madelaendom | |
| 2008-11-25 12:53 - Respuestas: 9 - Tema nº: 2556356
Os mando el bloc de notas que ha salido, tras pasar el Hijackthis, esperemos que éstos datos sirvan para deshacerme del troyano.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:16, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe
C:\\Program Files\\ASUS\\ATK Media\\DMedia.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe
C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe
C:\\Program Files\\DAP\\DAP.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe
C:\\Program Files\\Symantec AntiVirus\\VPTray.exe
C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe
C:\\Windows\\System32\\hkcmd.exe
C:\\Windows\\System32\\igfxpers.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Windows\\system32\\igfxsrvc.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\Program Files\\Movistar\\Escritorio movistar\\EMMSN.exe
C:\\Program Files\\Internet Explorer\\ieuser.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe
C:\\Windows\\system32\\NOTEPAD.EXE
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe
C:\\Windows\\system32\\SearchFilterHost.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://es.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472\\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\Windows\\system32\\Msdxm6.ocx
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [SMSERIAL] C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe
O4 - HKLM\\..\\Run: [ATKMEDIA] C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE
O4 - HKLM\\..\\Run: [PowerForPhone] C:\\Program Files\\PowerForPhone\\PowerForPhone.exe
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [HP Software Update] C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe
O4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
O4 - HKLM\\..\\Run: [DownloadAccelerator] \"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP
O4 - HKLM\\..\\Run: [ccApp] \"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"
O4 - HKLM\\..\\Run: [vptray] C:\\PROGRA~1\\SYMANT~1\\VPTray.exe
O4 - HKLM\\..\\Run: [YSearchProtection] \"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [UnlockerAssistant] \"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanups-c-r-i-p-t
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [MsnMsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKCU\\..\\Run: [YSearchProtection] C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe
O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICIO LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICIO LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'Servicio de red\')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\\Program Files\\DAP\\Privacy Package\\dapcleanerie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\\Program Files\\Yahoo!\\Common\\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1217682923767
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://webgames.d.tmsrv.com/c=29da4777d36a251e80926e2a2e0d20b0/aff=t_25oa_esca_wg /p/release/playfirst/wg_dreamchronicles/dreamchronicles/dreamweb.1.0.0.9.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=672339cdc5408802d37d30c4e7c4a8d6/aff=t_25oa_esca_wg/p/release/mumbo/wg_luxor2/luxor2/mjolauncher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{BBEEBA62-2023-44B4-9175-4F3AE97C37EB}: NameServer = 194.179.1.100 194.179.1.101
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~4\\GOEC62~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\\Program Files\\iWin Games\\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: spmgr - Unknown owner - C:\\Program Files\\ASUS\\NB Probe\\SPM\\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\\Windows\\System32\\StkCSrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
End of file - 11311 bytes
Espero vuestras noticias. Saludos de una ya \"casi desesperada\".
-
[Mensaje editado por Javier con fecha: 26-11-2008 11:19:54]. | |
|
|
swissman | |
|
Re: Eliminación de troyano (solucionado) - 2008-11-25 19:09 - Respuesta 7
cierra todos los programas, navegador incluido, ejecuta hijackthis pulsando do a system scan only y marcas las siguientes entradas:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O13 - Gopher Prefix:
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\\Program Files\\iWin Games\\iWinGamesInstaller.exe
si no conoces http://webgames.d.tmsrv.com marca las dos siguientes
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=672339cdc5408802d37d30c4e7c4a8d6/aff=t_25oa_esca_w g/p/release/mumbo/wg_luxor2/luxor2/mjolauncher.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://webgames.d.tmsrv.com/c=29da4777d36a251e80926e2a2e0d20b0/aff=t_25oa_esca_w g/p/release/playfirst/wg_dreamchronicles/dreamchronicles/dreamweb.1.0.0.9.cab
pulsa fix checked, sin reinciar pasa ccleaner, para limpiar los temporales y cokies y registro, y regclener
reinicias, pegas el log de nuevo y nos dices que tal va
-
[Mensaje editado por swissman con fecha: 25-11-2008 19:10:10]. | |
|
|
madelaendom | |
|
Re: Eliminación de troyano (solucionado) - 2008-11-25 20:50 - Respuesta 8
Bueno, os cuento: he seguido paso a paso vuestras instrucciones, os pego nuevo log:
Tras hacer ésto y pasar cleeaner, he abierto Symantec antivirus y veo lo siguiente:
- Risk history - Files infected - 0
- Quarantine - 456 items
Como éste antivirus está en inglés no saco mucho en claro, pero lo que si os puedo decir es que los 456 items, llevan algo que ya se pasa de cuarentena, calculo que lleva como 60 días.
Siento la guerra que os estoy dándo con ésto. ¿Convendría que desinstalase el Symantec e instalara otro antivirus que estuviese en español?, más que nada por confirmar la existencia del troyano, ya que tengo serias dudas de que éste antivirus esté activo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:59, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe
C:\\Program Files\\ASUS\\ATK Media\\DMedia.exe
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe
C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe
C:\\Program Files\\DAP\\DAP.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe
C:\\Program Files\\Symantec AntiVirus\\VPTray.exe
C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe
C:\\Windows\\System32\\hkcmd.exe
C:\\Windows\\System32\\igfxpers.exe
C:\\Program Files\\Unlocker\\UnlockerAssistant.exe
C:\\Windows\\system32\\igfxsrvc.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\Program Files\\Movistar\\Escritorio movistar\\EMMSN.exe
C:\\Program Files\\Internet Explorer\\IEUser.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe
C:\\Windows\\system32\\SearchFilterHost.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://es.msn.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472\\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn0\\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\Windows\\system32\\Msdxm6.ocx
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [SMSERIAL] C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe
O4 - HKLM\\..\\Run: [ATKMEDIA] C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE
O4 - HKLM\\..\\Run: [PowerForPhone] C:\\Program Files\\PowerForPhone\\PowerForPhone.exe
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [HP Software Update] C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe
O4 - HKLM\\..\\Run: [Google Desktop Search] \"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
O4 - HKLM\\..\\Run: [DownloadAccelerator] \"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP
O4 - HKLM\\..\\Run: [ccApp] \"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"
O4 - HKLM\\..\\Run: [vptray] C:\\PROGRA~1\\SYMANT~1\\VPTray.exe
O4 - HKLM\\..\\Run: [YSearchProtection] \"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\"
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [UnlockerAssistant] \"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanups-c-r-i-p-t
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [MsnMsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKCU\\..\\Run: [YSearchProtection] C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe
O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'SERVICIO LOCAL\')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'SERVICIO LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'Servicio de red\')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\\Program Files\\DAP\\Privacy Package\\dapcleanerie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\\Program Files\\Yahoo!\\Common\\Yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1217682923767
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://webgames.d.tmsrv.com/c=29da4777d36a251e80926e2a2e0d20b0/aff=t_25oa_esca_wg /p/release/playfirst/wg_dreamchronicles/dreamchronicles/dreamweb.1.0.0.9.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=672339cdc5408802d37d30c4e7c4a8d6/aff=t_25oa_esca_wg/p/release/mumbo/wg_luxor2/luxor2/mjolauncher.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{570A319F-1E18-496B-BE84-58A291F00168}: NameServer = 194.179.1.100 194.179.1.101
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\\PROGRA~1\\Google\\GOOGLE~4\\GOEC62~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\DefWatch.exe
O23 - Service: GoogleDesktopManager - Google - C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\\Program Files\\iWin Games\\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\PROGRA~1\\Symantec\\LIVEUP~1\\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\\Program Files\\Symantec AntiVirus\\SavRoam.exe
O23 - Service: spmgr - Unknown owner - C:\\Program Files\\ASUS\\NB Probe\\SPM\\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\\Windows\\System32\\StkCSrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe
Swissman, agradezco tu atención y recibe un saludo.
-
[Mensaje editado por Javier con fecha: 26-11-2008 11:20:27]. | |
|
|
swissman | |
|
Re: Eliminación de troyano (solucionado) - 2008-11-26 08:02 - Respuesta 9
Hola, primero lo que deberias hacer es eliminar lo que tienes en caurentena, debes entrar en propiedades del antivirus y buscar algo que diga "empty" (vaciar) y eliminarlos, y si no sabes inglés, pues o aprendes (lo cual es muy necesario hoy en dia y mañana más) o bien, pones el que tienes en español si se puede o lo desinstalas y pones alguno en español. conoces las webs que te pregunto en el post anterior?
cierra todos los programas, navegador incluido, ejecuta hijackthis pulsando do a system scan only y marcas las siguientes entradas:
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
pulsa fix checked, pasa ccleaner, para limpiar los temporales y cokies y registro, y regclener
reinicias y nos dices que tal va | |
|
|
madelaendom | |
|
Re: Eliminación de troyano (solucionado) - 2008-12-02 12:20 - Respuesta 10
Buenas, ante todo pedir una disculpa por mi tardanza en responderos. Os comento: desinstalé el antivirus Symantec que tenía y descargé una versión de Avast.
Los resultados de los escaners no reflejan existencia alguna de troyano por lo que he llegado a la conclusión de que si había, ya no hay.
En vista de lo cual, doy por solucionado el asunto.
Os doy las gracias tanto a Sarda como a Swissman por vuestra atención y ayuda prestada y os envío un saludo. | |
|
|
|