C:\Program Files\Apple Software Update 2008-05-13 19:34 --------- d-----w C:\Program Files\FotoPrix 2008-05-12 13:06 --------- d-----w C:\Program Files\PowerQuest 2008-05-11 09:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit 2008-05-11 09:43 --------- d-----w C:\Program Files\Tunebite 2008-05-11 06:10 --------- d-----w C:\Program Files\Panda Security 2008-05-10 23:27 --------- d-----w C:\Program Files\MecaNet 2008-05-10 12:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-10 06:25 --------- d-----w C:\Program Files\pspvideo9 2008-05-10 06:25 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-05 13:32 --------- d-----w C:\Program Files\Transcode360 2008-05-04 20:27 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-04 06:25 --------- d-----w C:\Program Files\Zoom Player 2008-04-14 00:12 69,120 ------w C:\WINDOWS\notepad.exe 2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 00:12 34,816 ------w C:\WINDOWS\Help\sniffpol.dll 2008-04-14 00:12 33,280 ------w C:\WINDOWS\Help\sstub.dll 2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 00:12 279,040 ------w C:\WINDOWS\Help\tshoot.dll 2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 00:12 10,752 ------w C:\WINDOWS\hh.exe 2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe 2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll 2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll 2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll 2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll 2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll 2007-11-30 22:55 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys 2007-06-21 13:05 3,278 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat 2007-01-03 15:36 753,664 --sha-w C:\Program Files\ehthumbs.db 2006-10-15 00:50 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . Código: <pre> ----a-w 28,088,869 2007-12-15 10:44:43 C:\Documents and Settings\Compaq_Administrator\My Documents\Setups\SUPER v2007.build23 setup .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:22 1289000] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824] "DriverMax"="" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 06:56 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 01:59 8466432] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 18:27 370688] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-08-28 01:59 81920] "ftutil2"="ftutil2.dll" [2004-06-07 23:05 106496 C:\WINDOWS\system32\ftutil2.dll] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 09:19 77312 C:\WINDOWS\arpwrmsg.exe] "nwiz"="nwiz.exe" [2007-08-28 01:59 1626112 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 02:12 110592 C:\WINDOWS\system32\bthprops.cpl] "SbUsb AudCtrl"="sbusbdll.dll" [2003-03-12 04:48 64000 C:\WINDOWS\system32\sbusbdll.dll] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [03/01/2006 7:16:04 27136] PinMcLnk.lnk - C:\hp\bin\cloaker.exe [03/01/2006 7:16:04 27136] C:\Documents and Settings\MCX5\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [03/01/2006 7:16:04 27136] PinMcLnk.lnk - C:\hp\bin\cloaker.exe [03/01/2006 7:16:04 27136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Monitor de recursos de Extender.lnk - C:\WINDOWS\ehome\RMSysTry.exe [20/10/2005 20:55:40 18432] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2004-10-09 16:18 49152] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll "vidc.X264"= x264vfw.dll "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.mpegacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "vidc.yv12"= yv12vfw.dll "MSVideo"= CSvidcap.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-02-17 17:25 53248 C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageDrive-{0CFE4D98-44D7-4542-9842-B924978C2A4F}] C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2005-08-18 19:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "Transcode360"=C:\Program Files\Transcode360\Transcode360Tray.exe "Telefonica"="C:\Program Files\Telefonica\bin\sprtcmd.exe" /P Telefonica "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s "SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.ex e "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Transcode360\\Transcode360Tray.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"= "C:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Archivos emule\\eMule\\emule.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "4242:TCP"= 4242:TCP:4242 "4242:UDP"= 4242:UDP:4242 "4662:TCP"= 4662:TCP:4662 "4662:UDP"= 4662:UDP:4662 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "2501:TCP"= 2501:TCP:2501 "2502:TCP"= 2502:TCP:2502 "2501:UDP"= 2501:UDP:2501 "2502:UDP"= 2502:UDP:2502 R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bu s.sys [2004-03-12 23:41] R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346pr t.sys [2004-03-12 23:41] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-16 01:16] R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55] S3 athrusb;Atheros Wireless LAN USB device driver;C:\WINDOWS\system32\DRIVERS\athrusb.sys [2006-11-30 12:14] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44] S3 Diag69xp;Diag69xp;C:\WINDOWS\system32\Drivers\Diag 69xp.sys [2006-05-11 07:36] S3 DLPortIO;DriverLINX Port I/O Driver;C:\Program Files\SuperPass2\DLPortIO.SYS [1999-01-10 13:00] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10] S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2008-04-14 02:12] S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-03-25 08:27] S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVIC HW32.SYS [2007-12-04 16:44] S3 ZD1211BU(WIFI LINK);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(WIFI LINK);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder "2008-06-21 08:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-04 21:55:09 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-07-04 22:02:56 C:\WINDOWS\Tasks\GlaryInitialize.job" - C:\Program Files\Glary Utilities\initialize.exe . - - - - ORPHANS REMOVED - - - - BHO-{7ACAD91C-EE11-468B-8B75-917417BAD41E} - (no file) BHO-{A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file) ShellExecuteHooks-{A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file) Notify-yayyVnlK - (no file) ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 00:04:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll -> ?:\WINDOWS\system32\ieframe.dll -> ?:\WINDOWS\system32\ieframe.dll -> ?:\WINDOWS\system32\nvwddi.dll -> ?:\WINDOWS\system32\nvwddi.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\ehome\McrdSvc.exe C:\Program Files\Windows Media Connect 2\wmccds.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\hp\KBD\kbd.exe . ************************************************** ************************ . Completion time: 2008-07-05 0:25:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-04 22:25:01 Pre-Run: 34,437,799,936 bytes free 30 dirs 34,290,884,608 bytes libres 308 --- E O F --- 2008-06-20 10:37:53 ---------- Una nueva pasada del Hijackthis me descubre que la entrada 02 - BHO: (No name) - {A26078 bla bla bla} me sigue apareciendo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:36:19, on 05/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Windows Media Connect 2\WMCCFG.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\Notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe c:\windows\system\hpsysdrv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local;*.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Global Startup: Monitor de recursos de Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08EC5265-BFFB-48C1-8B3B-B96B19921616} (ReveladoOnline Control) - http://media.fotoprix.com/ReveladoOnline/1.3.1.11/setup.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6A868C04-B942-11D8-8D76-0008C7FF1716} (BanServidorFicherosBPP.DownloadBPP) - https://www.bancaja.es/arq_activex/particulares/BanServidorFicherosBPP.CAB O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173007113984 O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www4.aeat.es/es13/h/cactivex.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4BBB00DF-D5C0-451E-8D2A-127EAF7E5D93}: NameServer = 80.58.61.250,80.58.61.254 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13565 bytes -------- Veis algo más???  |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Ayuda Windows Live se abre y se cierra solo!!!! | chalo35 | Foro de Virus y Spywares | 8 | 10/03/08 11:36:51 |
| Ayuda, explorer se cierra solo en ciertas paginas | jalimbalam | Foro Oficial de HijackThis en español | 3 | 10/02/08 21:16:51 |
| Explorer.exe se abre y cierra repentinamente..(Solucionado) | Cesar-adan | Temas Solucionados | 3 | 06/01/08 14:10:29 |
| Se cambia solo editor de registro y no deja Ver Archivos Ocultos (Solucionado) | Alishka | Temas Solucionados | 10 | 19/09/07 17:41:57 |