Foros de daboweb
SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: x-jota en 04 de Marzo de 2008, 08:52:37 pm
-
Características: Windows Vista, dualcore 3.4Mhz; 1GB ram 667Mhz;nod32, outpost.
hola socios, el último de mis problemas es que cuando estoy navegando con mozilla firefox, algunas páginas se me abren solas.
concretamente son de todoviaje, pixmania, orange y 3 o 4 más, se suelen repetir.
He pasado el spybot actualizado, el ad-aware2007, ambos a full scan más el outpost a tiempo real que también es bastante bueno cazando robots. ahora justamente acaba de terminar el escaneo completo de NOD 32 y nada.
Ya no ser que puede ser.
¿sabeis de alguna aplicación? ¿y de paso un tutorial para interpretar Hijackthis?
un saludazo.
-
Saca un log del HijackThis (clic aquí) (http://www.daboweb.com/foros/index.php/topic,13633.0.html)...
-
hola, perdona la tardanza, he estado ojeando un poco el tema antes de mandarte el pegote este. He restaurado a un punto anteror de windows, he restaurado a copias anteriores de registro de ccleaner y nada. Pero, también he cambiado de NOD32 a kaspersky y le he dado un repaso total. Cosa que ha funcionado, parece.
oye Mr.X, no quiero abusar, pero, ¿sabes como ejecutar unlocker con privilegios de depuración o cómo admin.?
recuerda que estoy en vista. Gracias de nuevo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:45, on 23/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\rundll32.exe
C:\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
--
End of file - 7770 bytes
-
definitivamente, noestá solucionado. Se siguen lanzando páginas. Os recuerdo que he pasado NOD32,kaspersky,AVG-antiespyware, + ad-aware, y spyboot y outpost que son los que tengo instalados aparte de kaspersky antivirus.
Es mosqueante porque las compañias que aparecen en las paginas no son de medio pelo que se diga. Tales como orange, vueling y alguna más que no recuerdo. Me sorprende que tengan que recurrir a un virus para publicitarse los muy hijos de pyche.
-
Reinicia en Modo seguro, saca el log del HijackThis y uno del Autoruns (clic aquí) (http://www.daboweb.com/foros/index.php/topic,25707.0.html)...
-
De momento el autoruns, no puedo apagar en unas horas.
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ AVP Kaspersky Anti-Virus (Verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
+ ISUSScheduler InstallShield Update Service Scheduler (Not verified) InstallShield Software Corporation c:\program files\common files\installshield\updateservice\issch.exe
+ OutpostFeedBack FeedBack Utility (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\feedback.exe
+ OutpostMonitor Outpost User Interface (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\op_mon.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\program files\quicktime\qttask.exe
+ SoundMan Realtek Sound Manager (Not verified) Realtek Semiconductor Corp. c:\windows\soundman.exe
+ UnlockerAssistant c:\program files\unlocker\unlockerassistant.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
+ LNSS Status Monitor.lnk (Verified) GFI Software Ltd. c:\program files\gfi\languard network security scanner 8.0\statusmonitor.exe
+ WinZip Quick Pick.lnk WinZip Executable (Verified) WinZip Computing c:\program files\winzip\wzqkpick.exe
C:\Users\karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ aplapl c:\users\karlos\appdata\local\aplapl.exe
+ ISUSPM Startup InstallShield Update Service Update Manager (Not verified) InstallShield Software Corporation c:\program files\common files\installshield\updateservice\isuspm.exe
+ SpybotSD TeaTimer System settings protector (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\teatimer.exe
+ Uniblue RegistryBooster 2 File not found: c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ ASW Outpost Shell Extension (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\op_shell.dll
+ Cover Designer Cover Designer (Verified) Nero AG c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll
+ Kaspersky Anti-Virus Windows Shell Extension (Verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll
+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbshell.dll
+ Notepad++ Context Handler Menu for Notepad++ (Not verified) Burgaud.com c:\program files\notepad++\nppcm.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ ASW Outpost Shell Extension (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\op_shell.dll
+ Kaspersky Anti-Virus Windows Shell Extension (Verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll
+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbshell.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ ASW Outpost Shell Extension (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\op_shell.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ dBpShell Class Provides dBpoweramp Shell Interaction (Not verified) Illustrate c:\program files\illustrate\dbpoweramp\dbshell.dll
+ NeroDigitalColumnHandler Class Nero Digital Shell Extension (Verified) Nero AG c:\program files\common files\nero\lib\nerodigitalext.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.3\program\shlxthdl.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ Identificador de icono superpuesto para firmas digitales de AutoCAD AcSignIcon Module (Verified) Autodesk, Inc c:\windows\system32\acsignicon.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll
+ APDFR Context Menu Shell Extension ShellExt Module c:\program files\apdfr\apdfrshl.dll
+ Autodesk Drawing Preview AcThumbnail Module (Verified) Autodesk, Inc c:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll
+ CDR Icon Handler Windows XP Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CDR Property Handler Windows Vista Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellvista.dll
+ CDR Thumbnail Provider Windows XP Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CMX Icon Handler Windows XP Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CMX Thumbnail Provider Windows XP Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ Corel Draw Cdr Preview Handler Windows Vista Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellvista.dll
+ CPT Icon Handler Windows XP Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ CPT Property Handler Windows Vista Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellvista.dll
+ CPT Thumbnail Provider Windows XP Shell Extension (Verified) Corel Corporation c:\program files\common files\corel\shared\shell extension\shellxp.dll
+ dBpoweramp Music Converter dMC Shell Module (Not verified) Illustrate c:\program files\illustrate\dbpoweramp\dmcshell.dll
+ Estadísticas del componente Web Anti-Virus Script Monitor Internet Explorer plugin (Verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\scieplgn.dll
+ Identificador de icono superpuesto para firmas digitales de AutoCAD AcSignIcon Module (Verified) Autodesk, Inc c:\windows\system32\acsignicon.dll
+ Macromedia FTP & RDS CfShellFtpRds Module (Not verified) Macromedia, Inc. c:\windows\system32\cfshellftprds.dll
+ NeroCoverEd Live Icons Cover Designer (Verified) Nero AG c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll
+ NeroDigitalIconHandler Nero Digital Shell Extension (Verified) Nero AG c:\program files\common files\nero\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler Nero Digital Shell Extension (Verified) Nero AG c:\program files\common files\nero\lib\nerodigitalext.dll
+ Nokia Phone Browser Phone Browser (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dll
+ OpenOffice.org Column Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ OpenOffice.org Infotip Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ OpenOffice.org Property Sheet Handler (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ OpenOffice.org Thumbnail Viewer (Not verified) Sun Microsystems, Inc. c:\program files\openoffice.org 2.3\program\shlxthdl.dll
+ PowerISO PowerISOShell DLL (Not verified) PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Conversion Toolbar Helper Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
+ Aplicación auxiliar de vínculos de Adobe PDF Reader Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ Spybot-S&D IE Protection SBSD IE Protection (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdhelper.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_07\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 2nd &Speech Center c:\program files\2nd speech center\tts4ie.dll
+ Adobe PDF Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
+ LEC LEC IE Translation Extension.dll (Not verified) Language Engineering Corporation, LLC c:\program files\power translator 10\applications\lec ie translation extension.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ \Uniblue SpeedUpMyPC SpeedUpMyPC (Verified) Uniblue Systems c:\program files\uniblue\speedupmypc 3\speedupmypc.exe
+ \Uniblue SpeedUpMyPC Nag SpeedUpMyPC (Verified) Uniblue Systems c:\program files\uniblue\speedupmypc 3\speedupmypc.exe
HKLM\System\CurrentControlSet\Services
+ aawservice Protects your computer from spyware (Verified) Lavasoft AB c:\program files\lavasoft\ad-aware 2007\aawservice.exe
+ acssrv Agnitum Client Security Service (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\acs.exe
+ AVP Ofrece protección contra virus y otros programas peligrosos. (Verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
+ FileZilla Server File not found: C:\Program Files\FileZilla Server\FileZilla Server.exe
+ gfi_lnss8_attservice Starts common sub-processes which are required by GFI products. (Verified) GFI Software Ltd. c:\program files\gfi\languard network security scanner 8.0\lnssatt.exe
+ LVCOMSer Logitech Video COM Service (Verified) Logitech Inc c:\program files\common files\logishrd\lvcomser\lvcomser.exe
+ LVPrcSrv Injector service (Verified) Logitech Inc c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe
+ LVSrvLauncher Launcher for Logitech Video Components. (Verified) Logitech Inc c:\program files\common files\logishrd\srvlnch\srvlnch.exe
+ Nero BackItUp Scheduler 3 Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP. (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbservice.exe
+ olMntrService Este servicio permite gestionar la Toolbox (Not verified) Olivetti c:\program files\olivetti\any_way\olmntrservice.exe
+ ProtexisLicensing Protexis Licensing Service c:\program files\common files\protexis\license service\psiservice.exe
+ PSI_SVC_2 This service provides Protexis licensing functionalty. (Verified) Protexis Inc. c:\program files\common files\protexis\license service\psiservice_2.exe
+ SBSDWSCService Spybot-S&D Security Center integration (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdwinsec.exe
+ ssoftservice This is a service needed for Cryptainer volume to load. If this service is stopped or disabled, Cryptainer will not function on this computer. (Not verified) Cypherix Software (India) Pvt. Ltd. c:\windows\system32\cryptainersrv.exe
HKLM\System\CurrentControlSet\Services
+ aaop3njv File not found: C:\Windows\System32\Drivers\aaop3njv.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) (Verified) Realtek Semiconductor Corp c:\windows\system32\drivers\rtkvac.sys
+ ASWFilt Agnitum Kernel Mode Anti-Spyware SandBox plug-in (Verified) Agnitum Ltd. c:\windows\system32\filt\aswfilt.dll
+ ElbyCDIO ElbyCD Windows NT/2000/XP I/O driver (Verified) Elaborate Bytes AG c:\windows\system32\drivers\elbycdio.sys
+ ElbyDelay Elby Delay Lower Filter Driver (Verified) Elaborate Bytes AG c:\windows\system32\drivers\elbydelay.sys
+ hotcore3 Hotbackup helper driver (Verified) Paragon Technologie GmbH c:\windows\system32\drivers\hotcore3.sys
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
+ OemBiosDevice Release Build v1.00 (Not verified) PARADOX c:\windows\system32\drivers\royal.sys
+ SandBox Agnitum Host Protection Component (Verified) Agnitum Ltd. c:\windows\system32\drivers\sandbox.sys
+ SCDEmu PowerISO Virtual Drive (Not verified) PowerISO Computing, Inc. c:\windows\system32\drivers\scdemu.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ ssoftnt4 Cryptainer Driver (Verified) Cypherix Software c:\windows\system32\drivers\ssoftnt4.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck lsdelete c:\windows\system32\lsdelete.exe
+ OODBS File not found: OODBS
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ c:\progra~1\agnitum\outpos~1\wl_hook.dll Outost Hooking Module (Not verified) Agnitum Ltd. c:\program files\agnitum\outpost firewall pro\wl_hook.dll
+ C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll Kaspersky Anti-Virus Ring 3 Hooker (Verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\r3hook.dll
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ klogon Logon Visualizer (Verified) Kaspersky Lab c:\windows\system32\klogon.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Adobe PDF Port Acrobat ® PDF Port (Verified) Adobe Systems, Incorporated c:\windows\system32\adobepdf.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
C:\Users\karlos\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
+ Contactos Ver una lista de contactos de Windows, buscar un contacto o seleccionar un contacto para mostrar la dirección de correo electrónico y los números de teléfono. (Not verified) Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\es-ES\Gadget.xml
+ Medidor de CPU Ver la CPU y la memoria del sistema (RAM) actuales en el equipo. (Not verified) Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\Gadget.xml
+ Notas Capturar ideas, notas y avisos de una forma rápida y sencilla. (Not verified) Microsoft Corporation C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\es-ES\Gadget.xml
+ Traductor Traduce texto hacia una variedad de lenguajes. (Not verified) Julio Casal C:\Users\karlos\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TraductorGadget-1.gadget\Gadget.xml
-
y ahí va hijackthis en modo seguro:
....he eliminado las entradas de GFI languard desde autoruns porque no puedo desistalarlo ni si quiera desde CCLEANER como administrador en modo seguro.
Logfile of Trend Micro HijackThis v2.0.2
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [aplapl] c:\users\karlos\appdata\local\aplapl.exe aplapl
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OP_CACHE.ATR
O4 - Startup: OP_CACHE.IDX
O4 - Global Startup: OP_CACHE.ATR
O4 - Global Startup: OP_CACHE.IDX
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.e-rol.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SYSTEM32\cryptainersrv.exe
--
End of file - 9104 bytes
-
he descubierto a través del autorun que es esta la entrada. El caso es que la elimino, guardo los cambios y
me vuelve a aparecer al reiniciar.
Tampoco aparece el fichero en el directorio.
¿cómo hago para eliminar el virus definitivamente?
npsvxfqyt.exe....c:\user\app\data.npsvxfqyt.exe
bueno, un saludo.