SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
spyware!!!!!! ayuda!!!!
analia marquez:
Os dejo esto aki por si a alguien le sirve de ayuda. Es el resultado del scaneo del a-squared! le doy a eliminar pero vuelve a aparecer...............Stoy desesperaita!!!
a-squared Report
Scan Started: 06/11/2006 23:45:17
Scan Finished: 06/11/2006 23:48:29
Scanning Time: 0h 3min 12sec
Scanned Files: 53950
Infected Files: 53
Nombre Diagnóstico
C:\WINDOWS\system32\wstart.dll Trace.File.Agent
C:\WINDOWS\system32\alxres.dll Trace.File.AlexaToolbar
C:\WINDOWS\system32\a.exe Trace.File.Bridge
C:\WINDOWS\system32\bridge.dll Trace.File.Bridge
C:\WINDOWS\system32\jao.dll Trace.File.Bridge
C:\WINDOWS\btgrab.dll Trace.File.BTGrab
C:\WINDOWS\system32\dailytoolbar.dll Trace.File.DailyToolbar
C:\WINDOWS\susp.exe Trace.File.Suspicious
C:\WINDOWS\pynix.dll Trace.File.VX2.Pynix
C:\WINDOWS\zserv.dll Trace.File.Zserv
Key: HKEY_CLASSES_ROOT\popup.popupkiller Trace.Registry.Alexa
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} Trace.Registry.Alexa
Key: HKEY_CLASSES_ROOT\alxtb.bho Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\clsid\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\interface\{0bbb0424-e98e-4405-9a94-481854765c80} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\interface\{0f3332b5-bc98-48af-9fac-05fec94ebe73} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e60160f-0ed6-4dcc-b6b6-850cde4fd217} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\interface\{a69107cc-bec8-4a34-b474-211b0f46a764} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\interface\{b7b84995-8b92-46bf-94aa-fa2f3dd23b84} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\interface\{fa77ad79-09cf-41fb-b171-cc856f9e737f} Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\popmenu.menu Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\typelib\{547ab549-4dd8-4ea0-b070-f6ea062148ff} Trace.Registry.AlexaToolbar
Key: HKEY_LOCAL_MACHINE\software\alexa internet Trace.Registry.AlexaToolbar
Key: HKEY_LOCAL_MACHINE\software\alexa toolbar Trace.Registry.AlexaToolbar
Key: HKEY_CLASSES_ROOT\bridge.brdg Trace.Registry.Bridge
Key: HKEY_CLASSES_ROOT\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1} Trace.Registry.Bridge
Key: HKEY_CLASSES_ROOT\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12} Trace.Registry.Bridge
Key: HKEY_CLASSES_ROOT\jao.jao Trace.Registry.Bridge
Key: HKEY_CLASSES_ROOT\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27} Trace.Registry.Bridge
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bridge Trace.Registry.Bridge
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-f09c-02b4-6ec2-ad0300000000} Trace.Registry.BTGrab
Key: HKEY_CLASSES_ROOT\appid\{951b3138-ae8e-4676-a05a-250a5f111631} Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b} Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\clsid\{8333c319-0669-4893-a418-f56d9249fca6} Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\dailytoolbar.ieband Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\dailytoolbar.sysmgr Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\ietoolbar.affiliatectl Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\interface\{10195311-e434-47a9-adba-48839e3f7e4e} Trace.Registry.DailyToolbar
Key: HKEY_CLASSES_ROOT\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df} Trace.Registry.DailyToolbar
Key: HKEY_LOCAL_MACHINE\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6} Trace.Registry.DailyToolbar
Key: HKEY_LOCAL_MACHINE\software\dailytoolbar Trace.Registry.DailyToolbar
Key: HKEY_LOCAL_MACHINE\software\nix solutions\dailytoolbar Trace.Registry.DailyToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb} Trace.Registry.Dialer
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f} Trace.Registry.VX2
Key: HKEY_LOCAL_MACHINE\software\respondmiter Trace.Registry.VX2
Key: HKEY_LOCAL_MACHINE\software\transponder Trace.Registry.VX2
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf} Trace.Registry.WinFavorites
Key: HKEY_CLASSES_ROOT\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21} Trace.Registry.WStart.dll
Key: HKEY_CLASSES_ROOT\appid\wstart.dll Trace.Registry.WStart.dll
Key: HKEY_CLASSES_ROOT\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0} Trace.Registry.WStart.dll
Key: HKEY_CLASSES_ROOT\wstart.whttphelper.1 Trace.Registry.WStart.dll
Key: HKEY_CLASSES_ROOT\wstart.whttphelper Trace.Registry.WStart.dll
Key: HKEY_LOCAL_MACHINE\software\wsoft Trace.Registry.WStart.dll
Mr_X:
1.-Baja el Autoruns y descomprímelo a una carpeta
2.-Reinicia en MODO SEGURO (tecla F8 cuando Windows comienza a cargar y selecciona en el menú que te aparece el Modo seguro)
3.-Ejecuta el archivo AUTORUNS.EXE de la carpeta donde lo extrajiste, dale a la tecla Esc, ve al menú "Options" y marca las tres primeras entradas, ahora tecla F5, permite que termine de revisar, ve al menú "File"-->"Save as" dale un nombre y guárdalo, abre ese archivo con el Bloc de notas, copia todo el contenido y pégalo aquí...
analia marquez:
De verdad que teneis toda mi admiracion por entender este sin fin nombres.........a mi me desconcierta solo verlo!!! :-d
A ver si puedes sacar algo de esto...
:???:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adware.Srv32 c:\windows\system32\runsrv32.exe
+ APVXDWIN Platinum permanent protection (Not verified) Panda Software International c:\archivos de programa\panda software\panda platinum 2005 internet security\apvxdwin.exe
+ NeroFilterCheck File not found: :C:\WINDOWS\system32\NeroCheck.exe
+ SCANINICIO (Not verified) Panda Software International c:\archivos de programa\panda software\panda platinum 2005 internet security\inicio.exe
+ SMSERIAL File not found: :sm56hlpr.exe
+ Ulead AutoDetector MONITOR (Not verified) Ulead Systems, Inc. c:\archivos de programa\ulead systems\ulead photo explorer 8.0 se basic\monitor.exe
+ Ulead Photo Express Verificador de Calendario Photo Express -- Calendar Checker (Not verified) Ulead Systems, Inc. c:\archivos de programa\ulead systems\ulead photo express 5 se\calcheck.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
+ ~Disabled c:\documents and settings\all users\menú inicio\programas\inicio\~disabled
C:\Documents and Settings\YO\Menú Inicio\Programas\Inicio
+ titanshield.lnk TitanShield Antispyware (Not verified) TitanShield.com c:\archivos de programa\titanshield antispyware\titanshield.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ NBJ Nero BackItUp Scheduler Application (Not verified) Ahead Software AG c:\archivos de programa\ahead\nero backitup\nbj.exe
+ SpyBrowser www.spyware-browser.com (Not verified) www.spyware-browser.com c:\archivos de programa\spybro\spybro.exe
+ taskdir c:\windows\system32\taskdir.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\pkmcdo.dll
+ msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msgrapp.dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ a² Context Menu Shell Extension c:\archivos de programa\a-squared\a2contmenu.dll
+ Carpetas Web Microsoft Web Folders (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\msonsext.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ Panda Antivirus pavole (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavole.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ adobepnl.ADOBE_PANEL (Not verified) Laguna Media c:\windows\system32\adobepnl.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ PASSRV c:\archivos de programa\panda software\panda platinum 2005 internet security\passrv.exe
+ PAVFIRES Personal Firewall Service (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\firewall\pavfires.exe
+ PAVFNSVR Panda Function Service (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavfnsvr.exe
+ Pavkre PavKre Aplicación (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavkre.exe
+ PavProt PavProt Application (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavprot.exe
+ PavPrSrv Panda Process Protection Service (Not verified) Panda Software c:\archivos de programa\archivos comunes\panda software\pavshld\pavprsrv.exe
+ PAVSRV On-Access Antivirus Scanner Service. (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavsrv51.exe
+ PREVSRV Panda Preventium+ © service (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\prevsrv.exe
+ PSIMSVC Common Interface Manager (Not verified) Panda Software Internacional c:\archivos de programa\panda software\panda platinum 2005 internet security\psimsvc.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDM File not found: system32\drivers\ALCXWDM.SYS
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint cPoint (Not verified) Panda Software c:\windows\system32\drivers\cpoint.sys
+ GMSIPCI File not found: D:\INSTALL\GMSIPCI.SYS
+ GNCT511 PC Camera driver c:\windows\system32\drivers\gnct511.sys
+ mvczznru c:\windows\system32\mvczznru.ykf
+ netflt NetFlt (Not verified) Panda Software c:\windows\system32\drivers\netflt.sys
+ PavProc Panda Process Protection driver (Not verified) Panda Software c:\windows\system32\drivers\pavproc.sys
+ pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ smserial Motorola SM56 Modem WDM Driver (Not verified) Motorola Inc. c:\windows\system32\drivers\smserial.sys
+ Teefer Teefer Driver (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\teefer.sys
+ vulfnths VIA USB Host Controller Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfnth.sys
+ vulfntrs VIA USB Roothub Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfntr.sys
+ wg3n wgxn (Verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg3n.sys
+ wg4n wgxn (Verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg4n.sys
+ wg5n wgxn (Verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg5n.sys
+ wg6n wgxn (Verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg6n.sys
+ wpsdrvnt wpsdrvnt (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wpsdrvnt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Canon BJ Language Monitor i350 BJ Language Monitor (Not verified) CANON INC. c:\windows\system32\cnmlm53.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Mr_X:
Haz una COPIA DE SEGURIDAD del registro (te recomiendo el ERUNT), reinicia en MODO SEGURO, ejecuta el Autoruns y dale clic con el botón derecho a las siguientes entradas y selecciona "Delete":
--- Código: ---+ Adware.Srv32 c:\windows\system32\runsrv32.exe
+ ~Disabled c:\documents and settings\all users\menú inicio\programas\inicio\~disabled
C:\Documents and Settings\YO\Menú Inicio\Programas\Inicio
+ titanshield.lnk TitanShield Antispyware (Not verified) TitanShield.com c:\archivos de programa\titanshield antispyware\titanshield.exe
+ SpyBrowser www.spyware-browser.com (Not verified) www.spyware-browser.com c:\archivos de programa\spybro\spybro.exe
+ taskdir c:\windows\system32\taskdir.exe
+ GMSIPCI File not found: D:\INSTALL\GMSIPCI.SYS
+ GNCT511 PC Camera driver c:\windows\system32\drivers\gnct511.sys
+ mvczznru c:\windows\system32\mvczznru.ykf
--- Fin del código ---
Reinicia normal, actualiza el Panda y pásalo... También baja, instala, actualiza y ejecuta el Spybot S&D, el Adaware y el Spywareblaster... Saca nuevos Logs del HijackThis y del Autoruns...
analia marquez:
Ya he hecho lo que me comentaste , he pasado mil veces los scaners y es un lio...unos me dicen que 12 otros 40... los borro pero en seguida vuelven a salir!!!! las ventanas de Security Center son cada vez mas frecuentes, sigo con la pagina de inicio en blanco, bueno con un mensaje de alerta. Me he descargado otro antivirus pero tampoco funciona en fin........aqui dejo esto a ver si alguien ve algo.
Logfile of HijackThis v1.99.1
Scan saved at 16:14:11, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Archivos de programa\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Archivos de programa\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Archivos de programa\CA\eTrust Internet Security Suite\caissdt.exe
C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Archivos de programa\SpyBro\SpyBro.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\users32.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\system32\qjrkvy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] :sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead Photo Express Verificador de Calendario] C:\Archivos de programa\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Archivos de programa\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Archivos de programa\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKCU\..\Run: [NBJ] "C:\ARCHIV~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SpyBrowser] "C:\Archivos de programa\SpyBro\SpyBro.exe" /autostart
O4 - Startup: ERUNT AutoBackup.lnk = C:\Archivos de programa\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
y tb el de autoruns:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adware.Srv32 c:\windows\system32\runsrv32.exe
+ CaAvTray CA Antivirus System Tray Application (Verified) CA c:\archivos de programa\ca\etrust internet security suite\etrust ez antivirus\cavtray.exe
+ CaISSDT CA ISS Dashboard Tray (Verified) CA c:\archivos de programa\ca\etrust internet security suite\caissdt.exe
+ CAVRID CA Antivirus Realtime Infection Report (Verified) CA c:\archivos de programa\ca\etrust internet security suite\etrust ez antivirus\cavrid.exe
+ NeroFilterCheck File not found: :C:\WINDOWS\system32\NeroCheck.exe
+ SMSERIAL File not found: :sm56hlpr.exe
+ Transponder File not found: C:\WINDOWS\system32\susp.exe
+ Ulead AutoDetector MONITOR (Not verified) Ulead Systems, Inc. c:\archivos de programa\ulead systems\ulead photo explorer 8.0 se basic\monitor.exe
+ Ulead Photo Express Verificador de Calendario Photo Express -- Calendar Checker (Not verified) Ulead Systems, Inc. c:\archivos de programa\ulead systems\ulead photo express 5 se\calcheck.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
+ ~Disabled c:\documents and settings\all users\menú inicio\programas\inicio\~disabled
C:\Documents and Settings\YO\Menú Inicio\Programas\Inicio
+ ERUNT AutoBackup.lnk c:\archivos de programa\erunt\autoback.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ NBJ Nero BackItUp Scheduler Application (Not verified) Ahead Software AG c:\archivos de programa\ahead\nero backitup\nbj.exe
+ SpyBrowser www.spyware-browser.com (Not verified) www.spyware-browser.com c:\archivos de programa\spybro\spybro.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\pkmcdo.dll
+ msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msgrapp.dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ a² Context Menu Shell Extension c:\archivos de programa\a-squared\a2contmenu.dll
+ CA_AntiVirus CA Antivirus Shell Extension Handler (Verified) CA c:\windows\avshlext.dll
+ Carpetas Web Microsoft Web Folders (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\msonsext.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ adobepnl.ADOBE_PANEL (Not verified) Laguna Media c:\windows\system32\adobepnl.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ CAISafe CA ISafe Service (Verified) CA c:\archivos de programa\ca\etrust internet security suite\etrust ez antivirus\isafe.exe
+ VETMSGNT CA Antivirus Realtime Messaging Service (Verified) CA c:\archivos de programa\ca\etrust internet security suite\etrust ez antivirus\vetmsg.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDM File not found: system32\drivers\ALCXWDM.SYS
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ smserial Motorola SM56 Modem WDM Driver (Not verified) Motorola Inc. c:\windows\system32\drivers\smserial.sys
+ vulfnths VIA USB Host Controller Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfnth.sys
+ vulfntrs VIA USB Roothub Lower Filter Driver (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\vulfntr.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ CA ISafe LSP CA ISafe LSP DLL (Verified) CA c:\windows\system32\vetredir.dll
+ CA ISafe LSP over [MSAFD Tcpip [RAW/IP]] CA ISafe LSP DLL (Verified) CA c:\windows\system32\vetredir.dll
+ CA ISafe LSP over [MSAFD Tcpip [TCP/IP]] CA ISafe LSP DLL (Verified) CA c:\windows\system32\vetredir.dll
+ CA ISafe LSP over [MSAFD Tcpip [UDP/IP]] CA ISafe LSP DLL (Verified) CA c:\windows\system32\vetredir.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Canon BJ Language Monitor i350 BJ Language Monitor (Not verified) CANON INC. c:\windows\system32\cnmlm53.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa