Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola, muchachos, hace unos dias postie el log de Hijack y vote por su pagina en los premios arroba, ahora, vengo con otro log debido a alguno síntomas como mensajes de error, y aparente control remoto de algunas de las funciones de la pc. Les dejo el log para ver si me pueden ayudar, se los agradeceria mucho.

Salu2 para todos.

Logfile of HijackThis v1.99.1
Scan saved at 05:05:51 p.m., on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Archivos de programa\Sound Control\SC.EXE
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARCHIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UIWatcher] C:\Archivos de programa\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - Startup: Sound Control.lnk = C:\Archivos de programa\Sound Control\SC.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Búsqueda en Google - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Hola que tal.....


El log no muestra absolutamente nada....


Si crees que tienes alguna infección, haz un chequeo con los antivirus online Kaspersky y Ewido y dejas acá los reportes



Salu2

Hola Acron_0248. Gracias por la respuesta y que bueno que no presenta nada!

Pasé los antivirus, en el ewido me encontré solamante cookies de firefox con riesgo medium y los eliminé.

Te dejo el del Kaspersky.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 17, 2006 4:32:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/10/2006
Kaspersky Anti-Virus database records: 219182
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 76172
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:20:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Backup\BackupMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Quarantine\QMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\Reports\RptMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\TIF\GlobalTIFMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\TIF\GlobalTIFMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\TIF\GlobalTIFMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\TIF\GlobalTIFMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\TIF\GlobalTIFMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Kaspersky Anti-Virus Personal Pro\5.0\TIF\GlobalTIFMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Configuración local\Temp\Perflib_Perfdata_4d4.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \cert8.db Object is locked skipped
C:\Documents and Settings\ZhyloN\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\ZhyloN\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \history.dat Object is locked skipped
C:\Documents and Settings\ZhyloN\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \key3.db Object is locked skipped
C:\Documents and Settings\ZhyloN\Datos de programa\Mozilla\Firefox\Profiles\gi5x8in1.default \parent.lock Object is locked skipped
C:\Documents and Settings\ZhyloN\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ZhyloN\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Salu2

El reporte del kaspersky está completamente limpio así que queda de tu parte indicar como sigue el sistema y si aún sigues con las mismas sospechas de infección y control remoto



Salu2

Siendo así, y viendo que no hay nada más que decir, te agradezco la ayuda y pueden cerrar el thread.

Salu2