Utilizamos Cookies de terceros para generar estadísticas de audiencia y mostrar publicidad personalizada analizando tu navegación. Si sigues navegando estarás aceptando su uso. Más información X
PortadaForo AyudaTutoriales
Inicio Respuestas Virus

Virus, troyanos y Conhost.exe!!!! Ayuda Por Favor.

CoscuPrrum
- 01/08/2012 23:30:07 - Pregunta nº.: 41.743

Intel Celeron CPU B800 1.50 ghZ / Windows 7 Home Basic

Mi notebook desde ayer, anda al uso de CPU al 100%.
Hay un proceso que se llama Conhost.exe Que lo cerre y se abren muchos(llegue a tener cerca de 600 Conhost.exe)
Y los antivirus me encuentran muchos troyanos que ya eh borrado, pero el Conhost.exe sigue ahi y no se va.
Estaba leyendo unos tutoriales y Scanneare mi computador con MalwareBytes, Spybot Search & Destroy Y SuperAntiSpyware.
Y después pegare un log de HijackThis y queria saber si ustedes me lo podrian leer? (:

Muchas Gracias.

#1 Nacho_Rdz (15.862 Posts) - 01/08/2012 23:39:27
Una manera de quitar viris:

reinicia tu equipo en modo seguro con funciones de red, f8 varias veces antes de entrar a windows, de ahi elimina temporales con ccleaner y escanea tu equipo con elistara, msncleaner, spybot, antimalwarebytes, tdsskiller y combofix ademas de tu antivirus actualziado

desp reinicias y pruebas

cuentanos como te fue




Esto es una firma

Realiza las preguntas de manera clara proporcionando toda la información posible usando un lenguaje claro.
Recuerda que no estamos frente a tu pc y nos guiamos por lo que nos dices.
Al abrir una pregunta toma la responsabilidad de darle seguimiento dando información de tu experiencia.
No abras más post con la misma pregunta para darle un seguimiento adecuado a tu problema.
Cuando respondas tu pregunta, dá en el botón Responder.
Bajar - Subir
#2 coscuprrum (39 Posts) - 02/08/2012 01:14:08
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:25, on 01-08-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\ \ windows\ \ system32\ \ taskhost.exe
C:\ \ windows\ \ system32\ \ Dwm.exe
C:\ \ windows\ \ Explorer.EXE
C:\ \ Program Files\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe
C:\ \ Program Files\ \ Renesas Electronics\ \ USB 3.0 Host Controller Driver\ \ Application\ \ nusb3mon.exe
C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe
C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorIcon.exe
C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe
C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe
C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe
C:\ \ Program Files\ \ Microsoft Security Client\ \ msseces.exe
C:\ \ Windows\ \ System32\ \ igfxtray.exe
C:\ \ Windows\ \ System32\ \ hkcmd.exe
C:\ \ Windows\ \ System32\ \ igfxpers.exe
C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2-ui.exe
C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SUPERAntiSpyware.exe
C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ TeaTimer.exe
C:\ \ Program Files\ \ Synaptics\ \ SynTP\ \ SynTPHelper.exe
C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe
C:\ \ windows\ \ system32\ \ rundll32.exe
C:\ \ windows\ \ system32\ \ rundll32.exe
C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe
C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe
C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe
C:\ \ windows\ \ system32\ \ rundll32.exe
C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe
C:\ \ windows\ \ system32\ \ wuauclt.exe
C:\ \ windows\ \ system32\ \ prevhost.exe
C:\ \ Users\ \ fafuhi\ \ Downloads\ \ HijackThis.exe
C:\ \ windows\ \ system32\ \ SearchFilterHost.exe

R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://www.olidata.cl/
R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,SearchAssistant =
R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,CustomizeSearch =
R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ jp2ssv.dll
O4 - HKLM\ \ .\ \ Run: [SynTPEnh] %ProgramFiles%\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe
O4 - HKLM\ \ .\ \ Run: [NUSB3MON] \ "C:\ \ Program Files\ \ Renesas Electronics\ \ USB 3.0 Host Controller Driver\ \ Application\ \ nusb3mon.exe\ "
O4 - HKLM\ \ .\ \ Run: [RtHDVCpl] C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe -s
O4 - HKLM\ \ .\ \ Run: [IAStorIcon] C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorIcon.exe
O4 - HKLM\ \ .\ \ Run: [RemoteControl8] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe\ "
O4 - HKLM\ \ .\ \ Run: [PDVD8LanguageShortcut] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ Language\ \ Language.exe\ "
O4 - HKLM\ \ .\ \ Run: [CLMLServer] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe\ "
O4 - HKLM\ \ .\ \ Run: [UpdateP2GoShortCut] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ MUITransfer\ \ MUIStartMenu.exe\ " \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ " UpdateWithCreateOnce \ "SOFTWARE\ \ CyberLink\ \ Power2Go\ \ 6.0\ "
O4 - HKLM\ \ .\ \ Run: [SunJavaUpdateSched] \ "C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe\ "
O4 - HKLM\ \ .\ \ Run: [MSC] \ "c:\ \ Program Files\ \ Microsoft Security Client\ \ msseces.exe\ " -hide -runkey
O4 - HKLM\ \ .\ \ Run: [IgfxTray] C:\ \ windows\ \ system32\ \ igfxtray.exe
O4 - HKLM\ \ .\ \ Run: [HotKeysCmds] C:\ \ windows\ \ system32\ \ hkcmd.exe
O4 - HKLM\ \ .\ \ Run: [Persistence] C:\ \ windows\ \ system32\ \ igfxpers.exe
O4 - HKLM\ \ .\ \ Run: [LogMeIn Hamachi Ui] \ "C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2-ui.exe\ " --auto-start
O4 - HKCU\ \ .\ \ Run: [NTI3QjRBMTkxMjA3QTY5MT] C:\ \ Users\ \ fafuhi\ \ upnpras.exe
O4 - HKCU\ \ .\ \ Run: [aviracorporation] \ "C:\ \ Users\ \ fafuhi\ \ AppData\ \ Local\ \ Temp\ \ aviracorpor\ \ javadataupdate.exe\ "
O4 - HKCU\ \ .\ \ Run: [Frames] C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Frames.exe
O4 - HKCU\ \ .\ \ Run: [WinNT] C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Ph.exe
O4 - HKCU\ \ .\ \ Run: [SUPERAntiSpyware] C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SUPERAntiSpyware.exe
O4 - HKCU\ \ .\ \ Run: [SpybotSD TeaTimer] C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ TeaTimer.exe
O4 - HKCU\ \ .\ \ Run: [RUQxQTdDRTFGNEQyQjk4Qj] C:\ \ Users\ \ fafuhi\ \ Vmsd.exe
O4 - HKCU\ \ .\ \ Run: [SqlServ Data Analyzer] C:\ \ Users\ \ fafuhi\ \ shempr.exe
O4 - HKCU\ \ .\ \ Run: [WinDefender] \ "C:\ \ Users\ \ fafuhi\ \ AppData\ \ Local\ \ Temp\ \ WinDefender.Exe\ "
O4 - HKCU\ \ .\ \ Run: [Ayouou] C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Ayouou.exe
O4 - HKCU\ \ .\ \ Run: [Windows Defender] \ "C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ WinDefender\ \ windefender.exe\ "
O4 - HKUS\ \ S-1-5-19\ \ .\ \ Run: [Sidebar] %ProgramFiles%\ \ Windows Sidebar\ \ Sidebar.exe /autoRun (User \ 'SERVICIO LOCAL\ ')
O4 - HKUS\ \ S-1-5-19\ \ .\ \ RunOnce: [mctadmin] C:\ \ Windows\ \ System32\ \ mctadmin.exe (User \ 'SERVICIO LOCAL\ ')
O4 - HKUS\ \ S-1-5-20\ \ .\ \ Run: [Sidebar] %ProgramFiles%\ \ Windows Sidebar\ \ Sidebar.exe /autoRun (User \ 'Servicio de red\ ')
O4 - HKUS\ \ S-1-5-20\ \ .\ \ RunOnce: [mctadmin] C:\ \ Windows\ \ System32\ \ mctadmin.exe (User \ 'Servicio de red\ ')
O4 - Startup: libcurl-4.dll
O4 - Startup: pthreadGC2.dll
O4 - Global Startup: Hotkey.lnk = C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll
O9 - Extra \ 'Tools\ ' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: !SASWinLogon - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ Alg.exe,-112 (ALG) - Unknown owner - C:\ \ windows\ \ System32\ \ alg.exe
O23 - Service: @%systemroot%\ \ system32\ \ appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ appinfo.dll,-100 (Appinfo) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ bfe.dll,-1001 (BFE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ qmgr.dll,-1000 (BITS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ browser.dll,-100 (Browser) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ bthserv.dll,-101 (bthserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\ \ windows\ \ system32\ \ IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ dps.dll,-500 (DPS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ eapsvc.dll,-1 (EapHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ FntCache.dll,-100 (FontCache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe
O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ hidserv.dll,-101 (hidserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ LMS\ \ LMS.exe
O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-100 (MMCSS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\ \ Program Files\ \ Mozilla Maintenance Service\ \ maintenanceservice.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\ \ windows\ \ System32\ \ msdtc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ msimsg.dll,-27 (msiserver) - Unknown owner - C:\ \ windows\ \ system32\ \ msiexec.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ qagentrt.dll,-6 (napagent) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ netman.dll,-109 (Netman) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ netprofm.dll,-202 (netprofm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ nsisvc.dll,-200 (nsi) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ pla.dll,-500 (pla) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ umpo.dll,-100 (Power) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\ \ Program Files\ \ Hotkey\ \ PowerBiosServer.exe
O23 - Service: @%systemroot%\ \ system32\ \ profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ qwave.dll,-1 (QWAVE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ rasauto.dll,-200 (RasAuto) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ rasmans.dll,-200 (RasMan) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\ \ Program Files\ \ CyberLink\ \ Shared files\ \ RichVideo.exe
O23 - Service: @%windir%\ \ system32\ \ RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ Locator.exe,-2 (RpcLocator) - Unknown owner - C:\ \ windows\ \ system32\ \ locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ schedsvc.dll,-100 (Schedule) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ seclogon.dll,-7001 (seclogon) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ Sens.dll,-200 (SENS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\ \ windows\ \ System32\ \ snmptrap.exe
O23 - Service: @%systemroot%\ \ system32\ \ spoolsv.exe,-1 (Spooler) - Unknown owner - C:\ \ windows\ \ System32\ \ spoolsv.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ sppsvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ swprv.dll,-103 (swprv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sysmain.dll,-1000 (SysMain) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ tbssvc.dll,-100 (TBS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ termsrv.dll,-268 (TermService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ themeservice.dll,-8192 (Themes) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ trkwks.dll,-1 (TrkWks) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ servicing\ \ TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\ \ windows\ \ servicing\ \ TrustedInstaller.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\ \ windows\ \ system32\ \ UI0Detect.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ UNS\ \ UNS.exe
O23 - Service: @%systemroot%\ \ system32\ \ upnphost.dll,-213 (upnphost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ dwm.exe,-2000 (UxSms) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ vds.exe,-100 (vds) - Unknown owner - C:\ \ windows\ \ System32\ \ vds.exe
O23 - Service: @%systemroot%\ \ system32\ \ vssvc.exe,-102 (VSS) - Unknown owner - C:\ \ windows\ \ system32\ \ vssvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ w32time.dll,-200 (W32Time) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wbengine.exe,-104 (wbengine) - Unknown owner - C:\ \ windows\ \ system32\ \ wbengine.exe
O23 - Service: @%systemroot%\ \ system32\ \ wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ webclnt.dll,-100 (WebClient) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wersvc.dll,-100 (WerSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%ProgramFiles%\ \ Windows Defender\ \ MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\ \ windows\ \ system32\ \ wbem\ \ WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\ \ Windows Media Player\ \ wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\ \ Program Files\ \ Windows Media Player\ \ wmpnetwk.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\ \ windows\ \ system32\ \ SearchIndexer.exe
O23 - Service: @%systemroot%\ \ system32\ \ wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe

--
End of file - 21926 bytes

Ahí esta el log de HijackThis, ya pasé todo lo que me dijiste en modo seguro con funciones de Red.

Ahora me dice esto :

Está intentando Abrir un archivo de tipo \ "Extensión de la Aplicación\ " (.dll)

El sistema operativo y diversos programas usan estos archivos. Si los Edita o modifica, se podría dañar el sistema.

Si todavía desea abrir el archivo , haga clic en abrir con; de lo contrario, haga clic en Cancelar

---------------- -------- ---------

Y con el Spybot me pide mucho de permitir cambios de la carpeta /Appdata/Roaming

Ahí de algo de AdobeART, Y algo de Yapouou

Aparte que en la carpeta
C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming

Tengo varios archivos.exe Que nunca había visto ni nada
Unos ejemplos son:
Apoerg.exe
dkzjcc.exe
ffzthq.exe
frtwal.exe
gsiatk.exe
Y muchos más.

Muchas Gracias por su ayuda. (:
Bajar - Subir
#3 swissman (39.814 Posts) - 02/08/2012 08:55:30

Hola, cierra todos los programas, navegador incluido, ejecuta hijackthis pulsando do a system scan only y marcas la siguiente entrada:
F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd

pulsa fix checked, sin reiniciar busca y borra lo siguiente (habilita la opción de ver archivos y carpetas ocultos). si alguno no se deja usa killbox o unlocker, o ambos

C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp--->carpeta y contenido

pasa ccleaner, para limpiar los temporales y cokies y registro, y jv16 PowerTools 2008

Los archivos que mencionas no aparecen en ninguna parte de internet, ¿donde están? envia alguno o todos a www.virustotal.com y nos dices qué resultado te ha dado, no es necesario que lo pegues, solo lo indicas.


reinicias y nos dices que tal va, pegas un nuevo log.

saludos
Bajar - Subir
#4 CoscuPrrum (39 Posts) - 03/08/2012 00:23:02
Hola, ya borré la entrada desde el hijackthis y limpié registro y lo demás con ccleaner y jv16 powertools2008.

no me deja eliminar la carpeta que me dijiste con unlocker.
el killbox no sé de dónde descargarlo, en - no lo descargaré porque trae virus.

en la parte inferior derecha (donde sale la hora) me sale este mensaje que no puedo cerrar.

{emissary} net client

you are being controlled by {emissary} net

en el spybot search & destroy, me pide a cada rato si doy permisos para deja que hagan cambios desde la carpeta

c:\ \ users\ \ fafuhi\ \ appdata
desde ahí me dice si permito hacer cambios, pero no lo hago, siempre los bloqueo.

aquí va algo del spybot search & destroy

01-08-2012 18:59:21 denegado (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry!
01-08-2012 18:59:30 denegado (based on user decision) value \ "windows defender\ " (new data: \ "\ ") eliminado in system startup user entry!
01-08-2012 19:04:51 denegado (based on user decision) value \ "ayouou\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ ayouou.exe\ ") agregado in system startup user entry!
01-08-2012 19:06:26 denegado (based on user decision) value \ "windows defender\ " (new data: \ "\ ") eliminado in system startup user entry!
01-08-2012 19:06:30 denegado (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry!
01-08-2012 19:32:59 denegado (based on user decision) value \ "spybotsd teatimer\ " (new data: \ "\ ") eliminado in system startup user entry!
01-08-2012 19:33:00 permitido (based on user decision) value \ "{53707962-6f74-2d53-2644-206d7942484f}\ " (new data: \ "\ ") eliminado in browser helper object!
02-08-2012 1:26:26 denegado (based on user decision) value \ "adobe\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ adobe\ \ adobe.exe\ ") agregado in system startup user entry!
02-08-2012 1:26:28 denegado (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry!
02-08-2012 1:26:29 denegado (based on user decision) value \ "egui\ " (new data: \ "\ ") eliminado in system startup global entry!
02-08-2012 1:26:31 permitido (based on user decision) value \ "{9030d464-4c02-4abf-8ecc-5164760863c6}\ " (new data: \ "\ ") eliminado in browser helper object!
02-08-2012 1:26:34 permitido (based on user decision) value \ "egui\ " (new data: \ "\ ") eliminado in system startup global entry!
02-08-2012 1:30:36 permitido (based on user decision) value \ "adobeart\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ adobeart.exe\ ") agregado in system startup user entry!
02-08-2012 1:42:43 permitido (based on user decision) value \ "adobe\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ adobe\ \ adobe.exe\ ") agregado in system startup user entry!
02-08-2012 1:43:02 permitido (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry!
02-08-2012 16:42:57 denegado (based on user decision) value \ "oyouoi\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ oyouoi.scr\ ") agregado in system startup user entry!
02-08-2012 16:43:01 denegado (based on user decision) value \ "oyouoi\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ oyouoi.scr\ ") agregado in system startup user entry!
02-08-2012 16:52:42 denegado (based on user decision) value \ "mssmartmon\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ 6f39.exe\ "\ ") agregado in system startup user entry!
02-08-2012 16:54:34 encountered and terminated fraud.windowssecuritycenter in c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ svchost.exe!
02-08-2012 17:09:37 denegado (based on user decision) value \ "obaobc.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ obaobc.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:10:17 denegado (based on user decision) value \ "obaobc.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ obaobc.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:10:25 denegado (based on user decision) value \ "obaobc.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ obaobc.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:10:55 denegado (based on user decision) value \ "syntpenh\ " (new data: \ "\ ") eliminado in system startup global entry!
02-08-2012 17:11:01 denegado (based on user decision) value \ "persis\ " (new data: \ "\ ") agregado in global browser toolbar!
02-08-2012 17:15:28 denegado (based on user decision) value \ "locked\ " (new data: \ "\ ") eliminado in global browser toolbar!
02-08-2012 17:15:31 denegado (based on user decision) value \ "\ " (new data: \ "\ ") eliminado in exe extension handler!
02-08-2012 17:21:49 denegado (based on user decision) value \ "mssmartmon\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ 1fb1.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:21:51 denegado (based on user decision) value \ "nti3qjrbmtkxmja3qty5mt\ " (new data: \ "\ ") eliminado in system startup user entry!
02-08-2012 17:24:25 denegado (based on user decision) value \ "syntpenh\ " (new data: \ "\ ") eliminado in system startup global entry!
02-08-2012 17:24:26 denegado (based on user decision) value \ "nusb3m\ " (new data: \ "\ ") agregado in global browser toolbar!
02-08-2012 17:24:26 denegado (based on user decision) value \ "regedi\ " (new data: \ "\ ") eliminado in global browser toolbar!
02-08-2012 17:24:27 denegado (based on user decision) value \ "\ " (new data: \ "\ ") eliminado in exe extension handler!
02-08-2012 17:24:27 denegado (based on user decision) value \ "load\ " (new data: \ "\ ") cambiado in nt startup!
02-08-2012 17:24:28 denegado (based on user decision) value \ "programs\ " (new data: \ "\ ") eliminado in nt startup!
02-08-2012 17:24:28 denegado (based on user decision) value \ "webcheck\ " (new data: \ "\ ") eliminado in shell services!
02-08-2012 17:24:29 denegado (based on user decision) value \ "{cfbfae00-17a6-11d0-99cb-00c04fd64497}\ " (new data: \ "\ ") eliminado in internet explorer searches!
02-08-2012 17:24:41 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ kgalhg.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:25:20 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ kgalhg.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:26:44 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ kgalhg.exe\ "\ ") agregado in system startup user entry!
02-08-2012 17:26:46 denegado (based on user decision) value \ "nti3qjrbmtkxmja3qty5mt\ " (new data: \ "\ ") eliminado in system startup user entry!
02-08-2012 17:26:50 denegado (based on user decision) value \ "syntpenh\ " (new data: \ "\ ") eliminado in system startup global entry!
02-08-2012 17:26:57 denegado (based on user decision) value \ "nusb3m\ " (new data: \ "\ ") agregado in global browser toolbar!
02-08-2012 17:27:08 denegado (based on user decision) value \ "regedi\ " (new data: \ "\ ") eliminado in global browser toolbar!
02-08-2012 17:27:11 denegado (based on user decision) value \ "\ " (new data: \ "\ ") eliminado in exe extension handler!
02-08-2012 17:27:14 denegado (based on user decision) value \ "load\ " (new data: \ "\ ") cambiado in nt startup!
02-08-2012 18:08:06 denegado (based on user decision) value \ "mssmartmon\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ b4ed.exe\ "\ ") agregado in system startup user entry!
02-08-2012 18:08:13 denegado (based on user decision) value \ "nti3qjrbmtkxmja3qty5mt\ " (new data: \ "\ ") eliminado in system startup user entry!
02-08-2012 18:08:21 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ ") eliminado in system startup user entry!
02-08-2012 18:08:40 denegado (based on user decision) value \ "babylon client\ " (new data: \ "c:\ \ program files\ \ babylon\ \ babylon-pro\ \ babylon.exe -autostart\ ") agregado in system startup global entry!
02-08-2012 18:08:41 denegado (based on user decision) value \ "persis\ " (new data: \ "\ ") agregado in global browser toolbar!
02-08-2012 18:08:49 denegado (based on user decision) value \ "regedi\ " (new data: \ "\ ") eliminado in global browser toolbar!
02-08-2012 18:08:50 denegado (based on user decision) value \ "start page\ " (new data: \ "http://search.babylon.com/home?affid=17425&tt=290712_acp_3112_5\ ") cambiado in browser page!


---------

Bajar - Subir
#5 CoscuPrrum (39 Posts) - 03/08/2012 00:23:26
Aquí va otro Log de HijackThis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:22:18, on 02-08-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\ \ windows\ \ system32\ \ taskhost.exe
C:\ \ windows\ \ system32\ \ Dwm.exe
C:\ \ Program Files\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe
C:\ \ Program Files\ \ Renesas Electronics\ \ USB 3.0 Host Controller Driver\ \ Application\ \ nusb3mon.exe
C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe
C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorIcon.exe
C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe
C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe
C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe
C:\ \ Program Files\ \ Microsoft Security Client\ \ msseces.exe
C:\ \ Windows\ \ System32\ \ igfxtray.exe
C:\ \ Windows\ \ System32\ \ hkcmd.exe
C:\ \ Windows\ \ System32\ \ igfxpers.exe
C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2-ui.exe
C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Babylon.exe
C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SUPERAntiSpyware.exe
C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ TeaTimer.exe
C:\ \ windows\ \ system32\ \ calc.exe
C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe
C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Microsoft\ \ Windows\ \ Start Menu\ \ Programs\ \ Startup\ \ 85992.exe
C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ CDFA.exe
C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ AdobeART.exe
C:\ \ Program Files\ \ Mozilla Firefox\ \ firefox.exe
C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ ifufhq.exe
C:\ \ Program Files\ \ Mozilla Firefox\ \ plugin-container.exe
C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerPlugin_11_3_300_268.exe
C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerPlugin_11_3_300_268.exe
C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ svchost64.exe
C:\ \ windows\ \ system32\ \ conhost.exe
C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SpybotSD.exe
C:\ \ Users\ \ fafuhi\ \ Downloads\ \ HijackThis.exe
C:\ \ windows\ \ system32\ \ taskeng.exe

R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://www.olidata.cl/
R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Start Page = http://www.olidata.cl/
R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,SearchAssistant =
R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,CustomizeSearch =
R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ ssv.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ jp2ssv.dll
O4 - HKLM\ \ .\ \ Run: [SynTPEnh] %ProgramFiles%\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe
O4 - HKLM\ \ .\ \ Run: [RtHDVCpl] C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe -s
O4 - HKLM\ \ .\ \ Run: [RtHDVCpl] C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe -s
O4 - HKLM\ \ .\ \ Run: [RemoteControl8] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe\ "
O4 - HKLM\ \ .\ \ Run: [RemoteControl8] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe\ "
O4 - HKLM\ \ .\ \ Run: [CLMLServer] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe\ "
O4 - HKLM\ \ .\ \ Run: [CLMLServer] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe\ "
O4 - HKLM\ \ .\ \ Run: [SunJavaUpdateSched] \ "C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe\ "
O4 - HKLM\ \ .\ \ Run: [SunJavaUpdateSched] \ "C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe\ "
O4 - HKLM\ \ .\ \ Run: [IgfxTray] C:\ \ windows\ \ system32\ \ igfxtray.exe
O4 - Startup: 85992.exe
O4 - Startup: libcurl-4.dll
O4 - Startup: pthreadGC2.dll
O4 - Global Startup: Hotkey.lnk = C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WriterBrowserExtension.dll
O9 - Extra \ 'Tools\ ' menuitem: @C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll
O9 - Extra \ 'Tools\ ' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll
O9 - Extra \ 'Tools\ ' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\ \ Program Files\ \ Windows Live\ \ Photo Gallery\ \ AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ Alg.exe,-112 (ALG) - Unknown owner - C:\ \ windows\ \ System32\ \ alg.exe
O23 - Service: @%systemroot%\ \ system32\ \ appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ appinfo.dll,-100 (Appinfo) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ bfe.dll,-1001 (BFE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ qmgr.dll,-1000 (BITS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ browser.dll,-100 (Browser) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ bthserv.dll,-101 (bthserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\ \ windows\ \ system32\ \ IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ dps.dll,-500 (DPS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ eapsvc.dll,-1 (EapHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ FntCache.dll,-100 (FontCache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe
O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ hidserv.dll,-101 (hidserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ LMS\ \ LMS.exe
O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-100 (MMCSS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\ \ Program Files\ \ Mozilla Maintenance Service\ \ maintenanceservice.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\ \ windows\ \ System32\ \ msdtc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ msimsg.dll,-27 (msiserver) - Unknown owner - C:\ \ windows\ \ system32\ \ msiexec.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ qagentrt.dll,-6 (napagent) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ netman.dll,-109 (Netman) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ netprofm.dll,-202 (netprofm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ nsisvc.dll,-200 (nsi) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ pla.dll,-500 (pla) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ umpo.dll,-100 (Power) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\ \ Program Files\ \ Hotkey\ \ PowerBiosServer.exe
O23 - Service: @%systemroot%\ \ system32\ \ profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ qwave.dll,-1 (QWAVE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ rasauto.dll,-200 (RasAuto) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ rasmans.dll,-200 (RasMan) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\ \ Program Files\ \ CyberLink\ \ Shared files\ \ RichVideo.exe
O23 - Service: @%windir%\ \ system32\ \ RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ Locator.exe,-2 (RpcLocator) - Unknown owner - C:\ \ windows\ \ system32\ \ locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ schedsvc.dll,-100 (Schedule) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ seclogon.dll,-7001 (seclogon) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ Sens.dll,-200 (SENS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\ \ windows\ \ System32\ \ snmptrap.exe
O23 - Service: @%systemroot%\ \ system32\ \ spoolsv.exe,-1 (Spooler) - Unknown owner - C:\ \ windows\ \ System32\ \ spoolsv.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ sppsvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ swprv.dll,-103 (swprv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ sysmain.dll,-1000 (SysMain) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ tbssvc.dll,-100 (TBS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ termsrv.dll,-268 (TermService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ themeservice.dll,-8192 (Themes) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ trkwks.dll,-1 (TrkWks) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ servicing\ \ TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\ \ windows\ \ servicing\ \ TrustedInstaller.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\ \ windows\ \ system32\ \ UI0Detect.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ UNS\ \ UNS.exe
O23 - Service: @%systemroot%\ \ system32\ \ upnphost.dll,-213 (upnphost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ dwm.exe,-2000 (UxSms) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ vds.exe,-100 (vds) - Unknown owner - C:\ \ windows\ \ System32\ \ vds.exe
O23 - Service: @%systemroot%\ \ system32\ \ vssvc.exe,-102 (VSS) - Unknown owner - C:\ \ windows\ \ system32\ \ vssvc.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ w32time.dll,-200 (W32Time) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wbengine.exe,-104 (wbengine) - Unknown owner - C:\ \ windows\ \ system32\ \ wbengine.exe
O23 - Service: @%systemroot%\ \ system32\ \ wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ webclnt.dll,-100 (WebClient) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wersvc.dll,-100 (WerSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%ProgramFiles%\ \ Windows Defender\ \ MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\ \ windows\ \ system32\ \ wbem\ \ WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\ \ Windows Media Player\ \ wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\ \ Program Files\ \ Windows Media Player\ \ wmpnetwk.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe
O23 - Service: @%systemroot%\ \ system32\ \ SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\ \ windows\ \ system32\ \ SearchIndexer.exe
O23 - Service: @%systemroot%\ \ system32\ \ wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ system32\ \ wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe
O23 - Service: @%SystemRoot%\ \ System32\ \ wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe

--
End of file - 21880 bytes
Bajar - Subir
#6 coscuprrum (39 Posts) - 03/08/2012 06:47:55
Ayuda Por Favor (:
Bajar - Subir
#7 swissman (39.814 Posts) - 03/08/2012 07:41:59
Yo haria una restauracion de fabrica para ir sobre seguro, pero nates deberias hacer una copia de todos los archivos en un soporte externo, ya que quedaria cmo de fabrica.

también puedes intentar restuarar sistema a antes de que te fuera mal.


si no quieres o puedes hacer, envia a virustotal c:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ svchost64.exe
es posible que sea un virus o esté infectado, si lo esta lo eliminas

marca y dale fix a
F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd
O4 - Startup: 85992.exe
O4 - Startup: libcurl-4.dll
O4 - Startup: pthreadGC2.dll

busca y elimina, si encuentras, lo siguiente:
C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp --carpeta y contenido, intentalo con killbox, unlocker, marcarlo para que se elimine al reiniciar.

pthreadGC2.dll
ibcurl-4.dll
pthreadGC2.dll

habilia la opción de buscar en subcarpetas y en archivos y carpetas ocultos y de sistema.
pasas ccleaner.
si después de reiniciar siguen ahí, intenta lo mismo en modo seguro, si siguen ahí, deshabilitas restaurar sistema y lo intentas de nuevo todo.

si sigue mal solo quedara (hasta donde sé) combofix, que puede estropearte el sistema.

saludos



descarga oficial killbox





[Mensaje editado por Moderador swissman con fecha: 09/08/2012 14:08:56].
Bajar - Subir
#8 CoscuPrrum (39 Posts) - 08/08/2012 22:21:35
Restauré el sistema, y volvió todo a la normalidad.
Ahora instalaré todos los Antivirus y lo que me dijeron para evitar problemas más adelante.

Mi pregunta es de ésa página que me pusiste ahí (www.uptodown.com), intenté bajar el Nod32 Y me pide instalar una Toolbar (funmod o algo así).

Ustedes me dicen que las Toolbar, son un coladero de virus. De dónde podría descargar los archivos seguramente sin instalar archivos extras como Toolbar u otras cosas?

Muchísimas gracias por su ayuda.
Bajar - Subir
#9 swissman (39.814 Posts) - 09/08/2012 14:08:24
Realmente esta toolbar puede ser un coladero, las de google, por ejemplo, no he dicho que sea un coladero de virus o que sea mala, sino que ralentizan el sistema (y además no me gustan xD).

el link que puse no parece correcto (ahora lo editaré)

este lo acabo de descargar e instalar, y sale lo de la toolbar, pero estas cosas aparecen en algunos de los programas gratuitos, solo debe tenerse la precaucion de no usar el boton de \ "instalacion recomendada\ " o similar, y eswcoger la manual, que ponen \ "para expertos\ " para que la gente pique e instale las toolbar.

puedes instalarlo del link de arriba, solo fijate en no instalar la toolbar.

el nod 32 creo que es de pago, actualmente yo uso el avg, la version gratuita, y no atosigan con publicidad como otros antivirus gratuitos ( e incluso no gratuitos).

saludos
Bajar - Subir

Temas relacionados:

Detección de virus troyanos y archivos corruptos.
Acer aspire 5738z-4017. sist operativo w. vista tengo instalado el antivirus avg, cuando hago el análisis del equipo detecta unos archivos como troyanos , los mismos se encuentran en videojuegos que instalé. Es posible que los videojuegos tuvieran dichos virus? También detecta archivos que los califica como \"corruptos\" , a que se refiere? Anteriormente tenía el antivirus avast y no lo detectaba Gracias ...
Hacer chequeo para detectar virus, troyanos, etc en mi equipo (Windows XP)
Quisiera que alguien me recomendara cómo hacer el chequeo a mi equipo. Tengo unas recomendaciones que me dieron hace algunos años en esta página, lo que no sé es si siguen en vigor o esán anticuadas. Estas recomendaciones eran: Pasa a tu ordenador tu antivirus y los siguientes programas actualizados y en modo a prueba de fallos: Spybot S&D Ad-Aware (pack de lenguajes ) AVG AntiSpyware El Ad-Aware pásalo con la opción Realizar exploración completa del sistema Limpia el ordenador de archivos y entradas de registro innecesa...
Ayuda con mi PC con virus por favor !!
AMD Athlon Dual Core x2 215 Processor 2.7GHz/Windows 7/4gb ram Mi PC estas últimas semanas ha estado muy lento y quisiera saber si ustedes me podrían ayudar leyendome el log de HijackThis. Seguí una guía que dejaron en otro post. En cuánto termine el scan, pegaré el log aquí, serían tan amables de leermelo? :c ...
Ayuda por favor... Virus o un troyano !!
Procesador: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz 2.60GHz Hola gente, tengo un gran problema parece que un virus se me metio en la pc pero no se como, quisiera que ustedes lograran ayudarme a solucionarlo por favor. mi antivirus se llama Microsoft Segurity Essentials y vino con mi windows 7 starter. Capture una imagen de lo que me sucede: http://imageshack.us/photo/my-images/40/virusky.png/ espero que puedan ayudarme, por favor. ...
Por favor, ayuda con un virus imposible de eliminar!!
Hola a todos. Sé que estaréis muy ocupados pero por favor, si alguien supiera algo sobre el tema de eliminar troyanos y tal se lo agradecería mucho. Resulta que el otro día me entró un virus (o más, quién sabe) que me deja el ordenador totalmente inutilizado. Nada más iniciarlo sale todo descolocado, algunas veces nisiquiera entra al Usuario sino que se reinicia una y otra vez. Me ha desactivado el antivirus NOD32 y sale el siguiente mensaje \"El análisis de los protocolos utilizados por la aplicación no funcionará. Ha ocurrido un error mien...
Foros: Virus
Subir

Foros:


Foro ADSL

Foro Android

Foro Antivirus

Foro Comunidad

Foro Consolas

Foro Debate

Foro Facebook

Foro Hardware

Foro Hotmail

Foro iPad
Foro iPhone

Foro Juegos

Foro Linux

Foro Móviles

Foro Opiniones

Foro Tablet

Foro Whatsapp

Foro Windows

Foro Windows 7

Foro Windows 8
InicioSecciones
^ SubirAviso legal
Política Privacidad
Configurarequipos19 Diciembre 2024