Autor Tema: System Alert!!!!!! (SOLUCIONADO) (Leído 7156 veces)

fher · « **en:** 19 de Marzo de 2008, 08:56:35 pm »

Hola a todos:

Hace varios dias he tenido el siguiente error "System Alert" y busque dentro del foro la solucion para ello y observo que el primer paso es pegar mi log generado con el HiJack. Espero puedan darme una manito ; gracias.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:51 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [787eb516] rundll32.exe "C:\WINDOWS\system32\bsiuyfug.dll",b
O4 - HKLM\..\Run: [BM7b4d868a] Rundll32.exe "C:\WINDOWS\system32\ptprfmwy.dll",s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{412397DF-0656-40DD-8E48-095202B74903}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 6065 bytes

Mr_X · « **Respuesta #1 en:** 20 de Marzo de 2008, 05:33:02 pm »

Haz copia de seguridad del registro utilizando el ERUNT (clic aquí); deshabilita el 'Restaurar el sistema' (clic aquí); reinicia en Modo seguro, ejecuta el HijackThis, marca la casilla a la izquierda de las siguientes entradas y dale al botón [Fix checked]:

Código: [Seleccionar]

O4 - HKLM\..\Run: [787eb516] rundll32.exe "C:\WINDOWS\system32\bsiuyfug.dll",b
O4 - HKLM\..\Run: [BM7b4d868a] Rundll32.exe "C:\WINDOWS\system32\ptprfmwy.dll",s

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{412397DF-0656-40DD-8E48-095202B74903}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll

Reinicia normal, baja el SmitFraudFix (clic aquí), reinicia en Modo seguro y ejecútalo, selecciona la opción 2, dile que sí [Y] a lo que te pregunte... Reinicia normal, actualiza el ¿Panda? y pásalo reiniciando en Modo seguro... Saca un nuevo log del HijackThis y pega aquí el contenido del archivo C:\rapport.txt...

fher · « **Respuesta #2 en:** 22 de Marzo de 2008, 05:08:34 am »

Mr. X:

Agradezco la colaraboracion que me brinda y he seguido sus indicaciones al pie de la letra lo unico que no puede realizar fue el scaneo con "panda platinum" pues llega a un punto donde se queda congelado el programa y he intentado varias cosas para correr el programa pero ninguna me funciona.

Estos son los reportes del HiJackThis y el SmitFraudFix v2.305:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:16 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: {cb503d8a-c5d0-28a9-07f4-2b444eecec76} - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - C:\WINDOWS\system32\hpddgyqt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - C:\WINDOWS\system32\pmnooom.dll (file missing)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: pmnooom - pmnooom.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 7334 bytes

SmitFraudFix v2.305

Scan done at 19:51:06.37, Thu 03/20/2008
Run from C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VirusHeat 4.3\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdsff.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\kdsff.exe not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» End

Mr_X · « **Respuesta #3 en:** 22 de Marzo de 2008, 08:04:24 am »

Ok. Tenemos copia de seguridad del registro ¿verdad? Reiniciamos en Modo seguro para seguir los pasos ¿verdad? Deshabilitamos el 'Restaurar el sistema' ¿verdad?

¿Cómo te conectas a Internet? ¿quién es tu proveedor de Internet?

Haz una nueva copia de seguridad del registro con el ERUNT... Vuelve a iniciar en Modo seguro, ejecuta el HijackThis y elimina las siguientes entradas:

Código: [Seleccionar]

O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: {cb503d8a-c5d0-28a9-07f4-2b444eecec76} - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - C:\WINDOWS\system32\hpddgyqt.dll (file missing)

O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - C:\WINDOWS\system32\pmnooom.dll (file missing)

O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - C:\WINDOWS\system32\vtstu.dll (file missing)

Reinicia normal, baja el VundoFix (clic aquí) y ejecútalo-->[Scan for Vundo]-->[Remove Vundo]-->[Yes]... Una vez que reinicia Windows, actualiza el Panda y el Spybot S&D y pásalos reiniciando en Modo seguro... Saca un nuevo log del HijackThis y uno del Autoruns (clic aquí) (hazlos estos dos iniciando en Modo seguro) y, también, pega aquí el contenido del archivo C:\vundofix.txt...

fher · « **Respuesta #4 en:** 23 de Marzo de 2008, 07:49:00 pm »

Mr_X:

Nuevamente gracias por la ayuda prestada; he terminado de realizar todos los procedimientos facilitados por usted en el foro y estare anexando los reportes generados por los distintos programas utilizados, tan solo cuando utilice el VundoFix el scaneo no encontro ningun archivo infectado y pienso que por esta razon no me creo un reporte.

Bueno en cuanto a su pregunta acerca de mi servicio de internet lo obtengo atravez de banda ancha y conectado a un wireless inicialmente tenia un proveedor llamado Time Warner pero en la actualidad es Verizon son companias de los E.E.U.U tambien he notado que al revisar el estado de mi coneccion se estandarizo en 1mbps y no oscila como frecuentemente lo hacia haciendo el acceso a internet mas lento la verdad no conozco mucho del tema pero desearia conocer como mejorar un poco la velocidad.

Como informacion adicional he instalado una actualizacion de memoria a el pc tratando de mejorar el rendimiento de la maquina y quisiera un concepto acerca de la utilizacion de Panda Platinium como software antivirus pues veo que utiliza una gran cantidad de recuersos del sistema.

Autoruns
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\guillermo hernandez\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ ms-itss   Microsoft® InfoTech Storage System Library   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Panda Antivirus   pavole   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Panda Antivirus   pavole   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension   PDF Shell Extension   (Not verified) Adobe Systems, Inc.   c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adaptec DirectCD Shell Extension   DirectCD Shell Extention DLL   (Not verified) Roxio   c:\program files\adaptec\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension         File not found: deskpan.dll
+ iTunes   iTunes Mini Player DLL   (Not verified) Apple Computer, Inc.   c:\program files\itunes\itunesminiplayer.dll
+ Panda Antivirus   pavole   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
+ Shell Extensions for RealOne Player   RealPlayer Shell Extensions   (Not verified) RealNetworks, Inc.   c:\program files\real\realplayer\rpshell.dll
+ Web Folders   Microsoft Web Folders   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Aplicación auxiliar de vínculos de Adobe PDF Reader   Adobe PDF Helper for Internet Explorer   (Verified) Adobe Systems, Incorporated   c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}   MoneySide Controls   (Not verified) Microsoft Corporation   c:\program files\microsoft money\system\mnyviewer.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ Nhksrv         c:\windows\nhksrv.exe
+ PASSRV         c:\program files\panda software\panda platinum 2005 internet security\passrv.exe
+ PAVFIRES   Personal Firewall Service   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\firewall\pavfires.exe
+ PAVFNSVR   Panda Function Service   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavfnsvr.exe
+ Pavkre   PavKre Aplicación   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavkre.exe
+ PavProt   PavProt Application   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavprot.exe
+ PavPrSrv   Panda Process Protection Service   (Not verified) Panda Software   c:\program files\common files\panda software\pavshld\pavprsrv.exe
+ PAVSRV   On-Access Antivirus Scanner Service.   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavsrv51.exe
+ PREVSRV   Panda Preventium+ © service   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\prevsrv.exe
+ PSIMSVC   Common Interface Manager   (Not verified) Panda Software Internacional   c:\program files\panda software\panda platinum 2005 internet security\psimsvc.exe
+ WUSB54GPSVC   WLService   (Not verified) GEMTEKS   c:\program files\wireless-g portable usb adapter\wlservice.exe
HKLM\System\CurrentControlSet\Services
+ AvFlt         File not found: C:\WINDOWS\system32\drivers\av5flt.sys
+ basic2   NTRksample driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\basic2.sys
+ bvrp_pci         c:\windows\system32\drivers\bvrp_pci.sys
+ Cdr4_xp   CDR4_2k CDR Helper   (Not verified) Roxio   c:\windows\system32\drivers\cdr4_xp.sys
+ Cdralw2k   CDRAL for Windows 2000 Kernel Driver   (Not verified) Roxio   c:\windows\system32\drivers\cdralw2k.sys
+ cdudf_xp   CD-UDF NT Filesystem Driver   (Not verified) Roxio   c:\windows\system32\drivers\cdudf_xp.sys
+ Changer         File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ComFiltr         File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint   cPoint   (Not verified) Panda Software   c:\windows\system32\drivers\cpoint.sys
+ dvd_2K   DVD-RAM AddOn Driver   (Not verified) Roxio   c:\windows\system32\drivers\dvd_2k.sys
+ Fallback   Fallback driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\fallback.sys
+ Fsks   FSKsNT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\fsksnt.sys
+ GEARAspiWDM   CDRom Class Filter Driver   (Verified) GEAR Software Inc.   c:\windows\system32\drivers\gearaspiwdm.sys
+ GTNDIS5   PCAUSA NDIS 5.0 Protocol Driver   (Not verified) Printing Communications Assoc., Inc. (PCAUSA)   c:\windows\system32\gtndis5.sys
+ iAimTV2         File not found: System32\DRIVERS\wATV03nt.sys
+ Imapi   Imapi Windows XP Kernel Driver   (Not verified) Roxio Inc.   c:\windows\system32\drivers\imapirox.sys
+ K56   K56NT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\k56nt.sys
+ lbrtfdc         File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ mmc_2K   CD-R/RW AddOn MMC Driver (W2K)   (Not verified) Roxio   c:\windows\system32\drivers\mmc_2k.sys
+ Msikbd2k   Multimedia Keyboard Driver for Windows 2000   (Not verified) Netropa Corporation   c:\windows\system32\drivers\msikbd2k.sys
+ netflt   NetFlt   (Not verified) Panda Software   c:\windows\system32\drivers\netflt.sys
+ OMCI   OMCI Device Driver   (Not verified) Dell Computer Corporation   c:\windows\system32\drivers\omci.sys
+ PAVDRV   Antivirus Filter Driver for Windows XP/2003   (Not verified) Panda Software   c:\windows\system32\drivers\pavdrv51.sys
+ PavProc   Panda Process Protection driver   (Not verified) Panda Software   c:\windows\system32\drivers\pavproc.sys
+ PCIDump         File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP         File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME         File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI         File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME         File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ pwd_2K   Win2000 Framework for Packet Write Driver   (Not verified) Roxio   c:\windows\system32\drivers\pwd_2k.sys
+ Rksample   Rksample WDM driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\rksample.sys
+ ShldDrv   PandaShield driver   (Not verified) Panda Software   c:\windows\system32\drivers\shlddrv.sys
+ smwdm   SoundMAX Integrated Digital Audio    (Not verified) Analog Devices, Inc.   c:\windows\system32\drivers\smwdm.sys
+ SoftFax   FaxNT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\faxnt.sys
+ Teefer   Teefer Driver   (Not verified) Sygate Technologies, Inc.   c:\windows\system32\drivers\teefer.sys
+ Tones   TonesNT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\tonesnt.sys
+ UdfReadr_xp   CD-UDF NT Filesystem Reader Driver   (Not verified) Roxio   c:\windows\system32\drivers\udfreadr_xp.sys
+ V124   V124NT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\v124nt.sys
+ WDICA         File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ wg3n   wgxn   (Not verified) Sygate Technologies, Inc.   c:\windows\system32\drivers\wg3n.sys
+ winachsf   WinACHSF driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\hsf_cnxt.sys
+ wpsdrvnt   wpsdrvnt   (Not verified) Sygate Technologies, Inc.   c:\windows\system32\drivers\wpsdrvnt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ pmnooom         File not found: pmnooom.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]]   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ C:\WINDOWS\system32\vtstu.dll         File not found: C:\WINDOWS\system32\vtstu.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:52 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - (no file)
O2 - BHO: (no name) - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: pmnooom - pmnooom.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 5222 bytes

Mr_X · « **Respuesta #5 en:** 24 de Marzo de 2008, 03:54:13 am »

Haz copia de seguridad del registro, reinicia en Modo seguro y borra estas entradas con el HijackThis:

Código: [Seleccionar]

O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - (no file)
O2 - BHO: (no name) - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - (no file)

O20 - Winlogon Notify: pmnooom - pmnooom.dll (file missing)

Reinicia normal, actualiza el Panda y el Spybot S&D y pásalos reiniciando en Modo seguro... Nuevos logs...

fher · « **Respuesta #6 en:** 24 de Marzo de 2008, 08:54:57 pm »

Mr_X:

Estos son los nuevos logs:

Auto runs:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\guillermo hernandez\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ ms-itss   Microsoft® InfoTech Storage System Library   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Panda Antivirus   pavole   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Panda Antivirus   pavole   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension   PDF Shell Extension   (Not verified) Adobe Systems, Inc.   c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adaptec DirectCD Shell Extension   DirectCD Shell Extention DLL   (Not verified) Roxio   c:\program files\adaptec\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension         File not found: deskpan.dll
+ iTunes   iTunes Mini Player DLL   (Not verified) Apple Computer, Inc.   c:\program files\itunes\itunesminiplayer.dll
+ Panda Antivirus   pavole   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
+ Shell Extensions for RealOne Player   RealPlayer Shell Extensions   (Not verified) RealNetworks, Inc.   c:\program files\real\realplayer\rpshell.dll
+ Web Folders   Microsoft Web Folders   (Not verified) Microsoft Corporation   c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Aplicación auxiliar de vínculos de Adobe PDF Reader   Adobe PDF Helper for Internet Explorer   (Verified) Adobe Systems, Incorporated   c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}   MoneySide Controls   (Not verified) Microsoft Corporation   c:\program files\microsoft money\system\mnyviewer.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ Nhksrv         c:\windows\nhksrv.exe
+ PASSRV         c:\program files\panda software\panda platinum 2005 internet security\passrv.exe
+ PAVFIRES   Personal Firewall Service   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\firewall\pavfires.exe
+ PAVFNSVR   Panda Function Service   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavfnsvr.exe
+ Pavkre   PavKre Aplicación   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavkre.exe
+ PavProt   PavProt Application   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavprot.exe
+ PavPrSrv   Panda Process Protection Service   (Not verified) Panda Software   c:\program files\common files\panda software\pavshld\pavprsrv.exe
+ PAVSRV   On-Access Antivirus Scanner Service.   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\pavsrv51.exe
+ PREVSRV   Panda Preventium+ © service   (Not verified) Panda Software   c:\program files\panda software\panda platinum 2005 internet security\prevsrv.exe
+ PSIMSVC   Common Interface Manager   (Not verified) Panda Software Internacional   c:\program files\panda software\panda platinum 2005 internet security\psimsvc.exe
+ WUSB54GPSVC   WLService   (Not verified) GEMTEKS   c:\program files\wireless-g portable usb adapter\wlservice.exe
HKLM\System\CurrentControlSet\Services
+ AvFlt         File not found: C:\WINDOWS\system32\drivers\av5flt.sys
+ basic2   NTRksample driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\basic2.sys
+ bvrp_pci         c:\windows\system32\drivers\bvrp_pci.sys
+ Cdr4_xp   CDR4_2k CDR Helper   (Not verified) Roxio   c:\windows\system32\drivers\cdr4_xp.sys
+ Cdralw2k   CDRAL for Windows 2000 Kernel Driver   (Not verified) Roxio   c:\windows\system32\drivers\cdralw2k.sys
+ cdudf_xp   CD-UDF NT Filesystem Driver   (Not verified) Roxio   c:\windows\system32\drivers\cdudf_xp.sys
+ Changer         File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ComFiltr         File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint   cPoint   (Not verified) Panda Software   c:\windows\system32\drivers\cpoint.sys
+ dvd_2K   DVD-RAM AddOn Driver   (Not verified) Roxio   c:\windows\system32\drivers\dvd_2k.sys
+ Fallback   Fallback driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\fallback.sys
+ Fsks   FSKsNT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\fsksnt.sys
+ GEARAspiWDM   CDRom Class Filter Driver   (Verified) GEAR Software Inc.   c:\windows\system32\drivers\gearaspiwdm.sys
+ GTNDIS5   PCAUSA NDIS 5.0 Protocol Driver   (Not verified) Printing Communications Assoc., Inc. (PCAUSA)   c:\windows\system32\gtndis5.sys
+ iAimTV2         File not found: System32\DRIVERS\wATV03nt.sys
+ Imapi   Imapi Windows XP Kernel Driver   (Not verified) Roxio Inc.   c:\windows\system32\drivers\imapirox.sys
+ K56   K56NT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\k56nt.sys
+ lbrtfdc         File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ mmc_2K   CD-R/RW AddOn MMC Driver (W2K)   (Not verified) Roxio   c:\windows\system32\drivers\mmc_2k.sys
+ Msikbd2k   Multimedia Keyboard Driver for Windows 2000   (Not verified) Netropa Corporation   c:\windows\system32\drivers\msikbd2k.sys
+ netflt   NetFlt   (Not verified) Panda Software   c:\windows\system32\drivers\netflt.sys
+ OMCI   OMCI Device Driver   (Not verified) Dell Computer Corporation   c:\windows\system32\drivers\omci.sys
+ PAVDRV   Antivirus Filter Driver for Windows XP/2003   (Not verified) Panda Software   c:\windows\system32\drivers\pavdrv51.sys
+ PavProc   Panda Process Protection driver   (Not verified) Panda Software   c:\windows\system32\drivers\pavproc.sys
+ PCIDump         File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP         File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME         File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI         File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME         File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ pwd_2K   Win2000 Framework for Packet Write Driver   (Not verified) Roxio   c:\windows\system32\drivers\pwd_2k.sys
+ Rksample   Rksample WDM driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\rksample.sys
+ ShldDrv   PandaShield driver   (Not verified) Panda Software   c:\windows\system32\drivers\shlddrv.sys
+ smwdm   SoundMAX Integrated Digital Audio    (Not verified) Analog Devices, Inc.   c:\windows\system32\drivers\smwdm.sys
+ SoftFax   FaxNT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\faxnt.sys
+ Teefer   Teefer Driver   (Not verified) Sygate Technologies, Inc.   c:\windows\system32\drivers\teefer.sys
+ Tones   TonesNT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\tonesnt.sys
+ UdfReadr_xp   CD-UDF NT Filesystem Reader Driver   (Not verified) Roxio   c:\windows\system32\drivers\udfreadr_xp.sys
+ V124   V124NT driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\v124nt.sys
+ WDICA         File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ wg3n   wgxn   (Not verified) Sygate Technologies, Inc.   c:\windows\system32\drivers\wg3n.sys
+ winachsf   WinACHSF driver   (Not verified) Conexant Systems   c:\windows\system32\drivers\hsf_cnxt.sys
+ wpsdrvnt   wpsdrvnt   (Not verified) Sygate Technologies, Inc.   c:\windows\system32\drivers\wpsdrvnt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe   Windows Logon UI   (Not verified) Microsoft Corporation   c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]]   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]   pavlsp Dynamic Link Library   (Not verified) Panda Software    c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ C:\WINDOWS\system32\vtstu.dll         File not found: C:\WINDOWS\system32\vtstu.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order

____________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:53 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 4307 bytes

Mr_X · « **Respuesta #7 en:** 24 de Marzo de 2008, 09:10:01 pm »

¿Cómo funciona la máquina ahora? ¿pudiste pasar el Panda?

Ejecuta el Autoruns, selecciona con el botón derecho la siguiente entrada y dale a 'Delete':

Código: [Seleccionar]

+ C:\WINDOWS\system32\vtstu.dll         File not found: C:\WINDOWS\system32\vtstu.dll

fher · « **Respuesta #8 en:** 25 de Marzo de 2008, 02:00:33 am »

Mr_X:

Bueno mi computador ha mejorado sustancialmente gracias a su ayuda; pude utilizar el panda y quisiera saber si puedo habilitar nuevamente el restaurardor del sistema y si debo cambiar de antivirus.

Gracias

Mr_X · « **Respuesta #9 en:** 25 de Marzo de 2008, 04:38:54 am »

1.-Sí, puedes habiltar el 'Restaurar el sistema'
2.-El Panda no es de lo mejor que digamos además de que consume muchos recursos... Yo recomiendo el Kaspersky, NOD32, AVG o Avast...

Saludos

Noticias:

Autor Tema: System Alert!!!!!! (SOLUCIONADO) (Leído 7156 veces)

fher

System Alert!!!!!! (SOLUCIONADO)

Mr_X

Re: System Alert!!!!!!

fher

Re: System Alert!!!!!!

Mr_X

Re: System Alert!!!!!!

fher

Re: System Alert!!!!!!

Mr_X

Re: System Alert!!!!!!

fher

Re: System Alert!!!!!!

Mr_X

Re: System Alert!!!!!!

fher

Re: System Alert!!!!!!

Mr_X

Re: System Alert!!!!!!