Autor Tema: paginas que se lanzan solas en mozilla (Leído 4643 veces)

x-jota · « **en:** 04 de Marzo de 2008, 08:52:37 pm »

Características: Windows Vista, dualcore 3.4Mhz; 1GB ram 667Mhz;nod32, outpost.
hola socios, el último de mis problemas es que cuando estoy navegando con mozilla firefox, algunas páginas se me abren solas.
concretamente son de todoviaje, pixmania, orange y 3 o 4 más, se suelen repetir.
He pasado el spybot actualizado, el ad-aware2007, ambos a full scan más el outpost a tiempo real que también es bastante bueno cazando robots. ahora justamente acaba de terminar el escaneo completo de NOD 32 y nada.
Ya no ser que puede ser.
¿sabeis de alguna aplicación? ¿y de paso un tutorial para interpretar Hijackthis?
un saludazo.

Mr_X · « **Respuesta #1 en:** 05 de Marzo de 2008, 09:07:51 pm »

Saca un log del HijackThis (clic aquí)...

x-jota · « **Respuesta #2 en:** 18 de Marzo de 2008, 08:55:01 am »

hola, perdona la tardanza, he estado ojeando un poco el tema antes de mandarte el pegote este. He restaurado a un punto anteror de windows, he restaurado a copias anteriores de registro de ccleaner y nada. Pero, también he cambiado de NOD32 a kaspersky y le he dado un repaso total. Cosa que ha funcionado, parece.
oye Mr.X, no quiero abusar, pero, ¿sabes como ejecutar unlocker con privilegios de depuración o cómo admin.?

recuerda que estoy en vista. Gracias de nuevo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:45, on 23/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe

--
End of file - 7770 bytes

x-jota · « **Respuesta #3 en:** 19 de Marzo de 2008, 09:32:16 am »

definitivamente, noestá solucionado. Se siguen lanzando páginas. Os recuerdo que he pasado NOD32,kaspersky,AVG-antiespyware, + ad-aware, y spyboot y outpost que son los que tengo instalados aparte de kaspersky antivirus.
Es mosqueante porque las compañias que aparecen en las paginas no son de medio pelo que se diga. Tales como orange, vueling y alguna más que no recuerdo. Me sorprende que tengan que recurrir a un virus para publicitarse los muy hijos de pyche.

Mr_X · « **Respuesta #4 en:** 19 de Marzo de 2008, 03:51:08 pm »

Reinicia en Modo seguro, saca el log del HijackThis y uno del Autoruns (clic aquí)...

x-jota · « **Respuesta #5 en:** 02 de Abril de 2008, 10:55:57 am »

De momento el autoruns, no puedo apagar en unas horas.

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher   Adobe Acrobat SpeedLauncher   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ AVP   Kaspersky Anti-Virus   (Verified) Kaspersky Lab   c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
+ ISUSScheduler   InstallShield Update Service Scheduler   (Not verified) InstallShield Software Corporation   c:\program files\common files\installshield\updateservice\issch.exe
+ OutpostFeedBack   FeedBack Utility   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\feedback.exe
+ OutpostMonitor   Outpost User Interface   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\op_mon.exe
+ QuickTime Task   QuickTime Task   (Not verified) Apple Inc.   c:\program files\quicktime\qttask.exe
+ SoundMan   Realtek Sound Manager   (Not verified) Realtek Semiconductor Corp.   c:\windows\soundman.exe
+ UnlockerAssistant         c:\program files\unlocker\unlockerassistant.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
+ LNSS Status Monitor.lnk      (Verified) GFI Software Ltd.   c:\program files\gfi\languard network security scanner 8.0\statusmonitor.exe
+ WinZip Quick Pick.lnk   WinZip Executable   (Verified) WinZip Computing   c:\program files\winzip\wzqkpick.exe
C:\Users\karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ aplapl         c:\users\karlos\appdata\local\aplapl.exe
+ ISUSPM Startup   InstallShield Update Service Update Manager   (Not verified) InstallShield Software Corporation   c:\program files\common files\installshield\updateservice\isuspm.exe
+ SpybotSD TeaTimer   System settings protector   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\teatimer.exe
+ Uniblue RegistryBooster 2         File not found: c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Adobe.Acrobat.ContextMenu   Adobe Acrobat Context Menu   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ ASW   Outpost Shell Extension   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\op_shell.dll
+ Cover Designer   Cover Designer   (Verified) Nero AG   c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll
+ Kaspersky Anti-Virus   Windows Shell Extension   (Verified) Kaspersky Lab   c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll
+ NBShellHook Class   Nero BackItUp   (Verified) Nero AG   c:\program files\nero\nero8\nero backitup\nbshell.dll
+ Notepad++   Context Handler Menu for Notepad++   (Not verified) Burgaud.com   c:\program files\notepad++\nppcm.dll
+ PowerISO   PowerISOShell DLL   (Not verified) PowerISO Computing, Inc.   c:\program files\poweriso\pwrisosh.dll
+ WinRAR         c:\program files\winrar\rarext.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Adobe.Acrobat.ContextMenu   Adobe Acrobat Context Menu   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ ASW   Outpost Shell Extension   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\op_shell.dll
+ Kaspersky Anti-Virus   Windows Shell Extension   (Verified) Kaspersky Lab   c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll
+ NBShellHook Class   Nero BackItUp   (Verified) Nero AG   c:\program files\nero\nero8\nero backitup\nbshell.dll
+ PowerISO   PowerISOShell DLL   (Not verified) PowerISO Computing, Inc.   c:\program files\poweriso\pwrisosh.dll
+ WinRAR         c:\program files\winrar\rarext.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ ASW   Outpost Shell Extension   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\op_shell.dll
+ PowerISO   PowerISOShell DLL   (Not verified) PowerISO Computing, Inc.   c:\program files\poweriso\pwrisosh.dll
+ WinRAR         c:\program files\winrar\rarext.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ dBpShell Class   Provides dBpoweramp Shell Interaction   (Not verified) Illustrate   c:\program files\illustrate\dbpoweramp\dbshell.dll
+ NeroDigitalColumnHandler Class   Nero Digital Shell Extension   (Verified) Nero AG   c:\program files\common files\nero\lib\nerodigitalext.dll
+ PDF Shell Extension   PDF Shell Extension   (Not verified) Adobe Systems, Inc.   c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}      (Not verified) Sun Microsystems, Inc.   c:\program files\openoffice.org 2.3\program\shlxthdl.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ Identificador de icono superpuesto para firmas digitales de AutoCAD   AcSignIcon Module   (Verified) Autodesk, Inc   c:\windows\system32\acsignicon.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adobe.Acrobat.ContextMenu   Adobe Acrobat Context Menu   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ APDFR Context Menu Shell Extension   ShellExt Module      c:\program files\apdfr\apdfrshl.dll
+ Autodesk Drawing Preview   AcThumbnail Module   (Verified) Autodesk, Inc   c:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll
+ CDR Icon Handler   Windows XP Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CDR Property Handler   Windows Vista Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellvista.dll
+ CDR Thumbnail Provider   Windows XP Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CMX Icon Handler   Windows XP Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CMX Thumbnail Provider   Windows XP Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ Corel Draw Cdr Preview Handler   Windows Vista Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellvista.dll
+ CPT Icon Handler   Windows XP Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CPT Property Handler   Windows Vista Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellvista.dll
+ CPT Thumbnail Provider   Windows XP Shell Extension   (Verified) Corel Corporation   c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ dBpoweramp Music Converter   dMC Shell Module   (Not verified) Illustrate   c:\program files\illustrate\dbpoweramp\dmcshell.dll
+ Estadísticas del componente Web Anti-Virus   Script Monitor Internet Explorer plugin   (Verified) Kaspersky Lab   c:\program files\kaspersky lab\kaspersky anti-virus 7.0\scieplgn.dll
+ Identificador de icono superpuesto para firmas digitales de AutoCAD   AcSignIcon Module   (Verified) Autodesk, Inc   c:\windows\system32\acsignicon.dll
+ Macromedia FTP & RDS   CfShellFtpRds Module   (Not verified) Macromedia, Inc.   c:\windows\system32\cfshellftprds.dll
+ NeroCoverEd Live Icons   Cover Designer   (Verified) Nero AG   c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll
+ NeroDigitalIconHandler   Nero Digital Shell Extension   (Verified) Nero AG   c:\program files\common files\nero\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler   Nero Digital Shell Extension   (Verified) Nero AG   c:\program files\common files\nero\lib\nerodigitalext.dll
+ Nokia Phone Browser   Phone Browser   (Not verified) Nokia   c:\program files\nokia\nokia pc suite 6\phonebrowser.dll
+ OpenOffice.org Column Handler      (Not verified) Sun Microsystems, Inc.   c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ OpenOffice.org Infotip Handler      (Not verified) Sun Microsystems, Inc.   c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ OpenOffice.org Property Sheet Handler      (Not verified) Sun Microsystems, Inc.   c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ OpenOffice.org Thumbnail Viewer      (Not verified) Sun Microsystems, Inc.   c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ PowerISO   PowerISOShell DLL   (Not verified) PowerISO Computing, Inc.   c:\program files\poweriso\pwrisosh.dll
+ UnlockerShellExtension         c:\program files\unlocker\unlockercom.dll
+ WinRAR shell extension         c:\program files\winrar\rarext.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Conversion Toolbar Helper   Adobe PDF Toolbar for Internet Explorer   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
+ Aplicación auxiliar de vínculos de Adobe PDF Reader   Adobe PDF Helper for Internet Explorer   (Verified) Adobe Systems, Incorporated   c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ Spybot-S&D IE Protection   SBSD IE Protection   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\sdhelper.dll
+ SSVHelper Class   Java(TM) 2 Platform Standard Edition binary   (Not verified) Sun Microsystems, Inc.   c:\program files\java\jre1.5.0_07\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 2nd &Speech Center         c:\program files\2nd speech center\tts4ie.dll
+ Adobe PDF   Adobe PDF Toolbar for Internet Explorer   (Verified) Adobe Systems, Incorporated   c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
+ LEC   LEC IE Translation Extension.dll   (Not verified) Language Engineering Corporation, LLC   c:\program files\power translator 10\applications\lec ie translation extension.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ \Uniblue SpeedUpMyPC   SpeedUpMyPC   (Verified) Uniblue Systems   c:\program files\uniblue\speedupmypc 3\speedupmypc.exe
+ \Uniblue SpeedUpMyPC Nag   SpeedUpMyPC   (Verified) Uniblue Systems   c:\program files\uniblue\speedupmypc 3\speedupmypc.exe
HKLM\System\CurrentControlSet\Services
+ aawservice   Protects your computer from spyware   (Verified) Lavasoft AB   c:\program files\lavasoft\ad-aware 2007\aawservice.exe
+ acssrv   Agnitum Client Security Service   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\acs.exe
+ AVP   Ofrece protección contra virus y otros programas peligrosos.   (Verified) Kaspersky Lab   c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
+ FileZilla Server         File not found: C:\Program Files\FileZilla Server\FileZilla Server.exe
+ gfi_lnss8_attservice   Starts common sub-processes which are required by GFI products.   (Verified) GFI Software Ltd.   c:\program files\gfi\languard network security scanner 8.0\lnssatt.exe
+ LVCOMSer   Logitech Video COM Service   (Verified) Logitech Inc   c:\program files\common files\logishrd\lvcomser\lvcomser.exe
+ LVPrcSrv   Injector service   (Verified) Logitech Inc   c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe
+ LVSrvLauncher   Launcher for Logitech Video Components.   (Verified) Logitech Inc   c:\program files\common files\logishrd\srvlnch\srvlnch.exe
+ Nero BackItUp Scheduler 3   Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.   (Verified) Nero AG   c:\program files\nero\nero8\nero backitup\nbservice.exe
+ olMntrService   Este servicio permite gestionar la Toolbox   (Not verified) Olivetti   c:\program files\olivetti\any_way\olmntrservice.exe
+ ProtexisLicensing   Protexis Licensing Service      c:\program files\common files\protexis\license service\psiservice.exe
+ PSI_SVC_2   This service provides Protexis licensing functionalty.   (Verified) Protexis Inc.   c:\program files\common files\protexis\license service\psiservice_2.exe
+ SBSDWSCService   Spybot-S&D Security Center integration   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\sdwinsec.exe
+ ssoftservice   This is a service needed for Cryptainer volume to load. If this service is stopped or disabled, Cryptainer will not function on this computer.   (Not verified) Cypherix Software (India) Pvt. Ltd.   c:\windows\system32\cryptainersrv.exe
HKLM\System\CurrentControlSet\Services
+ aaop3njv         File not found: C:\Windows\System32\Drivers\aaop3njv.sys
+ ALCXWDM   Realtek AC'97 Audio Driver (WDM)   (Verified) Realtek Semiconductor Corp   c:\windows\system32\drivers\rtkvac.sys
+ ASWFilt   Agnitum Kernel Mode Anti-Spyware SandBox plug-in   (Verified) Agnitum Ltd.   c:\windows\system32\filt\aswfilt.dll
+ ElbyCDIO   ElbyCD Windows NT/2000/XP I/O driver   (Verified) Elaborate Bytes AG   c:\windows\system32\drivers\elbycdio.sys
+ ElbyDelay   Elby Delay Lower Filter Driver   (Verified) Elaborate Bytes AG   c:\windows\system32\drivers\elbydelay.sys
+ hotcore3   Hotbackup helper driver   (Verified) Paragon Technologie GmbH   c:\windows\system32\drivers\hotcore3.sys
+ IpInIp   IP in IP Tunnel Driver      File not found: system32\DRIVERS\ipinip.sys
+ NwlnkFlt   IPX Traffic Filter Driver      File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd   IPX Traffic Forwarder Driver      File not found: system32\DRIVERS\nwlnkfwd.sys
+ OemBiosDevice   Release Build v1.00   (Not verified) PARADOX   c:\windows\system32\drivers\royal.sys
+ SandBox   Agnitum Host Protection Component   (Verified) Agnitum Ltd.   c:\windows\system32\drivers\sandbox.sys
+ SCDEmu   PowerISO Virtual Drive   (Not verified) PowerISO Computing, Inc.   c:\windows\system32\drivers\scdemu.sys
+ sptd         c:\windows\system32\drivers\sptd.sys
+ ssoftnt4   Cryptainer Driver   (Verified) Cypherix Software   c:\windows\system32\drivers\ssoftnt4.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck lsdelete         c:\windows\system32\lsdelete.exe
+ OODBS         File not found: OODBS
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ c:\progra~1\agnitum\outpos~1\wl_hook.dll   Outost Hooking Module   (Not verified) Agnitum Ltd.   c:\program files\agnitum\outpost firewall pro\wl_hook.dll
+ C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll   Kaspersky Anti-Virus Ring 3 Hooker   (Verified) Kaspersky Lab   c:\program files\kaspersky lab\kaspersky anti-virus 7.0\r3hook.dll
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ klogon   Logon Visualizer   (Verified) Kaspersky Lab   c:\windows\system32\klogon.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Adobe PDF Port   Acrobat ® PDF Port   (Verified) Adobe Systems, Incorporated   c:\windows\system32\adobepdf.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
C:\Users\karlos\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
+ Contactos   Ver una lista de contactos de Windows, buscar un contacto o seleccionar un contacto para mostrar la dirección de correo electrónico y los números de teléfono.   (Not verified) Microsoft Corporation   C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\es-ES\Gadget.xml
+ Medidor de CPU   Ver la CPU y la memoria del sistema (RAM) actuales en el equipo.   (Not verified) Microsoft Corporation   C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\Gadget.xml
+ Notas   Capturar ideas, notas y avisos de una forma rápida y sencilla.   (Not verified) Microsoft Corporation   C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\es-ES\Gadget.xml
+ Traductor   Traduce texto hacia una variedad de lenguajes.   (Not verified) Julio Casal   C:\Users\karlos\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TraductorGadget-1.gadget\Gadget.xml

x-jota · « **Respuesta #6 en:** 03 de Abril de 2008, 07:54:04 am »

y ahí va hijackthis en modo seguro:
....he eliminado las entradas de GFI languard desde autoruns porque no puedo desistalarlo ni si quiera desde CCLEANER como administrador en modo seguro.

Logfile of Trend Micro HijackThis v2.0.2
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [aplapl] c:\users\karlos\appdata\local\aplapl.exe aplapl
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.e-rol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe

--
End of file - 9104 bytes

x-jota · « **Respuesta #7 en:** 14 de Abril de 2008, 07:51:38 pm »

he descubierto a través del autorun que es esta la entrada. El caso es que la elimino, guardo los cambios y
me vuelve a aparecer al reiniciar.
Tampoco aparece el fichero en el directorio.
¿cómo hago para eliminar el virus definitivamente?

npsvxfqyt.exe....c:\user\app\data.npsvxfqyt.exe

bueno, un saludo.

Noticias:

Autor Tema: paginas que se lanzan solas en mozilla (Leído 4643 veces)

x-jota

paginas que se lanzan solas en mozilla

Mr_X

Re: paginas que se lanzan solas en mozilla

x-jota

Re: paginas que se lanzan solas en mozilla

x-jota

Re: paginas que se lanzan solas en mozilla

Mr_X

Re: paginas que se lanzan solas en mozilla

x-jota

Re: paginas que se lanzan solas en mozilla

x-jota

Re: paginas que se lanzan solas en mozilla

x-jota

Re: paginas que se lanzan solas en mozilla