Foros de daboweb
SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: fher en 19 de Marzo de 2008, 08:56:35 pm
-
Hola a todos:
Hace varios dias he tenido el siguiente error "System Alert" y busque dentro del foro la solucion para ello y observo que el primer paso es pegar mi log generado con el HiJack. Espero puedan darme una manito ; gracias.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:51 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [787eb516] rundll32.exe "C:\WINDOWS\system32\bsiuyfug.dll",b
O4 - HKLM\..\Run: [BM7b4d868a] Rundll32.exe "C:\WINDOWS\system32\ptprfmwy.dll",s
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{412397DF-0656-40DD-8E48-095202B74903}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
--
End of file - 6065 bytes
-
Haz copia de seguridad del registro utilizando el ERUNT (clic aquí) (http://www.daboweb.com/foros/index.php/topic,27469.0.html); deshabilita el 'Restaurar el sistema' (clic aquí) (http://www.windowsfacil.com/manuales1/desactivar-restaurar-sistema/desactivar-restaurar-sistema.htm); reinicia en Modo seguro, ejecuta el HijackThis, marca la casilla a la izquierda de las siguientes entradas y dale al botón [Fix checked]:
O4 - HKLM\..\Run: [787eb516] rundll32.exe "C:\WINDOWS\system32\bsiuyfug.dll",b
O4 - HKLM\..\Run: [BM7b4d868a] Rundll32.exe "C:\WINDOWS\system32\ptprfmwy.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{412397DF-0656-40DD-8E48-095202B74903}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: NameServer = 85.255.114.34,85.255.112.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
Reinicia normal, baja el SmitFraudFix (clic aquí) (http://siri.geekstogo.com/SmitfraudFix.php), reinicia en Modo seguro y ejecútalo, selecciona la opción 2, dile que sí [Y] a lo que te pregunte... Reinicia normal, actualiza el ¿Panda? y pásalo reiniciando en Modo seguro... Saca un nuevo log del HijackThis y pega aquí el contenido del archivo C:\rapport.txt...
-
Mr. X:
Agradezco la colaraboracion que me brinda y he seguido sus indicaciones al pie de la letra lo unico que no puede realizar fue el scaneo con "panda platinum" pues llega a un punto donde se queda congelado el programa y he intentado varias cosas para correr el programa pero ninguna me funciona.
Estos son los reportes del HiJackThis y el SmitFraudFix v2.305:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:16 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: {cb503d8a-c5d0-28a9-07f4-2b444eecec76} - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - C:\WINDOWS\system32\hpddgyqt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - C:\WINDOWS\system32\pmnooom.dll (file missing)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: pmnooom - pmnooom.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
--
End of file - 7334 bytes
SmitFraudFix v2.305
Scan done at 19:51:06.37, Thu 03/20/2008
Run from C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VirusHeat 4.3\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2421F356-9425-45F7-B11B-8A15766D1036}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{280FFF97-0BDD-4CBF-922E-76A6E1962CA0}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40ECEF5B-690E-42D1-9EF8-B0CF82BAE252}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{95568910-3BA0-448E-B3F4-231CC9F2ADC5}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CE113FC6-4E4E-4F95-94D2-72EE614D15B7}: DhcpNameServer=85.255.114.34,85.255.112.132
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdsff.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdsff.exe not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Ok. Tenemos copia de seguridad del registro ¿verdad? Reiniciamos en Modo seguro para seguir los pasos ¿verdad? Deshabilitamos el 'Restaurar el sistema' ¿verdad?
¿Cómo te conectas a Internet? ¿quién es tu proveedor de Internet?
Haz una nueva copia de seguridad del registro con el ERUNT... Vuelve a iniciar en Modo seguro, ejecuta el HijackThis y elimina las siguientes entradas:
O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: {cb503d8a-c5d0-28a9-07f4-2b444eecec76} - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - C:\WINDOWS\system32\hpddgyqt.dll (file missing)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - C:\WINDOWS\system32\pmnooom.dll (file missing)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - C:\WINDOWS\system32\vtstu.dll (file missing)
Reinicia normal, baja el VundoFix (clic aquí) (http://vundofix.atribune.org/) y ejecútalo-->[Scan for Vundo]-->[Remove Vundo]-->[Yes]... Una vez que reinicia Windows, actualiza el Panda y el Spybot S&D y pásalos reiniciando en Modo seguro... Saca un nuevo log del HijackThis y uno del Autoruns (clic aquí) (http://www.daboweb.com/foros/index.php/topic,25707.0.html) (hazlos estos dos iniciando en Modo seguro) y, también, pega aquí el contenido del archivo C:\vundofix.txt...
-
Mr_X:
Nuevamente gracias por la ayuda prestada; he terminado de realizar todos los procedimientos facilitados por usted en el foro y estare anexando los reportes generados por los distintos programas utilizados, tan solo cuando utilice el VundoFix el scaneo no encontro ningun archivo infectado y pienso que por esta razon no me creo un reporte.
Bueno en cuanto a su pregunta acerca de mi servicio de internet lo obtengo atravez de banda ancha y conectado a un wireless inicialmente tenia un proveedor llamado Time Warner pero en la actualidad es Verizon son companias de los E.E.U.U tambien he notado que al revisar el estado de mi coneccion se estandarizo en 1mbps y no oscila como frecuentemente lo hacia haciendo el acceso a internet mas lento la verdad no conozco mucho del tema pero desearia conocer como mejorar un poco la velocidad.
Como informacion adicional he instalado una actualizacion de memoria a el pc tratando de mejorar el rendimiento de la maquina y quisiera un concepto acerca de la utilizacion de Panda Platinium como software antivirus pues veo que utiliza una gran cantidad de recuersos del sistema.
Autoruns
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\guillermo hernandez\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Panda Antivirus pavole (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Panda Antivirus pavole (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL (Not verified) Roxio c:\program files\adaptec\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll
+ Panda Antivirus pavole (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Aplicación auxiliar de vínculos de Adobe PDF Reader Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} MoneySide Controls (Not verified) Microsoft Corporation c:\program files\microsoft money\system\mnyviewer.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ Nhksrv c:\windows\nhksrv.exe
+ PASSRV c:\program files\panda software\panda platinum 2005 internet security\passrv.exe
+ PAVFIRES Personal Firewall Service (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\firewall\pavfires.exe
+ PAVFNSVR Panda Function Service (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavfnsvr.exe
+ Pavkre PavKre Aplicación (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavkre.exe
+ PavProt PavProt Application (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavprot.exe
+ PavPrSrv Panda Process Protection Service (Not verified) Panda Software c:\program files\common files\panda software\pavshld\pavprsrv.exe
+ PAVSRV On-Access Antivirus Scanner Service. (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavsrv51.exe
+ PREVSRV Panda Preventium+ © service (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\prevsrv.exe
+ PSIMSVC Common Interface Manager (Not verified) Panda Software Internacional c:\program files\panda software\panda platinum 2005 internet security\psimsvc.exe
+ WUSB54GPSVC WLService (Not verified) GEMTEKS c:\program files\wireless-g portable usb adapter\wlservice.exe
HKLM\System\CurrentControlSet\Services
+ AvFlt File not found: C:\WINDOWS\system32\drivers\av5flt.sys
+ basic2 NTRksample driver (Not verified) Conexant Systems c:\windows\system32\drivers\basic2.sys
+ bvrp_pci c:\windows\system32\drivers\bvrp_pci.sys
+ Cdr4_xp CDR4_2k CDR Helper (Not verified) Roxio c:\windows\system32\drivers\cdr4_xp.sys
+ Cdralw2k CDRAL for Windows 2000 Kernel Driver (Not verified) Roxio c:\windows\system32\drivers\cdralw2k.sys
+ cdudf_xp CD-UDF NT Filesystem Driver (Not verified) Roxio c:\windows\system32\drivers\cdudf_xp.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint cPoint (Not verified) Panda Software c:\windows\system32\drivers\cpoint.sys
+ dvd_2K DVD-RAM AddOn Driver (Not verified) Roxio c:\windows\system32\drivers\dvd_2k.sys
+ Fallback Fallback driver (Not verified) Conexant Systems c:\windows\system32\drivers\fallback.sys
+ Fsks FSKsNT driver (Not verified) Conexant Systems c:\windows\system32\drivers\fsksnt.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ GTNDIS5 PCAUSA NDIS 5.0 Protocol Driver (Not verified) Printing Communications Assoc., Inc. (PCAUSA) c:\windows\system32\gtndis5.sys
+ iAimTV2 File not found: System32\DRIVERS\wATV03nt.sys
+ Imapi Imapi Windows XP Kernel Driver (Not verified) Roxio Inc. c:\windows\system32\drivers\imapirox.sys
+ K56 K56NT driver (Not verified) Conexant Systems c:\windows\system32\drivers\k56nt.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ mmc_2K CD-R/RW AddOn MMC Driver (W2K) (Not verified) Roxio c:\windows\system32\drivers\mmc_2k.sys
+ Msikbd2k Multimedia Keyboard Driver for Windows 2000 (Not verified) Netropa Corporation c:\windows\system32\drivers\msikbd2k.sys
+ netflt NetFlt (Not verified) Panda Software c:\windows\system32\drivers\netflt.sys
+ OMCI OMCI Device Driver (Not verified) Dell Computer Corporation c:\windows\system32\drivers\omci.sys
+ PAVDRV Antivirus Filter Driver for Windows XP/2003 (Not verified) Panda Software c:\windows\system32\drivers\pavdrv51.sys
+ PavProc Panda Process Protection driver (Not verified) Panda Software c:\windows\system32\drivers\pavproc.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ pwd_2K Win2000 Framework for Packet Write Driver (Not verified) Roxio c:\windows\system32\drivers\pwd_2k.sys
+ Rksample Rksample WDM driver (Not verified) Conexant Systems c:\windows\system32\drivers\rksample.sys
+ ShldDrv PandaShield driver (Not verified) Panda Software c:\windows\system32\drivers\shlddrv.sys
+ smwdm SoundMAX Integrated Digital Audio (Not verified) Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys
+ SoftFax FaxNT driver (Not verified) Conexant Systems c:\windows\system32\drivers\faxnt.sys
+ Teefer Teefer Driver (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\teefer.sys
+ Tones TonesNT driver (Not verified) Conexant Systems c:\windows\system32\drivers\tonesnt.sys
+ UdfReadr_xp CD-UDF NT Filesystem Reader Driver (Not verified) Roxio c:\windows\system32\drivers\udfreadr_xp.sys
+ V124 V124NT driver (Not verified) Conexant Systems c:\windows\system32\drivers\v124nt.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ wg3n wgxn (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg3n.sys
+ winachsf WinACHSF driver (Not verified) Conexant Systems c:\windows\system32\drivers\hsf_cnxt.sys
+ wpsdrvnt wpsdrvnt (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wpsdrvnt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ pmnooom File not found: pmnooom.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ C:\WINDOWS\system32\vtstu.dll File not found: C:\WINDOWS\system32\vtstu.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:52 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - (no file)
O2 - BHO: (no name) - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E6E56CD-3B3B-4D48-BD06-4BBC66ED45F0}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: pmnooom - pmnooom.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
--
End of file - 5222 bytes
-
Haz copia de seguridad del registro, reinicia en Modo seguro y borra estas entradas con el HijackThis:
O2 - BHO: (no name) - {67BAFFED-CADD-4DAE-BEF6-9EA20EF2C46C} - (no file)
O2 - BHO: (no name) - {67cecee4-44b2-4f70-9a82-0d5ca8d305bc} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1DB2B5-D02A-4082-A650-345857F03206} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {D06606C5-7DEC-4EBF-8E27-9D58D593F64F} - (no file)
O2 - BHO: (no name) - {EDD7598F-8B08-4039-BE66-2A9D6BA0F7DC} - (no file)
O20 - Winlogon Notify: pmnooom - pmnooom.dll (file missing)
Reinicia normal, actualiza el Panda y el Spybot S&D y pásalos reiniciando en Modo seguro... Nuevos logs...
-
Mr_X:
Estos son los nuevos logs:
Auto runs:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\guillermo hernandez\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
+ ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Panda Antivirus pavole (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Panda Antivirus pavole (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL (Not verified) Roxio c:\program files\adaptec\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll
+ Panda Antivirus pavole (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavole.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Aplicación auxiliar de vínculos de Adobe PDF Reader Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} MoneySide Controls (Not verified) Microsoft Corporation c:\program files\microsoft money\system\mnyviewer.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ Nhksrv c:\windows\nhksrv.exe
+ PASSRV c:\program files\panda software\panda platinum 2005 internet security\passrv.exe
+ PAVFIRES Personal Firewall Service (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\firewall\pavfires.exe
+ PAVFNSVR Panda Function Service (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavfnsvr.exe
+ Pavkre PavKre Aplicación (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavkre.exe
+ PavProt PavProt Application (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavprot.exe
+ PavPrSrv Panda Process Protection Service (Not verified) Panda Software c:\program files\common files\panda software\pavshld\pavprsrv.exe
+ PAVSRV On-Access Antivirus Scanner Service. (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavsrv51.exe
+ PREVSRV Panda Preventium+ © service (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\prevsrv.exe
+ PSIMSVC Common Interface Manager (Not verified) Panda Software Internacional c:\program files\panda software\panda platinum 2005 internet security\psimsvc.exe
+ WUSB54GPSVC WLService (Not verified) GEMTEKS c:\program files\wireless-g portable usb adapter\wlservice.exe
HKLM\System\CurrentControlSet\Services
+ AvFlt File not found: C:\WINDOWS\system32\drivers\av5flt.sys
+ basic2 NTRksample driver (Not verified) Conexant Systems c:\windows\system32\drivers\basic2.sys
+ bvrp_pci c:\windows\system32\drivers\bvrp_pci.sys
+ Cdr4_xp CDR4_2k CDR Helper (Not verified) Roxio c:\windows\system32\drivers\cdr4_xp.sys
+ Cdralw2k CDRAL for Windows 2000 Kernel Driver (Not verified) Roxio c:\windows\system32\drivers\cdralw2k.sys
+ cdudf_xp CD-UDF NT Filesystem Driver (Not verified) Roxio c:\windows\system32\drivers\cdudf_xp.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint cPoint (Not verified) Panda Software c:\windows\system32\drivers\cpoint.sys
+ dvd_2K DVD-RAM AddOn Driver (Not verified) Roxio c:\windows\system32\drivers\dvd_2k.sys
+ Fallback Fallback driver (Not verified) Conexant Systems c:\windows\system32\drivers\fallback.sys
+ Fsks FSKsNT driver (Not verified) Conexant Systems c:\windows\system32\drivers\fsksnt.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ GTNDIS5 PCAUSA NDIS 5.0 Protocol Driver (Not verified) Printing Communications Assoc., Inc. (PCAUSA) c:\windows\system32\gtndis5.sys
+ iAimTV2 File not found: System32\DRIVERS\wATV03nt.sys
+ Imapi Imapi Windows XP Kernel Driver (Not verified) Roxio Inc. c:\windows\system32\drivers\imapirox.sys
+ K56 K56NT driver (Not verified) Conexant Systems c:\windows\system32\drivers\k56nt.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ mmc_2K CD-R/RW AddOn MMC Driver (W2K) (Not verified) Roxio c:\windows\system32\drivers\mmc_2k.sys
+ Msikbd2k Multimedia Keyboard Driver for Windows 2000 (Not verified) Netropa Corporation c:\windows\system32\drivers\msikbd2k.sys
+ netflt NetFlt (Not verified) Panda Software c:\windows\system32\drivers\netflt.sys
+ OMCI OMCI Device Driver (Not verified) Dell Computer Corporation c:\windows\system32\drivers\omci.sys
+ PAVDRV Antivirus Filter Driver for Windows XP/2003 (Not verified) Panda Software c:\windows\system32\drivers\pavdrv51.sys
+ PavProc Panda Process Protection driver (Not verified) Panda Software c:\windows\system32\drivers\pavproc.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ pwd_2K Win2000 Framework for Packet Write Driver (Not verified) Roxio c:\windows\system32\drivers\pwd_2k.sys
+ Rksample Rksample WDM driver (Not verified) Conexant Systems c:\windows\system32\drivers\rksample.sys
+ ShldDrv PandaShield driver (Not verified) Panda Software c:\windows\system32\drivers\shlddrv.sys
+ smwdm SoundMAX Integrated Digital Audio (Not verified) Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys
+ SoftFax FaxNT driver (Not verified) Conexant Systems c:\windows\system32\drivers\faxnt.sys
+ Teefer Teefer Driver (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\teefer.sys
+ Tones TonesNT driver (Not verified) Conexant Systems c:\windows\system32\drivers\tonesnt.sys
+ UdfReadr_xp CD-UDF NT Filesystem Reader Driver (Not verified) Roxio c:\windows\system32\drivers\udfreadr_xp.sys
+ V124 V124NT driver (Not verified) Conexant Systems c:\windows\system32\drivers\v124nt.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ wg3n wgxn (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg3n.sys
+ winachsf WinACHSF driver (Not verified) Conexant Systems c:\windows\system32\drivers\hsf_cnxt.sys
+ wpsdrvnt wpsdrvnt (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wpsdrvnt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe Windows Logon UI (Not verified) Microsoft Corporation c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\program files\panda software\panda platinum 2005 internet security\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ C:\WINDOWS\system32\vtstu.dll File not found: C:\WINDOWS\system32\vtstu.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
____________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:53 PM, on 3/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\guillermo hernandez\My Documents\My Received Files\HiJackThis\HijackThis.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130278706968
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
--
End of file - 4307 bytes
-
¿Cómo funciona la máquina ahora? ¿pudiste pasar el Panda?
Ejecuta el Autoruns, selecciona con el botón derecho la siguiente entrada y dale a 'Delete':
+ C:\WINDOWS\system32\vtstu.dll File not found: C:\WINDOWS\system32\vtstu.dll
-
Mr_X:
Bueno mi computador ha mejorado sustancialmente gracias a su ayuda; pude utilizar el panda y quisiera saber si puedo habilitar nuevamente el restaurardor del sistema y si debo cambiar de antivirus.
Gracias
-
1.-Sí, puedes habiltar el 'Restaurar el sistema'
2.-El Panda no es de lo mejor que digamos además de que consume muchos recursos... Yo recomiendo el Kaspersky, NOD32, AVG o Avast...
Saludos