Bunos dias a todos!
Miren, me infecte con el virus photo.1226.jepg-www.myspeace.com, por msn, y desde entonces realice muchos de los pasos que lei por las paginas del foro, todo perfecto, pero creo que me quedaron secuelas
El problema actual es que no puedo entrar a google.
Paso a contarles las cosas que hice y por ultimo el log del HijackThis.
En orden de procesos:
Desactive la restauracion e inicie modo seguro.
MsnCleaner => Extrañamente no detecto nada.
Avast => Actualice y pase en modo minucioso y nada.
Reinicie, bootie desde linux, instale el avast y lo pase desde alli en las particiones que utilizo en win... => Nuevamente, no reporta niguna anomalia.
Cansado de tanta lucha pase a instalarme los siguientes programas:
> SUPERAntiSpyware
> Spybot - Search & Destroy
> Ad-Aware y Malwarebytes' Anti-Malware
De los cuales Cada uno detecto diferentes cosas:
> SUPERAntiSpyware
Trojan.Dropper/Gen-MultiPacked
C:\DOCUMENTS AND SETTINGS\MARTIN RISOLINO\OFC.EXE
C:\WINDOWS\SYSTEM32\AQJ.EXE
C:\WINDOWS\Prefetch\AQJ.EXE-2B54C1EA.pf
> Spybot - Search & Destroy (me tiro el siguiente informe)
> Ad-Aware (Encontró y eliminó lo siguiente)Código:--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0.8) 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0.8) 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-07-07 TeaTimer.exe (1.6.0.20) 2008-07-23 unins000.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-07-07 advcheck.dll (1.6.1.12) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-06-19 sqlite3.dll 2008-07-07 Tools.dll (2.1.5.7) 2008-07-15 Includes\Adware.sbi 2008-07-15 Includes\AdwareC.sbi 2008-06-03 Includes\Cookies.sbi 2008-06-03 Includes\Dialer.sbi 2008-07-07 Includes\DialerC.sbi 2008-07-23 Includes\HeavyDuty.sbi 2008-07-10 Includes\Hijackers.sbi 2008-07-08 Includes\HijackersC.sbi 2008-07-15 Includes\Keyloggers.sbi 2008-07-15 Includes\KeyloggersC.sbi 2004-11-29 Includes\LSP.sbi 2008-07-23 Includes\Malware.sbi 2008-07-23 Includes\MalwareC.sbi 2008-07-15 Includes\PUPS.sbi 2008-07-22 Includes\PUPSC.sbi 2007-11-07 Includes\Revision.sbi 2008-06-18 Includes\Security.sbi 2008-07-08 Includes\SecurityC.sbi 2008-06-03 Includes\Spybots.sbi 2008-06-03 Includes\SpybotsC.sbi 2008-07-11 Includes\Spyware.sbi 2008-07-15 Includes\SpywareC.sbi 2008-06-03 Includes\Tracks.uti 2008-07-23 Includes\Trojans.sbi 2008-07-22 Includes\TrojansC.sbi 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 3 (5.1.2600) / Windows XP / SP3: Windows XP Service Pack 3 / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0 --- Startup entries list --- Located: HK_LM:Run, avast! command: C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe file: C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe size: 79224 MD5: 87B63FD1B5EC5CC41589CE7026DB7C5F Located: HK_LM:Run, igfxhkcmd command: C:\WINDOWS\system32\hkcmd.exe file: C:\WINDOWS\system32\hkcmd.exe size: 77824 MD5: D9F3DB62D1B361D82CD82A347EA6218D Located: HK_LM:Run, igfxpers command: C:\WINDOWS\system32\igfxpers.exe file: C:\WINDOWS\system32\igfxpers.exe size: 118784 MD5: 32FB9368F485A7FE944EB6678B61734B Located: HK_LM:Run, igfxtray command: C:\WINDOWS\system32\igfxtray.exe file: C:\WINDOWS\system32\igfxtray.exe size: 94208 MD5: 54F1F98C4AD8F99BBBE8FBB62B38733F Located: HK_LM:Run, SkyTel command: SkyTel.EXE file: SkyTel.EXE size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" file: C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe size: 144784 MD5: 6AB4C021FBD36DC6764924C312428D97 Located: HK_LM:Run, SynTPEnh command: C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe file: C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe size: 761946 MD5: 59307A84CACE50B66089DBD5F74EA17A Located: HK_CU:Run, CTFMON.EXE where: .DEFAULT... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: DAAE1CB1B1875B760496E7D3336DA1AD Located: HK_CU:Run, CTFMON.EXE where: S-1-5-19... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: DAAE1CB1B1875B760496E7D3336DA1AD Located: HK_CU:Run, CTFMON.EXE where: S-1-5-20... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: DAAE1CB1B1875B760496E7D3336DA1AD Located: HK_CU:Run, ares where: S-1-5-21-789336058-1220945662-682003330-1003... command: "C:\Archivos de programa\Ares\Ares.exe" -h file: C:\Archivos de programa\Ares\Ares.exe size: 968704 MD5: 9BCC1C5D6B4F93AEF781441AF7490723 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-21-789336058-1220945662-682003330-1003... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: DAAE1CB1B1875B760496E7D3336DA1AD Located: HK_CU:Run, MsnMsgr where: S-1-5-21-789336058-1220945662-682003330-1003... command: "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background file: C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe size: 5724184 MD5: FDEC512CB8752174649D3A513893938A Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-789336058-1220945662-682003330-1003... command: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe file: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe size: 2156368 MD5: 08FC1FAD357F053043016597B6559BDC Located: HK_CU:Run, SUPERAntiSpyware where: S-1-5-21-789336058-1220945662-682003330-1003... command: C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe file: C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe size: 1506544 MD5: 24A3D7D9DD5555F409CF909600D32D60 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-18... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: DAAE1CB1B1875B760496E7D3336DA1AD Located: Inicio (común), Acceso directo a ViOrbv2.lnk where: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio... command: C:\WINDOWS\Resources\Themes\Aero Basic Black for XP\ViOrb\ViOrb IntensityStyle RC1\ViOrbv2.exe file: C:\WINDOWS\Resources\Themes\Aero Basic Black for XP\ViOrb\ViOrb IntensityStyle RC1\ViOrbv2.exe size: 163840 MD5: 66DB6659A220A30B0F54419483D474A7 Located: Inicio (común), BTTray.lnk where: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio... command: C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe file: C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe size: 618557 MD5: B21EACDAD44AB2F47C5630F4283FE833 Located: WinLogon, !SASWinLogon command: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll file: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll size: 294912 MD5: 3B2F85D8C913CE452ADE4A0D24299FEA Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, dimsntfy command: %SystemRoot%\System32\dimsntfy.dll file: %SystemRoot%\System32\dimsntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, igfxcui command: igfxdev.dll file: igfxdev.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {7E853D72-626A-48EC-A868-BA8D5E23E045} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: --- ActiveX list --- {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) DPF name: CLSID name: ewidoOnlineScan Control Installer: Codebase: http://downloads.ewido.net/ewidoOnlineScan.cab description: classification: Legitimate known filename: EWIDOO~1.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\DOWNLO~1\ Long name: ewidoOnlineScan.dll Short name: EWIDOO~1.DLL Date (created): 11/07/2006 09:41:36 a.m. Date (last access): 24/07/2008 09:45:58 a.m. Date (last write): 11/07/2006 09:41:36 a.m. Filesize: 345656 Attributes: archive MD5: B284992540E0FA2B76DEA56F93D49A16 CRC32: FD2E709C Version: 1.0.0.4 {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Archivos de programa\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10/06/2008 02:32:34 a.m. Date (last access): 24/07/2008 09:45:58 a.m. Date (last write): 10/06/2008 04:27:02 a.m. Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Path: C:\Archivos de programa\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10/06/2008 02:32:34 a.m. Date (last access): 24/07/2008 09:45:58 a.m. Date (last write): 10/06/2008 04:27:02 a.m. Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Archivos de programa\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10/06/2008 02:32:34 a.m. Date (last access): 24/07/2008 09:45:58 a.m. Date (last write): 10/06/2008 04:27:02 a.m. Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 --- Process list --- PID: 0 ( 0) [System] PID: 1104 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 1200 (1104) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 1224 (1104) \??\C:\WINDOWS\system32\winlogon.exe size: 510976 PID: 1268 (1224) C:\WINDOWS\system32\services.exe size: 109056 MD5: D658A8C2FC7B2AD53D1259741A09EE04 PID: 1280 (1224) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 671ACA589DA3733FAC878A751C5BF0ED PID: 1440 (1268) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 4F2340F0BD5B6365C38E74DD391919A8 PID: 1528 (1268) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 4F2340F0BD5B6365C38E74DD391919A8 PID: 1568 (1268) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 4F2340F0BD5B6365C38E74DD391919A8 PID: 1624 (1268) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 4F2340F0BD5B6365C38E74DD391919A8 PID: 1752 (1268) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 4F2340F0BD5B6365C38E74DD391919A8 PID: 200 (1268) C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe size: 611664 MD5: 17067069B9A7865028C1F2E6971D0CCC PID: 232 (1268) C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe size: 17272 MD5: 67AF5593EF8359B56DAD6F289D22494B PID: 304 (1268) C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe size: 144760 MD5: 373BF09D372A82EA637CA9A6BC8CC8E9 PID: 444 ( 428) C:\WINDOWS\Explorer.EXE size: 1036288 MD5: 7522F548A84ABAD8FA516DE5AB3931EF PID: 1060 (1268) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: CDD2DC6AE65084481E723E746C20539A PID: 1448 ( 444) C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe size: 761946 MD5: 59307A84CACE50B66089DBD5F74EA17A PID: 1632 ( 444) C:\WINDOWS\system32\hkcmd.exe size: 77824 MD5: D9F3DB62D1B361D82CD82A347EA6218D PID: 1656 ( 444) C:\WINDOWS\system32\igfxpers.exe size: 118784 MD5: 32FB9368F485A7FE944EB6678B61734B PID: 1684 ( 444) C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe size: 79224 MD5: 87B63FD1B5EC5CC41589CE7026DB7C5F PID: 1720 ( 444) C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe size: 144784 MD5: 6AB4C021FBD36DC6764924C312428D97 PID: 1736 ( 444) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: DAAE1CB1B1875B760496E7D3336DA1AD PID: 1800 ( 444) C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe size: 5724184 MD5: FDEC512CB8752174649D3A513893938A PID: 160 ( 444) C:\WINDOWS\Resources\Themes\Aero Basic Black for XP\ViOrb\ViOrb IntensityStyle RC1\ViOrbv2.exe size: 163840 MD5: 66DB6659A220A30B0F54419483D474A7 PID: 172 ( 444) C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe size: 618557 MD5: B21EACDAD44AB2F47C5630F4283FE833 PID: 824 (1268) C:\Archivos de programa\Bonjour\mDNSResponder.exe size: 229376 MD5: 73686FE0B2E0469F89FD2075BE724704 PID: 468 (1268) C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe size: 266295 MD5: D9E3B5AAD23BF7EFA6A5DE3C855E0DA2 PID: 1144 (1268) C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe size: 71096 MD5: FD306FBCCE7ADB1077B709742E7148E9 PID: 336 (1268) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 4F2340F0BD5B6365C38E74DD391919A8 PID: 224 (1268) C:\WINDOWS\system32\wdfmgr.exe size: 38912 MD5: AB0A7CA90D9E3D6A193905DC1715DED0 PID: 1908 (1268) C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe size: 247160 MD5: 1E105120FCA89F052081D94D8EDDD522 PID: 2068 (1268) C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe size: 349560 MD5: 0AC0D3338B4E4F2744B648FCC35A8BB3 PID: 2664 (1268) C:\WINDOWS\System32\alg.exe size: 44544 MD5: 764B7A1E6AE2D70416A7932F3B97AC99 PID: 556 (1568) C:\WINDOWS\system32\wuauclt.exe size: 53080 MD5: F3E9065EB617A7E3A832A7976BFA021B PID: 3008 ( 444) C:\Archivos de programa\Mozilla Firefox\firefox.exe size: 307712 MD5: A6D64056AD6CA84534143757FD782D7A PID: 680 (1268) C:\WINDOWS\system32\msiexec.exe size: 78848 MD5: 858653E3E1183B2F4CE924FDA8A256EF PID: 920 ( 444) C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe size: 1506544 MD5: 24A3D7D9DD5555F409CF909600D32D60 PID: 3032 ( 444) C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe size: 4891472 MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855 PID: 4 ( 0) System PID: 752 (3032) C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe size: 2156368 MD5: 08FC1FAD357F053043016597B6559BDC --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 24/07/2008 09:49:00 a.m. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://home.microsoft.com/access/autosearch.asp?p=%s HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\windows\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list ---
Bien, eliminando lo encontrado, pase el ccleaner, y armé un log HijackThis:Código:3262 Win32.Trojan.Monder Malware 10 [202814] File: C:\Documents and Settings\Martin Risolino\Configuración local\Temp\photo.zip 1394 Win32.Trojan-Dropper.Delf Malware 10 [190125] File: D:\Documentos\Descargas\SO\aresregular209_installer.exe 9999 [1] MRU Path: C:\Documents and Settings\Martin Risolino\Recent Count: 7 [3] MRU Registry Key: S-1-5-21-789336058-1220945662-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 3
Código:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:57:36 a.m., on 24/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\Resources\Themes\Aero Basic Black for XP\ViOrb\ViOrb IntensityStyle RC1\ViOrbv2.exe C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe C:\Archivos de programa\Bonjour\mDNSResponder.exe C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Martin Risolino\ofc.exe \o O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Archivos de programa\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Archivos de programa\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Archivos de programa\CDBurnerXP\NMSAccessU.exe -- End of file - 7186 bytes
Bueno, desde ya muchas gracias gente!!
Martin
Registrate para responder