 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Enviar a: | Herramientas |
 | 
11/04/09, 11:49:22
|  |
| |||
| Continuas ventanas de publicidad y CID Hola, mi problema es que siempre que estoy conectada a Internet, a veces sin tener abierta ni siquiera una ventana, saltan ventanas de publicidad, casinos.. y a mayoría de las veces ventanas CiD, que no sé lo que son. Buscando en Google, vi una de las respuestas que disteis aqui a alguien con mi problema, e intente seguir los pasos sin darme cuenta de que cada log del HijackThis es diferente, y no puedo continuar sin proporcionaros el mío. Me bajé los programas CCleaner, SUPERantiSpyware y Antimalware... porque ví que se lo aconsejabais a otra persona. aquí os dejo mi log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:48:20, on 11/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Acer\Empowering Technology\admServ.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\DrvMon.exe C:\documents and settings\cristina\local settings\application data\giekk.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\road pile.exe O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\MsgPlusUninsta ll.exe" /Cleanup O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - HKCU\..\Run: [way tool] C:\DOCUME~1\CRISTINA\APPLIC~1\DRIVEB~1\FunkObjSeek .exe O4 - HKCU\..\Run: [giekk] "c:\documents and settings\cristina\local settings\application data\giekk.exe" giekk O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 11055 bytes Gracias de antemano por vuestra ayuda   |
| InfoSpyware | ||
| |
|
14/04/09, 17:45:53
| |
| ||||
 Re: Continuas ventanas de publicidad y CID Hola Cris2310, bienvenid@ al foro de Infospyware.com. Tienes varias infecciones en el PC entre ellas el Adware navipromo y el LOP. Pasos para su eliminación. Desinstale los siguientes programas si los tuviera instalados: BS.Player ControlBar AGI Circle Development (CiD) <--- Ver nota sobre Messenger Plus¡  - Descargar y actualizar las siguientes herramientas: - Apagar el "Restaurar Sistema" y activa ver archivos ocultos. - Reiniciar en Modo Seguro.Cierra todos los programas y ejecuta HijackThis 2.0.2 y dale  a las siguientes entradas:R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\road pile.exe O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\MsgPlusUni nsta ll.exe" /Cleanup O4 - HKCU\..\Run: [way tool] C:\DOCUME~1\CRISTINA\APPLIC~1\DRIVEB~1\FunkObjSeek .exe O4 - HKCU\..\Run: [giekk] "c:\documents and settings\cristina\local settings\application data\giekk.exe" giekk  - Ejecutar estos programas (de a uno).
NOTA:Recuerda seleccionar la opcion "2" - "Automatic Cleaning" (limpieza automatica)
Cita:
 - Reinice en modo normal y ejecute Ccleaner, usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).  - Pegue los reportes de las herramientas Navilog, LOP S&D y Malwarebytes Antimalware junto a un nuevo Log de Hijackthis en modo normal para analizarlos. NOTA: -Para mayor comodidad imprime los pasos. -Al terminar los pasos esconde los archivos ocultos y activa restaurar sistema. -Recuerda volver y contarnos los resultados. ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso. Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
30/04/09, 11:51:33
| |
| |||
| Re: Continuas ventanas de publicidad y CID Ante todo muchisimas gracias por la ayuda! por ahora mi ordenador va estupendamente.. y ademas totalmente limpio de virus :) Os copio aquí los logs de Navilog, Lop S&D y Malwarebytes junto a un nuevo log de hijackthis. Navilog1 Navipromo Removal version 3.7.6 started on 30/04/2009 at 15:17:26,62 Fix running from C:\Program Files\navilog1 Updated on 14.03.2009 at 18h00 by IL-MAFIOSO Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ) BIOS : Ver 1.00PARTTBL USER : CRISTINA ( Administrator ) BOOT : Fail-safe boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) C:\ (Local Disk) - FAT32 - Total:53 Go (Free:12 Go) D:\ (Local Disk) - FAT32 - Total:53 Go (Free:10 Go) E:\ (CD or DVD) Automatic removal with Catchme and GNS results Cleanning stage done in safe mode *** fsbl1.txt not found *** (Check that Catchme found nothing in Search Mode) *** Deleting with Backups GenericNaviSearch results *** * Deletion in "C:\WINDOWS\System32" * * Deletion in "C:\Documents and Settings\CRISTINA\locals~1\applic~1" * * Deletion in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Deleting folders in "C:\WINDOWS" *** *** Deleting folders in "C:\Program Files" *** *** Deleting folders in "C:\Documents and Settings\All Users\startm~1\programs" *** *** Deleting folders in "C:\Documents and Settings\All Users\startm~1" *** *** Deleting folders in "c:\docume~1\alluse~1\applic~1" *** *** Deleting folders in "C:\Documents and Settings\CRISTINA\applic~1" *** *** Deleting folders in "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Deleting folders in "C:\Documents and Settings\CRISTINA\locals~1\applic~1" *** *** Deleting folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Deleting folders in "C:\Documents and Settings\CRISTINA\startm~1\programs" *** *** Deleting folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" *** *** Deleting files *** *** Deleting temporary files *** Cleaning of C:\WINDOWS\Temp done ! Cleaning of C:\Documents and Settings\CRISTINA\locals~1\Temp done ! *** Complementary Search *** (Search specific files) 1)Deletion with backups new Instant Access files: 2)Heuristic search and deletion with backups : * In "C:\WINDOWS\system32" * C:\WINDOWS\prefetch\ymooi*.pf found ! Copy C:\WINDOWS\prefetch\ymooi*.pf done ! C:\WINDOWS\prefetch\ymooi*.pf deleted ! * In "C:\Documents and Settings\CRISTINA\locals~1\applic~1" * ymooi.exe found ! Copy ymooi.exe done ! ymooi.exe deleted ! ymooi.dat found ! Copy ymooi.dat done ! ymooi.dat deleted ! ymooi_navps.dat found ! Copy ymooi_navps.dat done ! ymooi_navps.dat deleted ! ymooi_nav.dat found ! Copy ymooi_nav.dat done ! ymooi_nav.dat deleted ! * In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Copy Registry to Safebackup folder *** Backing up Registry done ! *** Cleaning Registry *** Registry cleaned *** Certificates *** Egroup Certificate not found ! Electronic-Group Certificate not found ! Montorgueil Certificate not found ! OOO-Favorit Certificate not found ! Sunny-Day-Design-Ltd Certificate not found ! *** Search others known folders and files *** *** Cleaning stage complete on 30/04/2009 at 15:20:07,09 *** Lop S&D --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ) BIOS : Ver 1.00PARTTBL USER : CRISTINA ( Administrator ) BOOT : Fail-safe boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) C:\ (Local Disk) - FAT32 - Total:53 Go (Free:12 Go) D:\ (Local Disk) - FAT32 - Total:53 Go (Free:10 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 30/04/2009|15:08 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ELIMINAR í Borrado ! - C:\WINDOWS\Tasks\AE359BEB918A12D3.job í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does\tick date.exe í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does\tick date.dat í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\FunkObjSeek .exe í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\ftdsctoc.ex e í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\storegreydv dmail.exe í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\Meet Live Rect.exe í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\tyzgyjci.ex e í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\qkxbrpte.ex e í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1\xaaybvey.ex e í Borrado ! - C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\nsf51.tmp í Borrado ! - C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\NSSstub.txt í Borrado ! - C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\sta1.exe í Borrado ! - C:\DOCUME~1\CRISTINA\Cookies\cristina@www.adserver 5[1].txt í Borrado ! - C:\DOCUME~1\CRISTINA\Cookies\cristina@advertising[1].txt í Borrado ! - C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\bis4.exe í Borrado ! - C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\bis2.exe í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Admin Inter 1 Mags í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\live 64 math does í Borrado ! - C:\DOCUME~1\CRISTINA\APPLIC~1\driveb~1 í Borrado ! - C:\Program Files\driveb~1 - [ Archivo Hosts ] .. Restaurado \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Lista de carpetas en APPLIC~1 [01/09/2006|07:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Acer [01/09/2006|06:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [01/09/2006|06:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [0|archivos] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes [5|dirs] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes libres [01/09/2006|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer [01/09/2006|07:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [27/09/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\agi [20/11/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [20/11/2008|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [03/12/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [30/09/2008|00:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [27/09/2008|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel [24/10/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar [11/04/2009|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [01/09/2006|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/12/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [11/04/2009|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [05/09/2006|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [27/09/2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [11/04/2009|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [0|archivos] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes [18|dirs] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes libres [01/09/2006|06:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [0|archivos] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes [3|dirs] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes libres [28/09/2008|13:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi [01/09/2006|06:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [0|archivos] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes [4|dirs] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes libres [01/09/2006|07:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Acer [01/09/2006|06:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [01/09/2006|06:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [0|archivos] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes [5|dirs] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes libres [01/09/2006|07:40] C:\DOCUME~1\CRISTINA\APPLIC~1\Acer [27/09/2008|19:22] C:\DOCUME~1\CRISTINA\APPLIC~1\Adobe [11/10/2008|16:04] C:\DOCUME~1\CRISTINA\APPLIC~1\AdobeUM [27/09/2008|20:32] C:\DOCUME~1\CRISTINA\APPLIC~1\agi [06/02/2009|11:06] C:\DOCUME~1\CRISTINA\APPLIC~1\Apple Computer [05/12/2008|01:47] C:\DOCUME~1\CRISTINA\APPLIC~1\BitTorrent [04/10/2008|01:30] C:\DOCUME~1\CRISTINA\APPLIC~1\BSplayer [04/10/2008|01:30] C:\DOCUME~1\CRISTINA\APPLIC~1\BSplayer Pro [06/03/2009|21:13] C:\DOCUME~1\CRISTINA\APPLIC~1\Canon [30/09/2008|00:59] C:\DOCUME~1\CRISTINA\APPLIC~1\CyberLink [07/02/2009|12:13] C:\DOCUME~1\CRISTINA\APPLIC~1\DivX [05/12/2008|01:47] C:\DOCUME~1\CRISTINA\APPLIC~1\DNA [01/09/2006|06:51] C:\DOCUME~1\CRISTINA\APPLIC~1\Identities [27/09/2008|14:29] C:\DOCUME~1\CRISTINA\APPLIC~1\Macromedia [11/04/2009|16:10] C:\DOCUME~1\CRISTINA\APPLIC~1\Malwarebytes [01/09/2006|06:25] C:\DOCUME~1\CRISTINA\APPLIC~1\Microsoft [11/10/2008|21:32] C:\DOCUME~1\CRISTINA\APPLIC~1\Mozilla [03/12/2008|20:00] C:\DOCUME~1\CRISTINA\APPLIC~1\OpenOffice.org [19/03/2009|15:32] C:\DOCUME~1\CRISTINA\APPLIC~1\Opera [03/12/2008|19:57] C:\DOCUME~1\CRISTINA\APPLIC~1\Sun [11/04/2009|16:00] C:\DOCUME~1\CRISTINA\APPLIC~1\SUPERAntiSpyware.com [19/11/2008|16:05] C:\DOCUME~1\CRISTINA\APPLIC~1\WinRAR [11/04/2009|15:56] C:\DOCUME~1\CRISTINA\APPLIC~1\Yahoo! [0|archivos] C:\DOCUME~1\CRISTINA\APPLIC~1\bytes [25|dirs] C:\DOCUME~1\CRISTINA\APPLIC~1\bytes libres --------------------\\ Tareas programadas en C:\WINDOWS\Tasks [29/04/2009 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan for CRISTINA.job [28/04/2009 20:49][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [30/04/2009 14:52][--ah-----] C:\WINDOWS\tasks\SA.DAT [10/08/2004 20:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Lista de carpetas en C:\Program Files [27/09/2008|14:27] C:\Program Files\Acer [01/09/2006|07:24] C:\Program Files\Acer Inc [01/09/2006|07:25] C:\Program Files\Adobe [27/09/2008|20:32] C:\Program Files\AGI [20/11/2008|23:54] C:\Program Files\Apple Software Update [06/03/2009|19:11] C:\Program Files\ArcSoft [07/03/2009|17:02] C:\Program Files\Ares [03/12/2008|18:55] C:\Program Files\AVG [05/12/2008|01:47] C:\Program Files\BitTorrent [04/10/2008|01:30] C:\Program Files\BS.Player ControlBar [06/03/2009|19:13] C:\Program Files\Caere [06/03/2009|21:06] C:\Program Files\Canon [11/04/2009|15:56] C:\Program Files\CCleaner [12/04/2009|17:17] C:\Program Files\Circle Develoement [01/09/2006|06:26] C:\Program Files\Common Files [01/09/2006|06:35] C:\Program Files\ComPlus Applications [01/09/2006|07:21] C:\Program Files\CONEXANT [01/09/2006|07:26] C:\Program Files\CyberLink [07/02/2009|12:08] C:\Program Files\DivX [05/12/2008|01:47] C:\Program Files\DNA [27/09/2008|17:35] C:\Program Files\eMule [01/09/2006|06:53] C:\Program Files\EnglishOtto [07/03/2009|12:44] C:\Program Files\FLV Player [01/09/2006|06:53] C:\Program Files\GemMaster [01/09/2006|07:20] C:\Program Files\InstallShield Installation Information [01/09/2006|06:46] C:\Program Files\Intel [01/09/2006|06:37] C:\Program Files\Internet Explorer [03/12/2008|19:58] C:\Program Files\Java [03/12/2008|19:59] C:\Program Files\JRE [27/09/2008|14:24] C:\Program Files\Launch Manager [11/04/2009|16:10] C:\Program Files\Malwarebytes' Anti-Malware [01/09/2006|06:34] C:\Program Files\Messenger [12/04/2009|17:17] C:\Program Files\Messenger Plus! Live [29/09/2008|00:36] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [01/09/2006|06:40] C:\Program Files\microsoft frontpage [27/09/2008|18:49] C:\Program Files\Microsoft SQL Server Compact Edition [01/09/2006|06:34] C:\Program Files\Movie Maker [11/10/2008|21:32] C:\Program Files\Mozilla Firefox [01/09/2006|06:34] C:\Program Files\MSN [01/09/2006|06:34] C:\Program Files\MSN Gaming Zone [29/09/2008|00:33] C:\Program Files\MSXML 4.0 [30/04/2009|15:06] C:\Program Files\Navilog1 [01/09/2006|06:37] C:\Program Files\NetMeeting [01/09/2006|07:31] C:\Program Files\NewTech Infosystems [13/04/2009|13:47] C:\Program Files\Norton Security Scan [01/09/2006|06:35] C:\Program Files\Online Services [03/12/2008|19:59] C:\Program Files\OpenOffice.org 3 [03/12/2008|19:57] C:\Program Files\OpenOffice.org 3.0 (es) Installation Files [01/09/2006|06:37] C:\Program Files\Outlook Express [20/11/2008|23:54] C:\Program Files\QuickTime [01/09/2006|07:20] C:\Program Files\Realtek [14/11/2008|18:13] C:\Program Files\Reconst. Humanas [20/04/2009|16:34] C:\Program Files\SecureW2 [01/04/2009|21:36] C:\Program Files\Softinterface, Inc [24/01/2009|21:23] C:\Program Files\Sony Ericsson [11/04/2009|16:00] C:\Program Files\SUPERAntiSpyware [05/09/2006|03:52] C:\Program Files\Symantec [01/09/2006|07:23] C:\Program Files\Synaptics [11/04/2009|16:15] C:\Program Files\Trend Micro [01/09/2006|06:51] C:\Program Files\Uninstall Information [04/10/2008|01:30] C:\Program Files\Webteh [27/09/2008|18:35] C:\Program Files\Windows Live [01/09/2006|06:35] C:\Program Files\Windows Media Player [01/09/2006|06:34] C:\Program Files\Windows NT [01/09/2006|06:34] C:\Program Files\Windows Plus [01/09/2006|07:10] C:\Program Files\Windows XP MUI Pack [01/09/2006|06:38] C:\Program Files\WindowsUpdate [27/09/2008|14:25] C:\Program Files\WinPCap [19/11/2008|15:56] C:\Program Files\WinRAR [01/09/2006|06:40] C:\Program Files\xerox [11/04/2009|15:56] C:\Program Files\Yahoo! [0|archivos] C:\Program Files\bytes [73|dirs] C:\Program Files\bytes libres --------------------\\ Lista de carpetas en C:\Program Files\Common Files [27/09/2008|14:28] C:\Program Files\Common Files\Acer [01/09/2006|07:25] C:\Program Files\Common Files\Adobe [06/03/2009|18:49] C:\Program Files\Common Files\Adobe Systems Shared [06/03/2009|19:13] C:\Program Files\Common Files\Caere [01/09/2006|07:20] C:\Program Files\Common Files\InstallShield [03/12/2008|19:58] C:\Program Files\Common Files\Java [01/09/2006|07:33] C:\Program Files\Common Files\LightScribe [27/09/2008|14:28] C:\Program Files\Common Files\Logitech [01/09/2006|06:26] C:\Program Files\Common Files\Microsoft Shared [01/09/2006|06:37] C:\Program Files\Common Files\MSSoap [01/09/2006|07:32] C:\Program Files\Common Files\muvee Technologies [01/09/2006|07:32] C:\Program Files\Common Files\NewTech Infosystems [01/09/2006|06:26] C:\Program Files\Common Files\ODBC [27/09/2008|16:58] C:\Program Files\Common Files\Panda Software [01/09/2006|06:37] C:\Program Files\Common Files\Services [01/09/2006|06:26] C:\Program Files\Common Files\SpeechEngines [05/09/2006|03:52] C:\Program Files\Common Files\Symantec Shared [01/09/2006|06:37] C:\Program Files\Common Files\System [21/03/2009|21:51] C:\Program Files\Common Files\Windows Live [27/09/2008|18:36] C:\Program Files\Common Files\WindowsLiveInstaller [0|archivos] C:\Program Files\Common Files\bytes [22|dirs] C:\Program Files\Common Files\bytes libres --------------------\\ Process ( 14 Processes ) ... OK ! --------------------\\ Deteccion con S_Lop ¡ No se encontraron carpetas Lop ! --------------------\\ Deteccion de archivos y carpetas Lop ¡ No se encontraron carpetas Lop ! --------------------\\ Deteccion en el registro de windows [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] ..... OK ! --------------------\\ Analizando el archivo Hosts Archivo Hosts LIMPIO --------------------\\ Deteccion de archivos invisibles con Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-30 15:11:30 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Deteccion de otras infecciones C:\DOCUME~1\CRISTINA\LOCALS~1\APPLIC~1\ymooi.dat C:\DOCUME~1\CRISTINA\LOCALS~1\APPLIC~1\ymooi.exe C:\DOCUME~1\CRISTINA\LOCALS~1\APPLIC~1\ymooi_navps .dat C:\DOCUME~1\CRISTINA\LOCALS~1\APPLIC~1\ymooi_nav.d at ==> EGDACCESS <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\UDQRDFT7\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\UDQRDFT7\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\UDQRDFT7\pdf-crack[3].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[5].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[3].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[4].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\JKL41RNU\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\JKL41RNU\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\88A480KP\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\XRWAA2BD\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\XRWAA2BD\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5ZJZPMSL\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\IQGNINTF\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\IQGNINTF\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\IQGNINTF\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5QC4MP71\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5QC4MP71\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\4HYXY8WM\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\MS1F6F1O\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\KJ863A4W\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\KJ863A4W\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\HXVXWONN\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\NJROR6EN\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Recent\Adrenergic stimulants pdf-crack.lnk C:\DOCUME~1\CRISTINA\Recent\adrenergic blockers pdf-crack.lnk C:\DOCUME~1\CRISTINA\Recent\the autonomic nervous system.pdf-crack.lnk [F:2338][D:65]-> C:\DOCUME~1\CRISTINA\LOCALS~1\Temp [F:155][D:0]-> C:\DOCUME~1\CRISTINA\Cookies [F:15586][D:27]-> C:\DOCUME~1\CRISTINA\LOCALS~1\TEMPOR~1\content.IE5 [F:30][D:4]-> C:\Recycled 1 - "C:\Lop SD\LopR_1.txt" - 30/04/2009|15:12 - Option : [2] --------------------\\ Analisis terminado a 15:12:18 Malwarebytes Malwarebytes' Anti-Malware 1.36 Versión de la Base de Datos: 1945 Windows 5.1.2600 Service Pack 3 30/04/2009 16:27:41 mbam-log-2009-04-30 (16-27-41).txt Tipo de examen : Examen Completo (C:\|D:\|) Objetos examinados: 168529 Tiempo transcurrido: 1 hour(s), 6 minute(s), 33 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:08, on 30/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Acer\Empowering Technology\admServ.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\DOCUME~1\CRISTINA\LOCALS~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.cv.uma.es:3128 R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 10260 bytes Repito: MUCHISIMAS GRACIAS! Última edición por Cris2310 fecha: 30/04/09 a las 11:54:13. |
|
30/04/09, 12:20:09
| |
| ||||
| Re: Continuas ventanas de publicidad y CID Para finalizar realiza lo siguiente: Ejecuta Lop S & D y escoge la opción 4 Lop Script. Se abrirá el bloc de notas con el nombre LopScript. Escriba la ruta de los archivos y/o carpetas a eliminar. Código: C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\UDQRDFT7\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\UDQRDFT7\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\UDQRDFT7\pdf-crack[3].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[5].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[3].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5BTKYTWA\pdf-crack[4].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\JKL41RNU\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\JKL41RNU\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\88A480KP\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\XRWAA2BD\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\XRWAA2BD\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5ZJZPMSL\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\IQGNINTF\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\IQGNINTF\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\IQGNINTF\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5QC4MP71\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\5QC4MP71\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\4HYXY8WM\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\MS1F6F1O\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\KJ863A4W\pdf-crack[1].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\KJ863A4W\pdf-crack[2].pdf C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\HXVXWONN\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Local Settings\Temporary Internet Files\Content.IE5\NJROR6EN\pdf-crack[1].htm C:\DOCUME~1\CRISTINA\Recent\Adrenergic stimulants pdf-crack.lnk C:\DOCUME~1\CRISTINA\Recent\adrenergic blockers pdf-crack.lnk C:\DOCUME~1\CRISTINA\Recent\the autonomic nervous system.pdf-crack.lnk Al cerrar el bloc de notas aparecerá el siguiente aviso preguntando si desea guardar los cambios en el documento CLopSD\LopScript.txt, en el cual deberá hacer clic en Sí. Permita que el script se ejecute correctamente hasta el final, revise el manual en el apartado 4 Lop Script si tiene dudas: Manual de Lop S & D Al finalizar se abrirá el bloc de notas con un reporte que además de mostrar los resultados del escaneo, muestra los archivos y/o carpetas mandados a eliminar y si fue exitoso dicho procedimiento. Copie el contenido de ese reporte para verificar el procedimiento y dar por solucionado el tema.  ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso. Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| ventanas de publicidad entre ellas Cid | epanadero | Foro de Virus y Spywares | 2 | 29/02/08 03:32:44 |
| No He Podido Quitar Las Ventanas Emergentes Del Cid! | dulceflor | Foro de Virus y Spywares | 27 | 22/02/08 22:26:05 |
| dance_dec_jpg.zip (solucionado) | Antoo | Temas Solucionados | 14 | 14/11/07 02:50:25 |
| Problema al encender el pc , ¿es un virus? | Nazonazo Hakase | Foro de Virus y Spywares | 6 | 06/11/07 17:55:44 |
| Solo para genios en virus y PC | MasterVideogame | Foro de Virus y Spywares | 2 | 22/09/07 00:20:23 |
Todas las horas son GMT -4. La hora es 05:12:00.
