Blog Registrarse Temas de Hoy AntiSpywares AntiVirus Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar Trojan.BHO en Ci.DLL (Terminado)
        
Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
 
Herramientas
  post #1 (permalink)  
Antiguo 11/08/08, 08:37:15
Usuario
  
Registrado: ago 2008
Ubicación: Madrid
Mensajes: 6
Trojan.BHO en Ci.DLL (Terminado)
Hola a todos. Ayer me iba lento internet (en un portátil HP Pavilion con Windows Vista) y tras pasar el Malwarebyte me detectó el Virtuamod, Vundo y BHO. Los dos primeros pude quitarlos, pero el BHO no, está en el archivo CI.DLL y no lo puedo eliminar. Si borro el archivo tengo problemas al reiniciar el ordenador, vuelve a un estado anterior y el virus sigue ahí.

Aquí os dejo el report del HijackThis por si podéis ayudarme:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:38, on 11/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {32ACC7AC-A567-4495-A11A-F88A9D8461E1} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://myoffice.deloitte.es/nortel_cacheable/iewiper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC4054B2-4FA8-48A2-83F0-F841059831A7}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 9097 bytes


Gracias de antemano.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #2 (permalink)  
Antiguo 11/08/08, 15:50:17
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 29.503
Re: Trojan.BHO en Ci.DLL
Hola afrikaner, te doy la bienvenida al Foro de InfoSpyware.


ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso. Si 48hrs después de dejarnos el reporte de DSS no recibes una respuesta me puedes enviar un mp de recordatorio.

  1. Descargar Deckard's System Scanner (DSS) y guárdalo en tu escritorio.
  2. Cerrar todas las ventanas abiertas.
  3. Hacele doble clic al archivo DSS.exe y seguí las instrucciones.
  4. Cuando termine, abrirá de forma automática un archivo llamado main.txt el cual tenes que pegar su contenido en este mismo mensaje utilizando el botón de respuesta.
    • *Nota* Si no se abre el log, puede encontrar el archivo en la carpeta C:\Deckard\System Scanner .
    • *Nota* Si está utilizando Vista, es necesario hacer clic con el botón derecho en el icono dss.exe y seleccionar Ejecutar como Administrador.
Cita:
Si tu antivirus o cortafuegos se queja, por favor, permite a correr este script , ya que no es malicioso.

  • Una vez generado el reporte es importante que no reinicies tu equipo ya que algunos malwares contienen nombres aleatorios que se modifican en cada reinicio.

  • Al momento de efectuar los pasos es importante que estén los navegadores y programas cerrados por lo que o imprime los pasos o cópialos al bloc de notas para que los tengas a mano.

  • Te recomiendo suscribirte al feed de nuestro Blog de InfoSpyware para estar al tanto de las nuevas amenazas que circulan por la red y así en un futuro puedas prevenirlas.

Salu2
Hablándole al mundo en "Twitter""

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #3 (permalink)  
Antiguo 11/08/08, 17:54:13
Usuario
  
Registrado: ago 2008
Ubicación: Madrid
Mensajes: 6
Re: Trojan.BHO en Ci.DLL
Gracias ElPiedra. Aquí pongo el log del DSS:

Deckard's System Scanner v20071014.68
Run by MGA on 2008-08-11 22:45:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as MGA.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:30, on 11/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MGA\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MGA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {32ACC7AC-A567-4495-A11A-F88A9D8461E1} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://myoffice.deloitte.es/nortel_cacheable/iewiper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC4054B2-4FA8-48A2-83F0-F841059831A7}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 9232 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>

S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 13:30:22 0 d-------- C:\Program Files\Trend Micro
2008-08-11 1001 0 d-------- C:\!KillBox
2008-08-11 10:00:22 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-08-11 09:51:13 0 d-------- C:\VundoFix Backups
2008-08-10 23:50:32 0 d-------- C:\Program Files\CCleaner
2008-08-10 23:12:01 0 d-------- C:\Users\All Users\Malwarebytes
2008-08-10 23:12:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 21:11:24 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-10 18:17:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-10 1816 0 d-------- C:\Program Files\Common Files\Adobe(1)
2008-08-10 1816 0 d-------- C:\Program Files\Adobe(0)
2008-08-10 16:57:01 32768 --a------ C:\Program Files\bcd_installed.exe
2008-08-10 15:27:30 0 d-------- C:\Users\All Users\LightScribe
2008-08-10 15:23:24 0 d-------- C:\Users\All Users\AOL
2008-08-10 15:09:42 0 d-------- C:\Program Files\Microsoft.NET
2008-08-10 15:05:50 0 dr-h----- C:\MSOCache
2008-08-06 15:28:46 0 d-------- C:\Windows\Sun
2008-08-05 16:16:49 0 d-------- C:\Program Files\Firaxis Games
2008-08-03 18:11:13 0 d-------- C:\Program Files\Telltale
2008-08-03 18:08:16 0 d-------- C:\Program Files\Elaborate Bytes
2008-08-02 12:50:47 0 d-------- C:\Users\All Users\eMule
2008-08-02 12:50:46 0 d-------- C:\Program Files\eMule
2008-08-01 20:16:40 0 d-------- C:\Oldgames
2008-08-01 20:15:22 0 d-------- C:\Program Files\DOSBox-0.72
2008-08-01 20:07:20 0 d--h----- C:\Windows\PIF
2008-08-01 20:06:07 0 -rahs---- C:\MSDOS.SYS
2008-08-01 20:06:07 0 -rahs---- C:\IO.SYS
2008-07-31 22:08:03 0 d-------- C:\Program Files\VideoLAN
2008-07-31 22:04:58 0 --a------ C:\Windows\nsreg.dat
2008-07-30 19:42:51 0 d-------- C:\Windows\system32\x64
2008-07-30 19:42:02 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-30 19:31:36 5702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-07-30 19:31:36 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-07-30 19:29:41 0 d-------- C:\Users\All Users\ESET
2008-07-30 19:19:51 0 d-------- C:\Program Files\Panda Security
2008-07-30 19:15:07 0 d-------- C:\Program Files\7-Zip
2008-07-29 23:53:21 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-29 23:53:05 0 d-------- C:\Program Files\Windows Live
2008-07-29 23:52:48 0 d-------- C:\Users\All Users\WLInstaller
2008-07-29 22:58:06 0 d-------- C:\Program Files\Telefonica
2008-07-29 22:49:51 0 d-------- C:\Program Files\uTorrent
2008-07-29 03:38:10 0 d--hs---- C:\System Volume Information
2008-07-29 01:29:40 0 d-------- C:\Program Files\MSXML 4.0
2008-07-29 01:06:49 0 d-------- C:\Users\MGA\Bluetooth Software
2008-07-29 01:06:17 0 dr------- C:\Users\MGA\Searches
2008-07-29 01:06:08 0 dr------- C:\Users\MGA\Contacts
2008-07-29 01:06:03 81 --a------ C:\Windows\system32\LOG
2008-07-29 01:06:01 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-07-28 20:58:59 0 d-------- C:\Users\All Users\Electronic Arts
2008-07-28 20:55:34 0 d-------- C:\Program Files\Electronic Arts
2008-07-28 20:53:40 0 d-------- C:\Program Files\Common Files\LightScribe
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\Templates
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\Start Menu
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\SendTo
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\Recent
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\PrintHood
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\NetHood
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\My Documents
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\Local Settings
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\Cookies
2008-07-28 20:52:19 0 d--hs---- C:\Users\MGA\Application Data
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Videos
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Saved Games
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Pictures
2008-07-28 20:52:18 1310720 --ahs---- C:\Users\MGA\ntuser.dat
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Music
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Links
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Favorites
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Downloads
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Documents
2008-07-28 20:52:18 0 dr------- C:\Users\MGA\Desktop
2008-07-28 20:52:18 0 d--h----- C:\Users\MGA\AppData


-- Find3M Report ---------------------------------------------------------------

2008-08-11 14:23:22 12 --a------ C:\Windows\bthservsdp.dat
2008-08-11 09:42:02 0 d-------- C:\Program Files\Microsoft Works
2008-08-10 23:12:04 0 d-------- C:\Users\MGA\AppData\Roaming\Malwarebytes
2008-08-10 18:57:00 0 d-------- C:\Users\MGA\AppData\Roaming\uTorrent
2008-08-10 18:57:00 0 d-------- C:\Program Files\Common Files
2008-08-10 18:57:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-10 18:17:53 0 d-------- C:\Users\MGA\AppData\Roaming\Adobe
2008-08-10 15:15:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-10 15:15:11 0 d-------- C:\Program Files\Sling Media
2008-08-04 17:39:18 0 d-------- C:\Users\MGA\AppData\Roaming\HP
2008-08-03 20:57:48 0 d-------- C:\Users\MGA\AppData\Roaming\vlc
2008-08-01 20:38:07 0 d-------- C:\Users\MGA\AppData\Roaming\CyberLink
2008-07-31 22:04:57 0 d-------- C:\Users\MGA\AppData\Roaming\Mozilla
2008-07-30 19:20:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-29 01:40:35 0 d-------- C:\Program Files\Windows Mail
2008-07-29 01:06:39 0 d-------- C:\Users\MGA\AppData\Roaming\Symantec
2008-07-29 01:06:10 0 d-------- C:\Users\MGA\AppData\Roaming\Identities
2008-07-29 01:04:23 0 d-------- C:\Users\MGA\AppData\Roaming\Macromedia
2008-07-28 21:00:39 0 d-------- C:\Users\MGA\AppData\Roaming\Hewlett-Packard
2008-07-28 21:00:36 0 dr------- C:\Program Files\Online Services
2008-07-28 20:53:44 0 d-------- C:\Program Files\HPQ
2008-05-29 10:33:35 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32ACC7AC-A567-4495-A11A-F88A9D8461E1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
31/08/2007 21:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [28/03/2008 02:05]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [17/01/2007 15:34]
"RtHDVCpl"="RtHDVCpl.exe" [09/10/2007 18:59 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [24/10/2007 12:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/12/2007 04:27]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/09/2007 23:31]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04/09/2007 22:54]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [17/08/2007 08:13]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/01/2008 04:23]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [23/08/2007 02:31]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 13:06]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [09/05/2007 02:24]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 18:47]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [09/01/2007 01:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 14:00]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20/02/2008 11:06]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [11/02/2008 20:13]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [11/02/2008 20:13]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [11/02/2008 20:13]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [30/06/2008 00:01]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [05/09/2007 22:09:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\nnnnoOfD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9b60650-5d0e-11dd-84a3-806e6f6e6963}]
acrobat\command- E:\Acrobat\rp505esp.exe
AutoRun\command- E:\CD.exe
iexplorer\command- E:\IE5.5\ie5setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-11 22:47:13 ------------
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #4 (permalink)  
Antiguo 12/08/08, 17:56:40
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 29.503
Re: Trojan.BHO en Ci.DLL
Hola afrikaner.

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)
Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O2 - BHO: (no name) - {32ACC7AC-A567-4495-A11A-F88A9D8461E1} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)




Paso 3- Ejecuta estas herramientas, de a una:
  • Malwarebytes' Anti-Malware
    *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.
  • Antes de usar ComboFix....
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
  • Cuando termine, generara un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:
  • Malwarebytes' Anti-Malware
  • C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2
Hablándole al mundo en "Twitter""

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #5 (permalink)  
Antiguo 12/08/08, 19:58:15
Usuario
  
Registrado: ago 2008
Ubicación: Madrid
Mensajes: 6
Re: Trojan.BHO en Ci.DLL
Hola ElPiedra. Tras pasar el HijackThis y darle a FixChecked en las entradas que decías, he pasado el Malwarebytes' Anti-Malware y no me ha detectado nada, aquí te pongo el informe:

Malwarebytes' Anti-Malware 1.24
Versión de la Base de Datos: 1045
Windows 6.0.6001 Service Pack 1

0:30:27 13/08/2008
mbam-log-8-13-2008 (00-30-27).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 174767
Tiempo transcurrido: 1 hour(s), 12 minute(s), 25 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


Luego he pasado el ComboFix. Este es el informe:

ComboFix 08-08-12.01 - MGA 2008-08-13 0:35:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1851 [GMT 2:00]
Running from: C:\Users\MGA\Desktop\Programas\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Windows\system32\KBL.LOG
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-11 22:45 . 2008-08-11 22:45 <DIR> d-------- C:\Deckard
2008-08-11 13:30 . 2008-08-11 13:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 12:37 . 2008-08-11 12:37 <DIR> d-------- C:\SDFix
2008-08-11 10:10 . 2008-08-11 12:48 <DIR> d-------- C:\!KillBox
2008-08-11 10:00 . 2008-08-11 10:00 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-08-11 09:51 . 2008-08-11 10:00 <DIR> d-------- C:\VundoFix Backups
2008-08-11 01:02 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-11 01:02 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-10 23:50 . 2008-08-10 23:51 <DIR> d-------- C:\Program Files\CCleaner
2008-08-10 23:12 . 2008-08-10 23:12 <DIR> d-------- C:\Users\MGA\AppData\Roaming\Malwarebytes
2008-08-10 23:12 . 2008-08-10 23:12 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-10 23:12 . 2008-08-11 01:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 23:12 . 2008-08-10 23:12 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-08-10 21:11 . 2008-08-11 13:18 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-10 21:11 . 2008-08-11 12:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-10 21:11 . 2008-08-11 13:18 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-08-10 18:17 . 2008-08-10 18:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-10 18:10 . 2008-08-10 18:17 <DIR> d-------- C:\Program Files\Common Files\Adobe(1)
2008-08-10 18:10 . 2008-08-10 18:10 <DIR> d-------- C:\Program Files\Adobe(0)
2008-08-10 16:57 . 2008-07-29 16:22 32,768 --a------ C:\Program Files\bcd_installed.exe
2008-08-10 15:27 . 2008-08-10 15:27 <DIR> d-------- C:\Users\All Users\LightScribe
2008-08-10 15:27 . 2008-08-10 15:27 <DIR> d-------- C:\PROGRA~2\LightScribe
2008-08-10 15:23 . 2008-08-10 15:23 <DIR> d-------- C:\Users\All Users\AOL
2008-08-10 15:23 . 2008-08-10 15:23 <DIR> d-------- C:\PROGRA~2\AOL
2008-08-10 15:09 . 2008-08-10 15:09 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-10 15:05 . 2008-08-10 15:05 <DIR> dr-h----- C:\MSOCache
2008-08-06 15:28 . 2008-08-06 15:28 <DIR> d-------- C:\Windows\Sun
2008-08-05 16:51 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-08-05 16:51 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-08-05 16:51 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-08-05 16:51 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-08-05 16:51 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-08-05 16:16 . 2008-08-05 16:16 <DIR> d-------- C:\Program Files\Firaxis Games
2008-08-04 17:39 . 2008-08-04 17:39 <DIR> d-------- C:\Users\MGA\AppData\Roaming\HP
2008-08-03 20:57 . 2008-08-03 20:57 <DIR> d-------- C:\Users\MGA\AppData\Roaming\vlc
2008-08-03 18:11 . 2008-08-03 18:11 <DIR> d-------- C:\Program Files\Telltale
2008-08-03 18:08 . 2008-08-03 18:08 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-08-03 18:08 . 2008-08-03 18:08 0 ---hs---- C:\Windows\SCD032829.tmp
2008-08-03 18:08 . 2008-08-03 18:08 0 --ahs---- C:\Windows\SCD032829(562).tmp
2008-08-02 12:50 . 2008-08-02 12:51 <DIR> d-------- C:\Users\All Users\eMule
2008-08-02 12:50 . 2008-08-02 12:50 <DIR> d-------- C:\Program Files\eMule
2008-08-02 12:50 . 2008-08-02 12:51 <DIR> d-------- C:\PROGRA~2\eMule
2008-08-01 20:38 . 2008-08-01 20:38 <DIR> d-------- C:\Users\MGA\AppData\Roaming\CyberLink
2008-08-01 20:16 . 2008-08-03 21:00 <DIR> d-------- C:\Oldgames
2008-08-01 20:15 . 2008-08-03 17:24 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-08-01 20:07 . 2008-08-01 20:07 <DIR> d--h----- C:\Windows\PIF
2008-07-31 22:08 . 2008-07-31 22:08 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-31 22:04 . 2008-07-31 22:04 0 --a------ C:\Windows\nsreg.dat
2008-07-30 19:42 . 2008-07-30 19:42 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-07-30 19:31 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-07-30 19:31 . 2008-03-03 18:21 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-07-30 19:29 . 2008-07-30 19:29 <DIR> d-------- C:\Users\All Users\ESET
2008-07-30 19:29 . 2008-07-30 19:29 <DIR> d-------- C:\Program Files\ESET
2008-07-30 19:29 . 2008-07-30 19:29 <DIR> d-------- C:\PROGRA~2\ESET
2008-07-30 19:19 . 2008-07-30 19:19 <DIR> d-------- C:\Program Files\Panda Security
2008-07-30 19:19 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-30 19:15 . 2008-07-30 19:15 <DIR> d-------- C:\Program Files\7-Zip
2008-07-30 19:08 . 2008-07-30 19:08 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-07-29 23:53 . 2008-07-30 00:00 <DIR> d-------- C:\Program Files\Windows Live
2008-07-29 23:53 . 2008-07-29 23:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-29 23:52 . 2008-07-29 23:52 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-07-29 23:52 . 2008-07-29 23:52 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-07-29 22:58 . 2008-07-29 22:58 <DIR> d-------- C:\Program Files\Telefonica
2008-07-29 22:58 . 2006-01-23 02:02 58,938 --a------ C:\Windows\System32\temp.000
2008-07-29 22:49 . 2008-08-10 18:57 <DIR> d-------- C:\Users\MGA\AppData\Roaming\uTorrent
2008-07-29 22:49 . 2008-07-29 22:49 <DIR> d-------- C:\Program Files\uTorrent
2008-07-29 01:29 . 2008-07-29 01:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-29 01:27 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-29 01:27 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-29 01:27 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-29 01:27 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-29 01:27 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-29 01:27 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-29 01:27 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-29 01:25 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-29 01:25 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-29 01:25 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-07-29 01:25 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-29 01:25 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-29 01:25 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-29 01:25 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-29 01:25 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-29 01:06 . 2008-07-29 01:06 <DIR> dr------- C:\Users\MGA\Searches
2008-07-29 01:06 . 2008-08-01 17:27 <DIR> dr------- C:\Users\MGA\Contacts
2008-07-29 01:06 . 2008-07-29 01:06 <DIR> d-------- C:\Users\MGA\Bluetooth Software
2008-07-29 01:06 . 2008-07-29 01:06 <DIR> d-------- C:\Users\MGA\AppData\Roaming\Symantec
2008-07-29 01:06 . 2008-07-29 01:06 81 --a------ C:\Windows\System32\LOG
2008-07-29 01:06 . 2008-07-29 01:06 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-07-28 21:00 . 2008-07-28 21:00 <DIR> d-------- C:\Users\MGA\AppData\Roaming\Hewlett-Packard
2008-07-28 20:58 . 2008-07-28 20:58 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-07-28 20:58 . 2008-07-28 20:58 <DIR> d-------- C:\PROGRA~2\Electronic Arts
2008-07-28 20:55 . 2008-07-28 20:59 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-28 20:53 . 2008-07-28 20:53 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-07-28 20:53 . 2008-07-28 20:53 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8211TQ7_E480576-001_4A_I30CC_SQuanta_V79.2E_F.56_T080514_WV3-1_L409_M3062_J250_7Intel_86FD_92.00_#080728_N10EC8 136;80864229_(FE820UA#ABA)_XMOBILE_CN10_Z.MRK
2008-07-28 20:52 . 2008-07-29 01:06 <DIR> dr------- C:\Users\MGA\Videos
2008-07-28 20:52 . 2008-07-29 01:06 <DIR> dr------- C:\Users\MGA\Saved Games
2008-07-28 20:52 . 2008-07-29 01:06 <DIR> dr------- C:\Users\MGA\Pictures
2008-07-28 20:52 . 2008-08-10 17:07 <DIR> dr------- C:\Users\MGA\Music
2008-07-28 20:52 . 2008-07-29 01:06 <DIR> dr------- C:\Users\MGA\Links
2008-07-28 20:52 . 2008-07-29 01:06 <DIR> dr------- C:\Users\MGA\Downloads
2008-07-28 20:52 . 2008-08-11 10:27 <DIR> dr------- C:\Users\MGA\Documents
2008-07-28 20:52 . 2006-11-02 14:37 <DIR> d-------- C:\Users\MGA\AppData\Roaming\Media Center Programs
2008-07-28 20:52 . 2008-07-28 20:52 <DIR> d--h----- C:\Users\MGA\AppData
2008-07-28 20:52 . 2008-08-11 18:31 <DIR> d-------- C:\Users\MGA
2008-07-14 23:34 . 2008-07-14 23:34 28,672 --a------ C:\Windows\System32\drivers\VClone.sys
2008-07-14 18:52 . 2008-07-14 18:52 80,840 --a------ C:\Windows\System32\ElbyVCD.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-11 07:42 --------- d-----w C:\Program Files\Microsoft Works
2008-08-10 16:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-10 13:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 13:15 --------- d-----w C:\Program Files\Sling Media
2008-08-10 13:12 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-08-07 20:03 --------- d-----w C:\PROGRA~2\WildTangent
2008-08-04 15:39 --------- d-----w C:\PROGRA~2\HP
2008-08-03 10:32 --------- d-----w C:\PROGRA~2\CyberLink
2008-07-30 17:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-30 17:12 --------- d-----w C:\PROGRA~2\Symantec
2008-07-28 23:40 --------- d-----w C:\Program Files\Windows Mail
2008-07-28 18:53 --------- d-----w C:\Program Files\HPQ
2008-06-23 19:10 25,288 ----a-w C:\Windows\system32\drivers\ElbyCDIO.sys
2008-05-29 08:33 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-29 08:33 315,392 ----a-w C:\Windows\HideWin.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 15:34 634880]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 12:02 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-20 04:27 468264]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2007-08-17 08:13 218408]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 02:31 80896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 02:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 18:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 01:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 14:00 132496]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 00:01 52168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 18:59 4702208 C:\Windows\RtHDVCpl.exe]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 22:09:54 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\nnnnoOfD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-02 02:10 1783136 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4220717016-591413238-161409349-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{FD70B73F-1FD2-4086-887E-17DB85C7E509}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{50E85B62-97D2-4CB1-89E3-E9E26263F4C2}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A91C4F27-BD6C-4674-8847-A68274199BD1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DDDBF51C-4766-4420-8174-F48C51EABBAC}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{D84046B8-D83D-42E6-A8CD-AA75270464BC}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{141EBAC9-A1EF-4150-816E-31B8ABCF7322}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{2F659A35-0A63-4430-A50C-EB4E04F3B606}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7F91532C-D0B8-4E53-B963-61927C52EA6C}C:\\program files\\telefonica\\asistcfg69\\awcbrwsr.exe"= UDP:C:\program files\telefonica\asistcfg69\awcbrwsr.exe:Aplicació n MFC awcbrwsr
"UDP Query User{40500ADC-E9B4-4FF5-8F46-F2140B1723B7}C:\\program files\\telefonica\\asistcfg69\\awcbrwsr.exe"= TCP:C:\program files\telefonica\asistcfg69\awcbrwsr.exe:Aplicació n MFC awcbrwsr
"{14F8FEF4-BAFE-497F-A543-18053E380356}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{702671D7-203E-4762-8B6E-C3C51A3A8379}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{3CBA0619-C91B-4BCC-8DD8-4274D2FE7864}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{E6AC0831-4358-4108-90C1-1AB150982EC2}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{7125C2FC-1B7B-4C1C-804A-64111B316F2F}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"TCP Query User{ACE327CE-C678-4EB5-B0E3-516AAFC4D58C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7755B1AC-F0D9-4B1F-8EC9-ABE04DF23801}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>*Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\program files\\bcd_installed.exe"= c:\program files\bcd_installed.exe:*:Enabled:Windows Application Service

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboo t.sys [2008-06-19 17:24]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfw tdir.sys [2008-02-20 11:11]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-20 04:28]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-20 04:28]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 15:12]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 15:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2007-09-18 15:12]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 19:30]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 11:45]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.s ys [2008-01-21 04:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9b60650-5d0e-11dd-84a3-806e6f6e6963}]
\shell\acrobat\command - E:\Acrobat\rp505esp.exe
\shell\AutoRun\command - E:\CD.exe
\shell\iexplorer\command - E:\IE5.5\ie5setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\MGA\AppData\Roaming\Mozilla\Firefox\Profi les\ebzgpuxt.default\
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 00:39:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
************************************************** ************************
.
Completion time: 2008-08-13 0:43:19 - machine was rebooted [MGA]
ComboFix-quarantined-files.txt 2008-08-12 22:43:11

Pre-Run: 192,008,622,080 bytes free
Post-Run: 191,881,175,040 bytes free

270 --- E O F --- 2008-08-08 07:17:46

Por último he pasado el CCleaner como decías.

Bueno, no sé si esto quiere decir que ya está todo arreglado (dado que el Malwarebytes no ha encontrado nada), espero tu confirmación.

Muchas gracias por todo, sois unas máquinas.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #6 (permalink)  
Antiguo 12/08/08, 20:38:24
Usuario
  
Registrado: ago 2008
Ubicación: Madrid
Mensajes: 6
Re: Trojan.BHO en Ci.DLL
Bueno, estoy viendo uno de los "efectos secundarios". El User Account Control, que estaba deshabilitado, aparece habilitado ahora. Si intento desactivarlo me encuentro con que según windows no está activado, pero sigue saliendo la ventanita pidiendo permiso cada vez que quiero hacer algo.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #7 (permalink)  
Antiguo 15/08/08, 01:23:22
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 29.503
Re: Trojan.BHO en Ci.DLL
Hola, Lamentablemente estuve 3 días sin conexión de internet por lo que recién ahora puedo volver a ver tu caso, por lo que si todavía no pudiste solucionarlos y continúan los problemas te sugiero poner un nuevo reporte de HijackThis del día de hoy y una breve descripciones de los actuales síntomas.

Salu2
Hablándole al mundo en "Twitter""

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #8 (permalink)  
Antiguo 15/08/08, 07:53:09
Usuario
  
Registrado: ago 2008
Ubicación: Madrid
Mensajes: 6
Re: Trojan.BHO en Ci.DLL
No te preocupes, ElPiedra. Se solucionó el problema de la velocidad de Internet, y el ordenador aparece desinfectado en teoría. Es sólo que el UAC (User Account Control) aparece habilitado y es imposible deshabilitarlo, cuando antes era posible habilitarlo y deshabilitarlo cuando quisieras. No sé si alguna otra cosa se habrá quedado tocada después del arreglo, en estos tres días no he notado nada más.
Aquí te dejo el informe del HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:37, on 15/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_es&c=81&bd=Pavilion &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} - https://myoffice.deloitte.es/nortel_cacheable/iewiper.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC4054B2-4FA8-48A2-83F0-F841059831A7}: NameServer = 80.58.61.250,80.58.61.254
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8254 bytes


Gracias por todo una vez más.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiMeneame
Responder Con Cita
  post #9 (permalink)  
Antiguo 15/08/08, 16:32:31
Avatar de ElPiedra
FS-Admin
  
Registrado: ene 2005
Ubicación: Miami
Mensajes: 29.503