• Registrarse
  • Iniciar sesión


    • Bienvenidos al Foro de InfoSpyware


    La mayor comunidad en idioma español de:


    •  » Información, Consejos y Ayuda
    •  » Para Detectar, Protegerse y Eliminar:
    •  » Virus, Spywares, Adwares, Troyanos, Rogues,
    •  » Rootkits, Keygens, Gusanos, Ransomwares, Falsos AVs,

      • ...Malwares en general y otras amenazas que inundan la internet


      Regístrese para solicitar ayuda personalizada, o siga guías de ayuda.


      Registrarse    Solicitar Ayuda


      p.s.: Pueden seguirnos en nuestras vías de difusión: Twitter, G+, Blog, Facebook.

    Resultados 1 al 2 de 2

    Dudas sobre archivo oculto. (Cerrado)

    Resumen del tema: Dudas sobre archivo oculto. (Cerrado) - Hola muy buenas¡¡ Haciendo el escaneo diario, el Spyware Terminator me encontró dos archivos criticos los cuales se encontraban en: C:\Documents and Settings\All Users\Datos de programa\MPK\1\. Primero lo busque en mi Pc y no salia ...

    1. 30/01/10, 15:03:48 #1
      alberto_48
      alberto_48 está offline
      Usuario Avatar de alberto_48
      Registrado
      mar 2009
      Ubicación
      españa
      Mensajes
      6

      Dudas sobre archivo oculto. (Cerrado)

      Hola muy buenas¡¡
      Haciendo el escaneo diario, el Spyware Terminator me encontró dos archivos criticos los cuales se encontraban en: C:\Documents and Settings\All Users\Datos de programa\MPK\1\.
      Primero lo busque en mi Pc y no salia el susodicho archivo por ningún sitio y también lo busque en el Google para saber algo sobre él pero no me aclaraban de que se trataba. Por eso le dí a eliminar y se elimino al momento, pero antes hice un Log con el HijackThis y aquí se lo mando si se ve algún indicio de infeccion. o de que programa trata.
      Tambíen le mando el Logfile del Spyware Terminator.
      Le doy las gracias de antemano, esperando sus respuestas.


      Logfile of Spyware Terminator v2.5.1.028 (db:3.011.010.000)
      Scan Time: 30/01/2010 15:30:06 length: 4861 s
      Platform: WXP (5.1.0.2600)
      User: Admin
      Boot Mode: Normal
      Scan type: completo
      Scanned Objects: 150636 (Critical:2)
      Filter: No System items, No Safe items, No Invalid items

      Running Processes
      Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
      Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
      CLCapSvc.exe : C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      RichVideo.exe : C:\Archivos de programa\Cyberlink\Shared files\RichVideo.exe
      SeaPort.exe [Microsoft Corporation] : C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      TuneUpUtilitiesService32.exe [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      CLSched.exe : C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      TuneUpUtilitiesApp32.exe [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
      GoogleUpdate.exe [Google Inc.] : C:\Archivos de programa\Google\Update\GoogleUpdate.exe
      integrator.exe [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\integrator.exe

      Internet Settings
      R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie
      R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.msn.com/
      R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
      R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
      R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

      BHO
      02 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - [Microsoft Corporation] : C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - [Google Inc.] : C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
      02 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll

      Toolbars
      03 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
      03 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - [Google Inc.] : C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll

      StartUps
      04 - Startup: : C:\Documents and Settings\alberto\Menú Inicio\Programas\Inicio\desktop.ini
      04 - Startup: : C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini

      Shell Extensions
      WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Archivos de programa\WinZip\WZSHLSTB.DLL
      WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Archivos de programa\WinZip\WZSHLSTB.DLL
      WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Archivos de programa\WinZip\WZSHLSTB.DLL
      WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing, S.L.] : C:\Archivos de programa\WinZip\WZSHLSTB.DLL
      NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Archivos de programa\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
      CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Mail\mailcomm.dll
      Extensión de iconos de archivo de Outlook - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Archivos de programa\Microsoft Office\Office10\OLKFSTUB.DLL
      WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - [Alexander Roshal] : C:\Archivos de programa\WinRAR\rarext.dll
      - {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
      Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll
      Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Archivos de programa\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
      Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Archivos de programa\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
      Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Archivos de programa\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
      Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll
      Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll
      Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll
      TuneUp Theme Extension - {44440D00-FF19-4AFC-B765-9A0970567D97} - [TuneUp Software] : C:\WINDOWS\system32\uxtuneup.dll
      TuneUp Shredder Shell Extension - {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} - [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\SDShelEx-win32.dll
      TuneUp Disk Space Explorer Shell Extension - {4838CD50-7E5D-4811-9B17-C47A85539F28} - [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\DseShExt-x86.dll

      Protocol Handler
      - {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
      - {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
      Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL
      Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Archivos de programa\Windows Live\Mail\mailcomm.dll

      Services
      23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\ALCXWDM.SYS
      23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
      23 - : C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      23 - : C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      23 - : C:\WINDOWS\system32\giveio.sys
      23 - [Ahead Software AG] : C:\WINDOWS\system32\Drivers\imagedrv.sys
      23 - [Ahead Software AG] : C:\WINDOWS\system32\DRIVERS\imagesrv.sys
      23 - : C:\Archivos de programa\Cyberlink\Shared files\RichVideo.exe
      23 - [Microsoft Corporation] : C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      23 - [Windows (R) 2000 DDK provider] : C:\WINDOWS\system32\speedfan.sys
      23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
      23 - [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      23 - [TuneUp Software] : C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

      Winlogon Notify
      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll

      Threat Files
      <KGBKeylogger> : C:\Documents and Settings\All Users\Datos de programa\MPK\1\D0000

      Advanced Files Report
      %SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for Windows] MD5=B1A88C751D0E3FC66D101656B2E8E3A2 SIZE=118784
      %SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for Windows] MD5=65B2AF103A6BF703D9BA6873C4725553 SIZE=483328
      %SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=DEA2F8B8A0781BD893044412C2420636 SIZE=43520
      %SYSDIR%\atipdlxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=1F16C1D344A8AB01E71EAC9C24D3B613 SIZE=143360
      %SYSDIR%\uxtuneup.dll [TuneUp Software] [TuneUp Utilities] MD5=7C1BC505820498CC88BDCB4C696C9012 SIZE=30024
      %SYSDIR%\lxcglmpm.DLL [Printer Communication System] MD5=E8DB4006DCB45E1188A2F74627EB5FD8 SIZE=483328
      %SYSDIR%\LXPRMON.DLL MD5=0134991354C39464BD958BF31FA51F90 SIZE=32768
      %SYSDIR%\IMGMAN32.dll [Data Techniques, Inc.] [ImageMan Image Processing Toolkit] MD5=86C5AAC31EA7909121327701045F74BD SIZE=339968
      %SYSDIR%\IM31IMG.DIL [Data Techniques, Inc.] [ImageMan Image Processing Toolkit] MD5=9F22E3CE1639917EB07DCC730CD0D410 SIZE=49152
      %SYSDIR%\LXPMONRC.DLL [Lexmark International, Inc.] [Monitor de impresión del Software de soluciones de fax Lexmark] MD5=EBC64C771AF07A159E9E90D935DB8C84 SIZE=12288
      %SYSDIR%\spool\PRTPROCS\W32X86\lxcgpp5c.dll [Lexmark International, Inc.] [Windows 2K/XP printer driver] MD5=0CBA83462C23E6EB7C641706E5686409 SIZE=73728
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [CLCapSvc Module] MD5=857DC69FE72FE61F44C49577EE47C70C SIZE=290913
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll [CLCapEngine Dynamic Link Library] MD5=FC42DAC9F867BF7C59E4ECF9FBF10A1C SIZE=249959
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll [CyberLink Corp.] [CyberLink CLRec4.1] MD5=0526F4E55C4C3BC9DDC7C54888BAA06C SIZE=4890686
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll MD5=4C46AFB45A6BD5E8CC787367C7DDEA84 SIZE=32768
      %PROGRAMFILES%\Cyberlink\Shared files\RichVideo.exe [RichVideo Module] MD5=C1C132455200AD4704142442C89D0FA4 SIZE=262247
      %PROGRAMFILES%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [Microsoft Corporation] [Microsoft Search Enhancement Pack] MD5=271077B91D7AD1B616F8AFDFE8E3F981 SIZE=240512
      %PROGRAMFILES%\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [TuneUp Software] [TuneUp Utilities] MD5=1336FEFBAD50CE9631414FACED46E939 SIZE=1044808
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [CLSched Module] MD5=35CE7DC4DCA397DC1DB4E889AA0ACCDE SIZE=118879
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll [CLSchMgr Dynamic Link Library] MD5=05B6FC9A52739D03F8B5FC5257580FCD SIZE=114785
      %PROGRAMFILES%\CyberLink\PowerCinema\Kernel\TV\CLTinyDB.dll [CLTinyDB Dynamic Link Library] MD5=1A2FDC2ACE010AE074F7A4BA4113ABF7 SIZE=339968
      %PROGRAMFILES%\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe [TuneUp Software] [TuneUp Utilities] MD5=58F5634AAA5CD762EFAD06BACC1DD4FA SIZE=713032
      %PROGRAMFILES%\Google\Update\GoogleUpdate.exe [Google Inc.] [Google Update] MD5=626A24ED1228580B9518C01930936DF9 SIZE=133104
      %PROGRAMFILES%\Google\Update\1.2.183.13\goopdate.dll [Google Inc.] [Google Update] MD5=EB24B0549C3F45594AF82A452CD4F822 SIZE=681968
      %PROGRAMFILES%\TuneUp Utilities 2010\integrator.exe [TuneUp Software] [TuneUp Utilities] MD5=87B294A97E34C97EC629D7AD9C8A5A39 SIZE=662856
      %PROGRAMFILES%\TuneUp Utilities 2010\rtl120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=DD82EB68D97944B192C7803EB585B03C SIZE=1095168
      %PROGRAMFILES%\TuneUp Utilities 2010\AppInitialization.bpl [TuneUp Software] [TuneUp Utilities] MD5=4E0164DFBD7A1F8D6681584D34B0F733 SIZE=229704
      %PROGRAMFILES%\TuneUp Utilities 2010\tulic.dll [TuneUp Software] [TuneUp Utilities] MD5=D34C754E4F95BEF890DEE03C0A2C5F27 SIZE=484168
      %PROGRAMFILES%\TuneUp Utilities 2010\DEC.bpl [TuneUp Software] [TuneUp Utilities] MD5=864A07DB2AD2AEDC53299541424CC379 SIZE=377672
      %PROGRAMFILES%\TuneUp Utilities 2010\MainControls.bpl [TuneUp Software] [TuneUp Utilities] MD5=73DC37146C88AF2EA3AE20D78572FA0F SIZE=658760
      %PROGRAMFILES%\TuneUp Utilities 2010\vcl120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=773EBD87010A6F644869A59D98792C9C SIZE=1995776
      %PROGRAMFILES%\TuneUp Utilities 2010\GR32_D6.bpl [TuneUp Software] [TuneUp Utilities] MD5=D054B901368678EB143FA5D71C01D497 SIZE=393032
      %PROGRAMFILES%\TuneUp Utilities 2010\vclimg120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=F598B59A553C84677E335C590F94EA5E SIZE=271360
      %PROGRAMFILES%\TuneUp Utilities 2010\RegExp.bpl [TuneUp Software] [TuneUp Utilities] MD5=6646663526696E40A2417E3535B49D59 SIZE=48456
      %PROGRAMFILES%\TuneUp Utilities 2010\XMLComponents.bpl [TuneUp Software] [TuneUp Utilities] MD5=E1570D142238735AB5CFD503B4EDAADE SIZE=53576
      %PROGRAMFILES%\TuneUp Utilities 2010\TUTransl.bpl [TuneUp Software] [TuneUp Utilities] MD5=34AB8E2D683A58225720391984C2257E SIZE=61256
      %PROGRAMFILES%\TuneUp Utilities 2010\TUKernel.bpl [TuneUp Software] [TuneUp Utilities] MD5=43206CEF8658C6AFC33708E86F4D3893 SIZE=297800
      %PROGRAMFILES%\TuneUp Utilities 2010\TUBasic.bpl [TuneUp Software] [TuneUp Utilities] MD5=4BC9A7A0560A0809038FA8D17E89DCC7 SIZE=139592
      %PROGRAMFILES%\TuneUp Utilities 2010\TUBase.bpl [TuneUp Software] [TuneUp Utilities] MD5=73E223AB6F33DD482BEF9D5B35657AD4 SIZE=39752
      %PROGRAMFILES%\TuneUp Utilities 2010\TUCompression.bpl [TuneUp Software] [TuneUp Utilities] MD5=FC35253408456446B0C764C0EE27E608 SIZE=363336
      %PROGRAMFILES%\TuneUp Utilities 2010\vclx120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=264BFCC11A0DA6F0B449A40A14D15772 SIZE=209408
      %PROGRAMFILES%\TuneUp Utilities 2010\Html.bpl [TuneUp Software] [TuneUp Utilities] MD5=67C7E87D9C2B7C949EB925EBF4E96247 SIZE=597320
      %PROGRAMFILES%\TuneUp Utilities 2010\SmallUnits.bpl [TuneUp Software] [TuneUp Utilities] MD5=F163060852F897B722FC77DBACA433CC SIZE=99656
      %PROGRAMFILES%\TuneUp Utilities 2010\ntrtl60.bpl [TuneUp Software] [TuneUp Utilities] MD5=19E006E1EFC6879A79672E74E5453222 SIZE=460104
      %PROGRAMFILES%\TuneUp Utilities 2010\SchedAgent_2007.bpl [TuneUp Software] [TuneUp Utilities] MD5=0775E565B37CBDB05627FDA97EF9D999 SIZE=122184
      %PROGRAMFILES%\TuneUp Utilities 2010\VisControls.bpl [TuneUp Software] [TuneUp Utilities] MD5=649E3740A4ACDB259E3E3714AC8DF47E SIZE=366920
      %PROGRAMFILES%\TuneUp Utilities 2010\dxBarD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=68888361708B93CBC0661640886FA8E1 SIZE=1119048
      %PROGRAMFILES%\TuneUp Utilities 2010\dxCoreD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=243E6D4B344BA4AFBCB79FC6786EA625 SIZE=30536
      %PROGRAMFILES%\TuneUp Utilities 2010\dxComnD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=43D86ABC578E6FE27AA6EB6180249CB0 SIZE=45896
      %PROGRAMFILES%\TuneUp Utilities 2010\dxThemeD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=8E0852302A18BF97184B1A56131538E4 SIZE=55624
      %PROGRAMFILES%\TuneUp Utilities 2010\cxLibraryD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=490064758C915140F92030C67722882A SIZE=841032
      %PROGRAMFILES%\TuneUp Utilities 2010\dxGDIPlusD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=B420BF98D5BAF6318C6148E600BE4CA4 SIZE=58696
      %PROGRAMFILES%\TuneUp Utilities 2010\SysInfo.bpl [TuneUp Software] [TuneUp Utilities] MD5=4EDAFDD655FD1ED35011605E4CB4AD0A SIZE=345928
      %PROGRAMFILES%\TuneUp Utilities 2010\MSI_D6.bpl [TuneUp Software] [TuneUp Utilities] MD5=B6C7553A5D59FD31DA3D1DBB558AACBD SIZE=715080
      %PROGRAMFILES%\TuneUp Utilities 2010\TUIcoEngineerDirTree.bpl [TuneUp Software] [TuneUp Utilities] MD5=C244193CC76DD8438B3DE163A37D9A60 SIZE=142664
      %PROGRAMFILES%\TuneUp Utilities 2010\TUShell.bpl [TuneUp Software] [TuneUp Utilities] MD5=0FD893E98034319A9AE06BE6AE8B2873 SIZE=75080
      %PROGRAMFILES%\TuneUp Utilities 2010\SysControls.bpl [TuneUp Software] [TuneUp Utilities] MD5=1F23E7462FACB13CADD77978CC83D84E SIZE=66376
      %PROGRAMFILES%\TuneUp Utilities 2010\xmlrtl120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=94409337EECAB3955CA8FB9372AE3D24 SIZE=952320
      %PROGRAMFILES%\TuneUp Utilities 2010\TuningWizard.bpl [TuneUp Software] [TuneUp Utilities] MD5=3D3262C46C3E01E65259C24A7EACD7C5 SIZE=574792
      %PROGRAMFILES%\TuneUp Utilities 2010\TUApps.bpl [TuneUp Software] [TuneUp Utilities] MD5=6B1E6B2D30EE1C692D22D4DCE75A6343 SIZE=103240
      %PROGRAMFILES%\TuneUp Utilities 2010\TURar.bpl [TuneUp Software] [TuneUp Utilities] MD5=BA0AF1EDE735BF0D1539C320D5B52DAF SIZE=42824
      %PROGRAMFILES%\TuneUp Utilities 2010\TUApplications.bpl [TuneUp Software] [TuneUp Utilities] MD5=20C0C14AE2D12F302D5146D719DB1824 SIZE=42824
      %PROGRAMFILES%\TuneUp Utilities 2010\TUOperaClass.bpl [TuneUp Software] [TuneUp Utilities] MD5=A791B2EC5CE09B780F3669863BF3EAF7 SIZE=71496
      %PROGRAMFILES%\TuneUp Utilities 2010\Internet.bpl [TuneUp Software] [TuneUp Utilities] MD5=D8A1821FA49897CB8EEE0583149BCA9A SIZE=109384
      %PROGRAMFILES%\TuneUp Utilities 2010\Ics.bpl [TuneUp Software] [TuneUp Utilities] MD5=9C2213C5393198EA0914C9178506C997 SIZE=1110856
      %PROGRAMFILES%\TuneUp Utilities 2010\ehs_d6.bpl [TuneUp Software] [TuneUp Utilities] MD5=7686C54E24F87C50B01BB479C4BE945E SIZE=71496
      %PROGRAMFILES%\TuneUp Utilities 2010\TUTMSComponents.bpl [TuneUp Software] [TuneUp Utilities] MD5=4FBE79C6C84A6BF7A02E6DB96C89873F SIZE=641864
      %PROGRAMFILES%\TuneUp Utilities 2010\dbrtl120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=E23564A12890E232942346945833F705 SIZE=328704
      %PROGRAMFILES%\TuneUp Utilities 2010\vcldb120.bpl [Embarcadero Technologies, Inc.] [Borland Package Library] MD5=BFE44BAD7A8E117489938B44C6474903 SIZE=278016
      %PROGRAMFILES%\TuneUp Utilities 2010\EmbeddedWebBrowser_D2006.bpl [TuneUp Software] [TuneUp Utilities] MD5=EC79CDE49E66D5AD220ECB52B521403B SIZE=851784
      %PROGRAMFILES%\TuneUp Utilities 2010\CommonForms.bpl [TuneUp Software] [TuneUp Utilities] MD5=D457A08B153D22E1D6AA271BB567D908 SIZE=114504
      %PROGRAMFILES%\TuneUp Utilities 2010\VirtualTreesR.bpl [TuneUp Software] [TuneUp Utilities] MD5=A59C6EB4743E0187A1670EB9B0A3B639 SIZE=587080
      %PROGRAMFILES%\TuneUp Utilities 2010\dxBarExtItemsD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=EEB1A65ACACCE65AFF6F15674736F984 SIZE=212808
      %PROGRAMFILES%\TuneUp Utilities 2010\dxSkinsCoreD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=E770654F29A3CAF9604FD80B786AE012 SIZE=727368
      %PROGRAMFILES%\TuneUp Utilities 2010\dxDockingD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=678B3DA40878728EFF091CAB9D44042D SIZE=315208
      %PROGRAMFILES%\TuneUp Utilities 2010\dxRibbonD12.bpl [TuneUp Software] [TuneUp Utilities] MD5=61B069C28E71C27DD346023C25F47F1C SIZE=871752
      %PROGRAMFILES%\TuneUp Utilities 2010\TUPSAPI.dll [TuneUp Software] [TuneUp Utilities] MD5=C9F9A2BA6060979AF6F75A6F55081C56 SIZE=592712
      %STARTUP%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
      %STARTUPALL%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
      %PROGRAMFILES%\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] [Google Toolbar for Internet Explorer] MD5=6CAC864C230B5E520AD054CF2DD66D59 SIZE=263280
      deskpan.dll
      %PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing, S.L.] [WinZip] MD5=8B038C0AEDDBBA67FF65AD01A03C79DE SIZE=10856
      %PROGRAMFILES%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=3538FF8336AD44E1BB51A4493BB34C32 SIZE=1953792
      %PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=021E1FA87DAB47ACE09F900B00074774 SIZE=789824
      %PROGRAMFILES%\Microsoft Office\Office10\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Outlook] MD5=D15A981664C5D152BE609C397B28DFB6 SIZE=55632
      %PROGRAMFILES%\WinRAR\rarext.dll [Alexander Roshal] [WinRAR] MD5=F11FE030158F8EF14A56A3EA9E9BD47D SIZE=132608
      %PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=08BABBC59A813C24A4815ECD8DF881DF SIZE=230256
      %PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=E6DF03D0274F72F42DCABB87821F869C SIZE=42856
      %PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Galería fotográfica de Windows Live®] MD5=85EC82C1A20420CF76619872355ADE02 SIZE=138096
      %PROGRAMFILES%\TuneUp Utilities 2010\SDShelEx-win32.dll [TuneUp Software] [TuneUp Utilities] MD5=96E067A01BF5AF4796CA3729211FCD4E SIZE=30536
      %PROGRAMFILES%\TuneUp Utilities 2010\DseShExt-x86.dll [TuneUp Software] [TuneUp Utilities] MD5=970DF61A724BBE98A4EC8BCD929EB429 SIZE=26440
      %SYSDIR%\drivers\ALCXWDM.SYS [Realtek Semiconductor Corp.] [Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)] MD5=C881453898EEC64027274EBB3C8CBC0F SIZE=3786944
      %SYSDIR%\svchost.exe -k netsvcs
      %SYSDIR%\svchost -k DcomLaunch
      %SYSDIR%\svchost.exe -k NetworkService
      %SYSDIR%\giveio.sys MD5=77EBF3E9386DAA51551AF429052D88D0 SIZE=5248
      %SYSDIR%\Drivers\imagedrv.sys [Ahead Software AG] [Nero ImageDrive] MD5=25EDD75E23C5EF6B33D0FBCCE125A601 SIZE=5888
      %SYSDIR%\DRIVERS\imagesrv.sys [Ahead Software AG] [Nero ImageDrive] MD5=9C4BBACF4E9B9543C3CE23F1FE556941 SIZE=127488
      %SYSDIR%\svchost.exe -k LocalService
      %SYSDIR%\svchost -k rpcss
      %SYSDIR%\speedfan.sys [Windows (R) 2000 DDK provider] [Windows (R) 2000 DDK driver] MD5=5D6401DB90EC81B71F8E2C5C8F0FEF23 SIZE=5248
      %SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
      %SYSDIR%\svchost.exe -k imgsvc
      %PROGRAMFILES%\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [TuneUp Software] [TuneUp Utilities] MD5=F2107C9D85EC0DF116939CCCE06AE697 SIZE=10064
      %PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=61B0C981F7C10B8861809ADC1B31E8E5 SIZE=61264
      %COMMONFILES%\Microsoft Shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=6C1F34B3609BBD42E9B4A2A25548FAF0 SIZE=7445600
      %SYSDIR%\msvcp71.dll [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=561FA2ABB31DFA8FAB762145F81667C2 SIZE=499712
      %COMMONFILES%\Microsoft Shared\GRPHFLT\CGMIMP32.FLT [Microsoft Corporation] [Filtros gráficos de Microsoft] MD5=2E0F0E52568703065DD52B7D43BE8ABE SIZE=417792
      %COMMONFILES%\Microsoft Shared\PROOF\MSHY3ES.DLL [SIGNUM Cía. Ltda.
      Quito, Ecuador] [Spanish Hyphenation Engine] MD5=71AF854C0CD636F13A032F985E6E5313 SIZE=667648
      %COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=595FC7AC26E2653A343F1FE787EB8561 SIZE=288160

      End of Report


      Eliminar el Proceso:

      Preparando estructuras
      Eliminar KGBKeylogger
      El archivo se ha Borrado: C:\Documents and Settings\All Users\Datos de programa\MPK\1\D0000
      Eliminar Directorio: C:\Documents and Settings\All Users\Datos de programa\MPK\1\
      Terminado

      C:\Documents and Settings\All Users\Datos de programa


      Aqui le mando el log del HickjasThis.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:19:31, on 30/01/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Archivos de programa\Java\jre6\bin\jqs.exe
      C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Archivos de programa\Cyberlink\Shared files\RichVideo.exe
      C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
      C:\WINDOWS\Explorer.EXE
      C:\Archivos de programa\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Archivos de programa\Java\jre6\bin\jusched.exe
      C:\Archivos de programa\Spyware Terminator\SpywareTerminatorShield.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Archivos de programa\Spyware Terminator\SpywareTerminator.exe
      C:\Archivos de programa\Internet Explorer\iexplore.exe
      C:\Archivos de programa\Windows Live\Toolbar\wltuser.exe
      C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
      F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Archivos de programa\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
      O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
      O16 - DPF: {5C52F5E3-3F12-4D20-A040-BE9526CCE384} (CMEHCrypto Object) - https://serviciostelematicos.meh.es/plataformadevalidacioninternet/ConCertif/MEHFirmaDigital.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
      O16 - DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} (TuentiFotoUploader Control) - http://estaticosak1.tuenti.com/client_apps/TuentiPhotoUploader.16040.cab
      O16 - DPF: {9544F1E8-7A1D-470E-999F-0FFE329A45AD} (TMMOCX Control) - http://v7.e-tmm.com/bin/NpTmmOcx.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://v7.e-tmm.com/bin/tol7inst.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Archivos de programa\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
      O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe
      O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

      --
      End of file - 8109 bytes
      Reply With Quote Registrate para responder
    2. 01/02/10, 09:31:07 #2
      Damianl_77
      Damianl_77 está offline
      Moderador Gral.
       Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      21.956

      re: Dudas sobre archivo oculto. (Cerrado)

      Hola alberto_48:

      Te recomiendo que leas: Políticas del Foro de Hijackthis

      3) No abrir nuevos temas, Ni repetir un mensaje hasta que no se de por "Solucionado" (o Terminado) uno que ya tenga abierto. Para terminar un tema simplemente tiene que comentarnos los resultados. De lo contrario su nuevo mensaje será cerrado o eliminado.

      Tienes un tema abierto donde no has vuelto a responder: Mi ordenador va muy lento. (Terminado)



      Una vez hayas contestado en ese post, reporta el mensaje presionando en el botón para que se de por "Terminado".

      Una vez dado por terminado el tema pendiente abrir un nuevo tema respetando las normas del Foro.

      Saludos.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
      Reply With Quote Registrate para responder
    « Tema Anterior | Próximo Tema »