Log resultante análisis ordenador

Nora 5 · 2 Mar 2008

Hola qué tal? me han dicho que tengo que colocar aquí el log resultante del escaneo de mi ordenador y esperar a que los expertos me digan qué tengo que hacer con mi ordenador.

Muchas gracias, un saludo

Código:

[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:00:33, on 02/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.es.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.es.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resou...NPUpldes-es.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fc5ebf2428e5744d.spaces.live.co...nPUpldes-es.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...164/mcfscan.cab

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Validación de contraseña de Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--

End of file - 12321 bytes[/CODE][/SPOILER]

gracias

master_slave · 2 Mar 2008

Comienza haciendo esto:

1- Actualiza tu sistema Aca (Si por algún motivo no puedes actualizar sigue con los demás pasos)

2- Borra todas las cookies y el registro con Ccleaner:

3- Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA)

4- Pasale el Avg Antispyware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas)
Manual avg anti spyware

5- Esta aplicacion tambien (No necesita instalacion)No te saltes este paso Elistara

Cuando empiece el Scaneo, DESTILDAS LA OPCION ELIMINAR , a la izquierda de la ventana del programa

Que no elimine nada

6- Pega un nuevo Log del Hijackthis, mas los Reports de Avg-Antispyware y ElistarA.

Saludos

Nora 5 · 3 Mar 2008

Hola qué tal? He seguido todos los pasos y todo bien hasta llegar a la aplicación Elistara, lo descargamos y nos cierra todas las ventanas que tenemos abiertas y sale una pestaña pequeña en la que pone "Restaurando Registro de Sistema" parece que no responde porque al de un rato pone que no responde.

Así es que no sé que hacer porque nos es imposible hacer funcionar el Elistara.

Muchas Gracias.

Caito · 3 Mar 2008

Actualiza tu sistema acá : Buscar actualizaciones con Windows Update

(Si por algún motivo no puedes actualizar sigue con los demás pasos)

Borra todas las cookies y el registro con CCleaner: Descargar CCleaner | Utilidades - Análisis y Optimización

Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA)

Pasale el Avg-antispyware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas) Descargar AVG LinkScanner | Seguridad - Anti-Spyware

Manual AVG: Manual AVG Anti-spyware 7.5 | Seguridad - Trucos Windows

Deberás registrarte en la web para bajar esos programas ya que tiene un registro distinto al del foro.

Haz un scan on line acá: Los mejores antivirus online / Seguridad Windows

Debes usar el Internet Explorer y aceptar los active x

Le pones que elimine lo que te detecte.

Nos copias ese reporte, el del AVG y un nuevo log del hijack

Saludos Caito

Nora 5 · 4 Mar 2008

Hola Caito, qué tal? he pasado todo lo que me has dicho pero no he conseguido pasar el Eset Online Scanner, me sale un mensaje de error cuando le doy al Start.

Ya no se qué hacer.

Muchas gracias por tu ayuda.

Saludos

Caito · 4 Mar 2008

Sigue con lo demás

Saludos Caito

Nora 5 · 4 Mar 2008

Hola. Le he pasado el Norton Security Scan, espero que sirva de algo, estos son los resultados:

Y después el AVG Anti-Spyware y luego el HijackThis. Espero que este bien.

Muchisimas Gracias.

Código:

Estado del análisis:

Análisis: 1

Iniciar análisis: 03/04/08 10:16:50

Objetivos del análisis: Procesos en ejecución; Puntos de entrada

Definiciones de virus: 03/03/08

Recuento del análisis: 7569

Riesgos detectados: 1

Riesgos resueltos: 0

Riesgos sin resolver: 1

Hora del análisis: 144 s

Análisis completo: 03/04/08 10:19:15

Amenazas resueltas:

Amenazas sin resolver:

Adware.Hotbar

ID del virus: 4294905910

Riesgo: Bajo

Categorías: Software de publicidad no deseada

Estado: No controlado

-----------

Proceso:

  C:\Program Files\Internet Explorer\iexplore.exe

Registro:

  HKEY_LOCAL_MACHINE\Software\Hotbar

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Hotbar

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\System

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\System

  HKEY_USERS\.DEFAULT\System

  HKEY_CLASSES_ROOT\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\Software\sbusa

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\sbusa

  HKEY_USERS\S-1-5-19\Software\sbusa

  HKEY_USERS\S-1-5-20\Software\sbusa

  HKEY_USERS\.DEFAULT\Software\sbusa

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\Software\ShoppingReport

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\ShoppingReport

  HKEY_USERS\S-1-5-19\Software\ShoppingReport

  HKEY_USERS\S-1-5-20\Software\ShoppingReport

  HKEY_USERS\.DEFAULT\Software\ShoppingReport

  HKEY_CLASSES_ROOT\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}

  HKEY_CLASSES_ROOT\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}

  HKEY_CLASSES_ROOT\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}

  HKEY_CLASSES_ROOT\WeatherDPA.WeatherController

  HKEY_CLASSES_ROOT\WeatherDPA.WeatherController.1

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9473559B-50FC-4A8A-829B-E152E8D6A307}

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search->SearchAssistant:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\RAS Autodial\Control->LoginSessionDisable:0

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9473559B-50FC-4A8A-829B-E152E8D6A307}

Directorio:

  C:\Users\IGOR\AppData\Roaming\Hotbar

  C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

  c:\users\igor\appdata\roaming\weatherdpa\weather\weatherdpa\weather_xml

  c:\users\igor\appdata\roaming\weatherdpa\weather\weatherdpa

Archivo:

  c:\users\igor\appdata\roaming\weatherdpa\weather\log.txt

  c:\users\igor\appdata\roaming\weatherdpa\weather\weatherstartup.xml

Directorio:

  c:\users\igor\appdata\roaming\weatherdpa\weather

  C:\Users\IGOR\AppData\Roaming\WeatherDPA

--------------------------------------------------------------------------

Estado del análisis:

Análisis: 1

Iniciar análisis: 03/04/08 10:16:50

Objetivos del análisis: Procesos en ejecución; Puntos de entrada

Definiciones de virus: 03/03/08

Recuento del análisis: 7569

Riesgos detectados: 1

Riesgos resueltos: 0

Riesgos sin resolver: 1

Hora del análisis: 144 s

Análisis completo: 03/04/08 10:19:15

Amenazas resueltas:

Amenazas sin resolver:

Adware.Hotbar

ID del virus: 4294905910

Riesgo: Bajo

Categorías: Software de publicidad no deseada

Estado: No controlado

-----------

Proceso:

  C:\Program Files\Internet Explorer\iexplore.exe

Registro:

  HKEY_LOCAL_MACHINE\Software\Hotbar

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Hotbar

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\System

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\System

  HKEY_USERS\.DEFAULT\System

  HKEY_CLASSES_ROOT\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54A3F8B7-228E-4ED8-895B-DE832B2C3959}

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\Software\sbusa

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\sbusa

  HKEY_USERS\S-1-5-19\Software\sbusa

  HKEY_USERS\S-1-5-20\Software\sbusa

  HKEY_USERS\.DEFAULT\Software\sbusa

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\Software\ShoppingReport

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\ShoppingReport

  HKEY_USERS\S-1-5-19\Software\ShoppingReport

  HKEY_USERS\S-1-5-20\Software\ShoppingReport

  HKEY_USERS\.DEFAULT\Software\ShoppingReport

  HKEY_CLASSES_ROOT\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}

  HKEY_CLASSES_ROOT\Interface\{AF55160D-CDE1-4A8B-8001-66DA06BEE740}

  HKEY_CLASSES_ROOT\TypeLib\{A56FE01C-77C4-4F5E-8198-E4B72207890A}

  HKEY_CLASSES_ROOT\WeatherDPA.WeatherController

  HKEY_CLASSES_ROOT\WeatherDPA.WeatherController.1

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9473559B-50FC-4A8A-829B-E152E8D6A307}

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search->SearchAssistant:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

  HKEY_USERS\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\RAS Autodial\Control->LoginSessionDisable:0

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9473559B-50FC-4A8A-829B-E152E8D6A307}

Directorio:

  C:\Users\IGOR\AppData\Roaming\Hotbar

  C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

  c:\users\igor\appdata\roaming\weatherdpa\weather\weatherdpa\weather_xml

  c:\users\igor\appdata\roaming\weatherdpa\weather\weatherdpa

Archivo:

  c:\users\igor\appdata\roaming\weatherdpa\weather\log.txt

  c:\users\igor\appdata\roaming\weatherdpa\weather\weatherstartup.xml

Directorio:

  c:\users\igor\appdata\roaming\weatherdpa\weather

  C:\Users\IGOR\AppData\Roaming\WeatherDPA

Código:

---------------------------------------------------------

AVG Anti-Spyware - Informe del análisis

---------------------------------------------------------

+ Creado en:    20:01:58 03/03/2008

+ Resultado del análisis:   

HKU\S-1-5-21-2716175733-2266266075-4282307645-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5054F860-748D-4840-B7B4-DDDB428421AF} -> Adware.Generic : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]2o7[2].txt -> TrackingCookie.2o7 : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]casalemedia[2].txt -> TrackingCookie.Casalemedia : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]doubleclick[1].txt -> TrackingCookie.Doubleclick : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]fortunecity[1].txt -> TrackingCookie.Fortunecity : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]statcounter[1].txt -> TrackingCookie.Statcounter : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]weborama[1].txt -> TrackingCookie.Weborama : Omitidos.

C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Cookies\Low\invitado[arroba]m.webtrends[1].txt -> TrackingCookie.Webtrends : Omitidos.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Omitidos.

::Fin del informe

Código:

[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:00:33, on 02/03/2008

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.es.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.es.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resou...NPUpldes-es.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-fc5ebf2428e5744d.spaces.live.co...nPUpldes-es.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...164/mcfscan.cab

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Validación de contraseña de Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 12321 bytes[/CODE][/SPOILER]

Caito · 4 Mar 2008

Vuelve a ejecutar el AVG pero asegúrate de Eliminar los archivos infectados

Manual AVG:

Manual AVG Anti-spyware 7.5 | Seguridad - Trucos Windows

Luego pon un nuevo log

Saludos

Caito

Nora 5 · 4 Mar 2008

Aquí esta el LOG del AVG lo que pasado antes y me daba este resultado.

Gracias

Código:

AVG Anti-Spyware - Informe del análisis

---------------------------------------------------------
+ Creado en:    13:16:29 04/03/2008

+ Resultado del análisis:   

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Limpios.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]atdmt[2].txt -> TrackingCookie.Atdmt : Limpios.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]doubleclick[1].txt -> TrackingCookie.Doubleclick : Limpios.

C:\Users\IGOR\AppData\Roaming\Microsoft\Windows\Cookies\Low\igor[arroba]weborama[2].txt -> TrackingCookie.Weborama : Limpios.

::Fin del informe

Caito · 4 Mar 2008

Pon un nuevo log y comenta cómo funciona...

Saludos

Caito

Log resultante análisis ordenador

Nora 5

Nuevo Miembro

master_slave

Super Moderador

Nora 5

Nuevo Miembro

Caito

Ex- Mod

Nora 5

Nuevo Miembro

Caito

Ex- Mod

Nora 5

Nuevo Miembro

Caito

Ex- Mod

Nora 5

Nuevo Miembro

Caito

Ex- Mod