|
|
|
Virus, troyanos y Conhost.exe!!!! Ayuda Por Favor. |
|
Intel Celeron CPU B800 1.50 ghZ / Windows 7 Home Basic Mi notebook desde ayer, anda al uso de CPU al 100%. Hay un proceso que se llama Conhost.exe Que lo cerre y se abren muchos(llegue a tener cerca de 600 Conhost.exe) Y los antivirus me encuentran muchos troyanos que ya eh borrado, pero el Conhost.exe sigue ahi y no se va. Estaba leyendo unos tutoriales y Scanneare mi computador con MalwareBytes, Spybot Search & Destroy Y SuperAntiSpyware. Y después pegare un log de HijackThis y queria saber si ustedes me lo podrian leer? (: Muchas Gracias. |
#1 Nacho_Rdz (15.862 Posts) - 01/08/2012 23:39:27 | ||
Una manera de quitar viris:
reinicia tu equipo en modo seguro con funciones de red, f8 varias veces antes de entrar a windows, de ahi elimina temporales con ccleaner y escanea tu equipo con elistara, msncleaner, spybot, antimalwarebytes, tdsskiller y combofix ademas de tu antivirus actualziado desp reinicias y pruebas cuentanos como te fue Esto es una firma Realiza las preguntas de manera clara proporcionando toda la información posible usando un lenguaje claro. Recuerda que no estamos frente a tu pc y nos guiamos por lo que nos dices. Al abrir una pregunta toma la responsabilidad de darle seguimiento dando información de tu experiencia. No abras más post con la misma pregunta para darle un seguimiento adecuado a tu problema. Cuando respondas tu pregunta, dá en el botón Responder. | ||
Bajar - Subir | ||
#2 coscuprrum (39 Posts) - 02/08/2012 01:14:08 | ||
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:25, on 01-08-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\ \ windows\ \ system32\ \ taskhost.exe C:\ \ windows\ \ system32\ \ Dwm.exe C:\ \ windows\ \ Explorer.EXE C:\ \ Program Files\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe C:\ \ Program Files\ \ Renesas Electronics\ \ USB 3.0 Host Controller Driver\ \ Application\ \ nusb3mon.exe C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorIcon.exe C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe C:\ \ Program Files\ \ Microsoft Security Client\ \ msseces.exe C:\ \ Windows\ \ System32\ \ igfxtray.exe C:\ \ Windows\ \ System32\ \ hkcmd.exe C:\ \ Windows\ \ System32\ \ igfxpers.exe C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2-ui.exe C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SUPERAntiSpyware.exe C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ TeaTimer.exe C:\ \ Program Files\ \ Synaptics\ \ SynTP\ \ SynTPHelper.exe C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe C:\ \ windows\ \ system32\ \ rundll32.exe C:\ \ windows\ \ system32\ \ rundll32.exe C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe C:\ \ windows\ \ system32\ \ rundll32.exe C:\ \ Program Files\ \ Google\ \ Chrome\ \ Application\ \ chrome.exe C:\ \ windows\ \ system32\ \ wuauclt.exe C:\ \ windows\ \ system32\ \ prevhost.exe C:\ \ Users\ \ fafuhi\ \ Downloads\ \ HijackThis.exe C:\ \ windows\ \ system32\ \ SearchFilterHost.exe R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://www.olidata.cl/ R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,SearchAssistant = R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,CustomizeSearch = R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ jp2ssv.dll O4 - HKLM\ \ .\ \ Run: [SynTPEnh] %ProgramFiles%\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe O4 - HKLM\ \ .\ \ Run: [NUSB3MON] \ "C:\ \ Program Files\ \ Renesas Electronics\ \ USB 3.0 Host Controller Driver\ \ Application\ \ nusb3mon.exe\ " O4 - HKLM\ \ .\ \ Run: [RtHDVCpl] C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe -s O4 - HKLM\ \ .\ \ Run: [IAStorIcon] C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorIcon.exe O4 - HKLM\ \ .\ \ Run: [RemoteControl8] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe\ " O4 - HKLM\ \ .\ \ Run: [PDVD8LanguageShortcut] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ Language\ \ Language.exe\ " O4 - HKLM\ \ .\ \ Run: [CLMLServer] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe\ " O4 - HKLM\ \ .\ \ Run: [UpdateP2GoShortCut] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ MUITransfer\ \ MUIStartMenu.exe\ " \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ " UpdateWithCreateOnce \ "SOFTWARE\ \ CyberLink\ \ Power2Go\ \ 6.0\ " O4 - HKLM\ \ .\ \ Run: [SunJavaUpdateSched] \ "C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe\ " O4 - HKLM\ \ .\ \ Run: [MSC] \ "c:\ \ Program Files\ \ Microsoft Security Client\ \ msseces.exe\ " -hide -runkey O4 - HKLM\ \ .\ \ Run: [IgfxTray] C:\ \ windows\ \ system32\ \ igfxtray.exe O4 - HKLM\ \ .\ \ Run: [HotKeysCmds] C:\ \ windows\ \ system32\ \ hkcmd.exe O4 - HKLM\ \ .\ \ Run: [Persistence] C:\ \ windows\ \ system32\ \ igfxpers.exe O4 - HKLM\ \ .\ \ Run: [LogMeIn Hamachi Ui] \ "C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2-ui.exe\ " --auto-start O4 - HKCU\ \ .\ \ Run: [NTI3QjRBMTkxMjA3QTY5MT] C:\ \ Users\ \ fafuhi\ \ upnpras.exe O4 - HKCU\ \ .\ \ Run: [aviracorporation] \ "C:\ \ Users\ \ fafuhi\ \ AppData\ \ Local\ \ Temp\ \ aviracorpor\ \ javadataupdate.exe\ " O4 - HKCU\ \ .\ \ Run: [Frames] C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Frames.exe O4 - HKCU\ \ .\ \ Run: [WinNT] C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Ph.exe O4 - HKCU\ \ .\ \ Run: [SUPERAntiSpyware] C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SUPERAntiSpyware.exe O4 - HKCU\ \ .\ \ Run: [SpybotSD TeaTimer] C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ TeaTimer.exe O4 - HKCU\ \ .\ \ Run: [RUQxQTdDRTFGNEQyQjk4Qj] C:\ \ Users\ \ fafuhi\ \ Vmsd.exe O4 - HKCU\ \ .\ \ Run: [SqlServ Data Analyzer] C:\ \ Users\ \ fafuhi\ \ shempr.exe O4 - HKCU\ \ .\ \ Run: [WinDefender] \ "C:\ \ Users\ \ fafuhi\ \ AppData\ \ Local\ \ Temp\ \ WinDefender.Exe\ " O4 - HKCU\ \ .\ \ Run: [Ayouou] C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Ayouou.exe O4 - HKCU\ \ .\ \ Run: [Windows Defender] \ "C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ WinDefender\ \ windefender.exe\ " O4 - HKUS\ \ S-1-5-19\ \ .\ \ Run: [Sidebar] %ProgramFiles%\ \ Windows Sidebar\ \ Sidebar.exe /autoRun (User \ 'SERVICIO LOCAL\ ') O4 - HKUS\ \ S-1-5-19\ \ .\ \ RunOnce: [mctadmin] C:\ \ Windows\ \ System32\ \ mctadmin.exe (User \ 'SERVICIO LOCAL\ ') O4 - HKUS\ \ S-1-5-20\ \ .\ \ Run: [Sidebar] %ProgramFiles%\ \ Windows Sidebar\ \ Sidebar.exe /autoRun (User \ 'Servicio de red\ ') O4 - HKUS\ \ S-1-5-20\ \ .\ \ RunOnce: [mctadmin] C:\ \ Windows\ \ System32\ \ mctadmin.exe (User \ 'Servicio de red\ ') O4 - Startup: libcurl-4.dll O4 - Startup: pthreadGC2.dll O4 - Global Startup: Hotkey.lnk = C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll O9 - Extra \ 'Tools\ ' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - Winlogon Notify: !SASWinLogon - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\ \ system32\ \ aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ Alg.exe,-112 (ALG) - Unknown owner - C:\ \ windows\ \ System32\ \ alg.exe O23 - Service: @%systemroot%\ \ system32\ \ appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ appinfo.dll,-100 (Appinfo) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ bfe.dll,-1001 (BFE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ qmgr.dll,-1000 (BITS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ browser.dll,-100 (Browser) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ bthserv.dll,-101 (bthserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\ \ windows\ \ system32\ \ IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ dps.dll,-500 (DPS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ eapsvc.dll,-1 (EapHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ FntCache.dll,-100 (FontCache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2.exe O23 - Service: @%SystemRoot%\ \ System32\ \ hidserv.dll,-101 (hidserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ LMS\ \ LMS.exe O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-100 (MMCSS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\ \ Program Files\ \ Mozilla Maintenance Service\ \ maintenanceservice.exe O23 - Service: @%SystemRoot%\ \ system32\ \ FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\ \ windows\ \ System32\ \ msdtc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ msimsg.dll,-27 (msiserver) - Unknown owner - C:\ \ windows\ \ system32\ \ msiexec.exe O23 - Service: @%SystemRoot%\ \ system32\ \ qagentrt.dll,-6 (napagent) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ netman.dll,-109 (Netman) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ netprofm.dll,-202 (netprofm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ nsisvc.dll,-200 (nsi) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ pla.dll,-500 (pla) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ umpo.dll,-100 (Power) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: PowerBiosServer - Unknown owner - C:\ \ Program Files\ \ Hotkey\ \ PowerBiosServer.exe O23 - Service: @%systemroot%\ \ system32\ \ profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ qwave.dll,-1 (QWAVE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ rasauto.dll,-200 (RasAuto) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ rasmans.dll,-200 (RasMan) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\ \ Program Files\ \ CyberLink\ \ Shared files\ \ RichVideo.exe O23 - Service: @%windir%\ \ system32\ \ RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ Locator.exe,-2 (RpcLocator) - Unknown owner - C:\ \ windows\ \ system32\ \ locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ schedsvc.dll,-100 (Schedule) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ seclogon.dll,-7001 (seclogon) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ Sens.dll,-200 (SENS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\ \ windows\ \ System32\ \ snmptrap.exe O23 - Service: @%systemroot%\ \ system32\ \ spoolsv.exe,-1 (Spooler) - Unknown owner - C:\ \ windows\ \ System32\ \ spoolsv.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ sppsvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ swprv.dll,-103 (swprv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sysmain.dll,-1000 (SysMain) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ tbssvc.dll,-100 (TBS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ termsrv.dll,-268 (TermService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ themeservice.dll,-8192 (Themes) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ trkwks.dll,-1 (TrkWks) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ servicing\ \ TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\ \ windows\ \ servicing\ \ TrustedInstaller.exe O23 - Service: @%SystemRoot%\ \ system32\ \ ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\ \ windows\ \ system32\ \ UI0Detect.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ UNS\ \ UNS.exe O23 - Service: @%systemroot%\ \ system32\ \ upnphost.dll,-213 (upnphost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ dwm.exe,-2000 (UxSms) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ vds.exe,-100 (vds) - Unknown owner - C:\ \ windows\ \ System32\ \ vds.exe O23 - Service: @%systemroot%\ \ system32\ \ vssvc.exe,-102 (VSS) - Unknown owner - C:\ \ windows\ \ system32\ \ vssvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ w32time.dll,-200 (W32Time) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wbengine.exe,-104 (wbengine) - Unknown owner - C:\ \ windows\ \ system32\ \ wbengine.exe O23 - Service: @%systemroot%\ \ system32\ \ wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ webclnt.dll,-100 (WebClient) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wersvc.dll,-100 (WerSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%ProgramFiles%\ \ Windows Defender\ \ MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\ \ windows\ \ system32\ \ wbem\ \ WmiApSrv.exe O23 - Service: @%PROGRAMFILES%\ \ Windows Media Player\ \ wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\ \ Program Files\ \ Windows Media Player\ \ wmpnetwk.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\ \ windows\ \ system32\ \ SearchIndexer.exe O23 - Service: @%systemroot%\ \ system32\ \ wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe -- End of file - 21926 bytes Ahí esta el log de HijackThis, ya pasé todo lo que me dijiste en modo seguro con funciones de Red. Ahora me dice esto : Está intentando Abrir un archivo de tipo \ "Extensión de la Aplicación\ " (.dll) El sistema operativo y diversos programas usan estos archivos. Si los Edita o modifica, se podría dañar el sistema. Si todavía desea abrir el archivo , haga clic en abrir con; de lo contrario, haga clic en Cancelar ---------------- -------- --------- Y con el Spybot me pide mucho de permitir cambios de la carpeta /Appdata/Roaming Ahí de algo de AdobeART, Y algo de Yapouou Aparte que en la carpeta C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming Tengo varios archivos.exe Que nunca había visto ni nada Unos ejemplos son: Apoerg.exe dkzjcc.exe ffzthq.exe frtwal.exe gsiatk.exe Y muchos más. Muchas Gracias por su ayuda. (: | ||
Bajar - Subir | ||
#3 swissman (39.814 Posts) - 02/08/2012 08:55:30 | ||
Hola, cierra todos los programas, navegador incluido, ejecuta hijackthis pulsando do a system scan only y marcas la siguiente entrada: F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd pulsa fix checked, sin reiniciar busca y borra lo siguiente (habilita la opción de ver archivos y carpetas ocultos). si alguno no se deja usa killbox o unlocker, o ambos C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp--->carpeta y contenido pasa ccleaner, para limpiar los temporales y cokies y registro, y jv16 PowerTools 2008 Los archivos que mencionas no aparecen en ninguna parte de internet, ¿donde están? envia alguno o todos a www.virustotal.com y nos dices qué resultado te ha dado, no es necesario que lo pegues, solo lo indicas. reinicias y nos dices que tal va, pegas un nuevo log. saludos | ||
Bajar - Subir | ||
#4 CoscuPrrum (39 Posts) - 03/08/2012 00:23:02 | ||
Hola, ya borré la entrada desde el hijackthis y limpié registro y lo demás con ccleaner y jv16 powertools2008.
no me deja eliminar la carpeta que me dijiste con unlocker. el killbox no sé de dónde descargarlo, en - no lo descargaré porque trae virus. en la parte inferior derecha (donde sale la hora) me sale este mensaje que no puedo cerrar. {emissary} net client you are being controlled by {emissary} net en el spybot search & destroy, me pide a cada rato si doy permisos para deja que hagan cambios desde la carpeta c:\ \ users\ \ fafuhi\ \ appdata desde ahí me dice si permito hacer cambios, pero no lo hago, siempre los bloqueo. aquí va algo del spybot search & destroy 01-08-2012 18:59:21 denegado (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry! 01-08-2012 18:59:30 denegado (based on user decision) value \ "windows defender\ " (new data: \ "\ ") eliminado in system startup user entry! 01-08-2012 19:04:51 denegado (based on user decision) value \ "ayouou\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ ayouou.exe\ ") agregado in system startup user entry! 01-08-2012 19:06:26 denegado (based on user decision) value \ "windows defender\ " (new data: \ "\ ") eliminado in system startup user entry! 01-08-2012 19:06:30 denegado (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry! 01-08-2012 19:32:59 denegado (based on user decision) value \ "spybotsd teatimer\ " (new data: \ "\ ") eliminado in system startup user entry! 01-08-2012 19:33:00 permitido (based on user decision) value \ "{53707962-6f74-2d53-2644-206d7942484f}\ " (new data: \ "\ ") eliminado in browser helper object! 02-08-2012 1:26:26 denegado (based on user decision) value \ "adobe\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ adobe\ \ adobe.exe\ ") agregado in system startup user entry! 02-08-2012 1:26:28 denegado (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry! 02-08-2012 1:26:29 denegado (based on user decision) value \ "egui\ " (new data: \ "\ ") eliminado in system startup global entry! 02-08-2012 1:26:31 permitido (based on user decision) value \ "{9030d464-4c02-4abf-8ecc-5164760863c6}\ " (new data: \ "\ ") eliminado in browser helper object! 02-08-2012 1:26:34 permitido (based on user decision) value \ "egui\ " (new data: \ "\ ") eliminado in system startup global entry! 02-08-2012 1:30:36 permitido (based on user decision) value \ "adobeart\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ adobeart.exe\ ") agregado in system startup user entry! 02-08-2012 1:42:43 permitido (based on user decision) value \ "adobe\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ adobe\ \ adobe.exe\ ") agregado in system startup user entry! 02-08-2012 1:43:02 permitido (based on user decision) value \ "microsoftwins\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ microsoftwins.exe\ ") agregado in system startup user entry! 02-08-2012 16:42:57 denegado (based on user decision) value \ "oyouoi\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ oyouoi.scr\ ") agregado in system startup user entry! 02-08-2012 16:43:01 denegado (based on user decision) value \ "oyouoi\ " (new data: \ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ oyouoi.scr\ ") agregado in system startup user entry! 02-08-2012 16:52:42 denegado (based on user decision) value \ "mssmartmon\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ 6f39.exe\ "\ ") agregado in system startup user entry! 02-08-2012 16:54:34 encountered and terminated fraud.windowssecuritycenter in c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ svchost.exe! 02-08-2012 17:09:37 denegado (based on user decision) value \ "obaobc.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ obaobc.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:10:17 denegado (based on user decision) value \ "obaobc.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ obaobc.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:10:25 denegado (based on user decision) value \ "obaobc.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ obaobc.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:10:55 denegado (based on user decision) value \ "syntpenh\ " (new data: \ "\ ") eliminado in system startup global entry! 02-08-2012 17:11:01 denegado (based on user decision) value \ "persis\ " (new data: \ "\ ") agregado in global browser toolbar! 02-08-2012 17:15:28 denegado (based on user decision) value \ "locked\ " (new data: \ "\ ") eliminado in global browser toolbar! 02-08-2012 17:15:31 denegado (based on user decision) value \ "\ " (new data: \ "\ ") eliminado in exe extension handler! 02-08-2012 17:21:49 denegado (based on user decision) value \ "mssmartmon\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ 1fb1.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:21:51 denegado (based on user decision) value \ "nti3qjrbmtkxmja3qty5mt\ " (new data: \ "\ ") eliminado in system startup user entry! 02-08-2012 17:24:25 denegado (based on user decision) value \ "syntpenh\ " (new data: \ "\ ") eliminado in system startup global entry! 02-08-2012 17:24:26 denegado (based on user decision) value \ "nusb3m\ " (new data: \ "\ ") agregado in global browser toolbar! 02-08-2012 17:24:26 denegado (based on user decision) value \ "regedi\ " (new data: \ "\ ") eliminado in global browser toolbar! 02-08-2012 17:24:27 denegado (based on user decision) value \ "\ " (new data: \ "\ ") eliminado in exe extension handler! 02-08-2012 17:24:27 denegado (based on user decision) value \ "load\ " (new data: \ "\ ") cambiado in nt startup! 02-08-2012 17:24:28 denegado (based on user decision) value \ "programs\ " (new data: \ "\ ") eliminado in nt startup! 02-08-2012 17:24:28 denegado (based on user decision) value \ "webcheck\ " (new data: \ "\ ") eliminado in shell services! 02-08-2012 17:24:29 denegado (based on user decision) value \ "{cfbfae00-17a6-11d0-99cb-00c04fd64497}\ " (new data: \ "\ ") eliminado in internet explorer searches! 02-08-2012 17:24:41 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ kgalhg.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:25:20 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ kgalhg.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:26:44 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ kgalhg.exe\ "\ ") agregado in system startup user entry! 02-08-2012 17:26:46 denegado (based on user decision) value \ "nti3qjrbmtkxmja3qty5mt\ " (new data: \ "\ ") eliminado in system startup user entry! 02-08-2012 17:26:50 denegado (based on user decision) value \ "syntpenh\ " (new data: \ "\ ") eliminado in system startup global entry! 02-08-2012 17:26:57 denegado (based on user decision) value \ "nusb3m\ " (new data: \ "\ ") agregado in global browser toolbar! 02-08-2012 17:27:08 denegado (based on user decision) value \ "regedi\ " (new data: \ "\ ") eliminado in global browser toolbar! 02-08-2012 17:27:11 denegado (based on user decision) value \ "\ " (new data: \ "\ ") eliminado in exe extension handler! 02-08-2012 17:27:14 denegado (based on user decision) value \ "load\ " (new data: \ "\ ") cambiado in nt startup! 02-08-2012 18:08:06 denegado (based on user decision) value \ "mssmartmon\ " (new data: \ "\ "c:\ \ users\ \ fafuhi\ \ appdata\ \ roaming\ \ b4ed.exe\ "\ ") agregado in system startup user entry! 02-08-2012 18:08:13 denegado (based on user decision) value \ "nti3qjrbmtkxmja3qty5mt\ " (new data: \ "\ ") eliminado in system startup user entry! 02-08-2012 18:08:21 denegado (based on user decision) value \ "kgalhg.exe\ " (new data: \ "\ ") eliminado in system startup user entry! 02-08-2012 18:08:40 denegado (based on user decision) value \ "babylon client\ " (new data: \ "c:\ \ program files\ \ babylon\ \ babylon-pro\ \ babylon.exe -autostart\ ") agregado in system startup global entry! 02-08-2012 18:08:41 denegado (based on user decision) value \ "persis\ " (new data: \ "\ ") agregado in global browser toolbar! 02-08-2012 18:08:49 denegado (based on user decision) value \ "regedi\ " (new data: \ "\ ") eliminado in global browser toolbar! 02-08-2012 18:08:50 denegado (based on user decision) value \ "start page\ " (new data: \ "http://search.babylon.com/home?affid=17425&tt=290712_acp_3112_5\ ") cambiado in browser page! --------- | ||
Bajar - Subir | ||
#5 CoscuPrrum (39 Posts) - 03/08/2012 00:23:26 | ||
Aquí va otro Log de HijackThis
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:22:18, on 02-08-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\ \ windows\ \ system32\ \ taskhost.exe C:\ \ windows\ \ system32\ \ Dwm.exe C:\ \ Program Files\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe C:\ \ Program Files\ \ Renesas Electronics\ \ USB 3.0 Host Controller Driver\ \ Application\ \ nusb3mon.exe C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorIcon.exe C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe C:\ \ Program Files\ \ Microsoft Security Client\ \ msseces.exe C:\ \ Windows\ \ System32\ \ igfxtray.exe C:\ \ Windows\ \ System32\ \ hkcmd.exe C:\ \ Windows\ \ System32\ \ igfxpers.exe C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2-ui.exe C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Babylon.exe C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SUPERAntiSpyware.exe C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ TeaTimer.exe C:\ \ windows\ \ system32\ \ calc.exe C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ Microsoft\ \ Windows\ \ Start Menu\ \ Programs\ \ Startup\ \ 85992.exe C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ CDFA.exe C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ AdobeART.exe C:\ \ Program Files\ \ Mozilla Firefox\ \ firefox.exe C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ ifufhq.exe C:\ \ Program Files\ \ Mozilla Firefox\ \ plugin-container.exe C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerPlugin_11_3_300_268.exe C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerPlugin_11_3_300_268.exe C:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ svchost64.exe C:\ \ windows\ \ system32\ \ conhost.exe C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SpybotSD.exe C:\ \ Users\ \ fafuhi\ \ Downloads\ \ HijackThis.exe C:\ \ windows\ \ system32\ \ taskeng.exe R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://www.olidata.cl/ R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Start Page = http://www.olidata.cl/ R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,SearchAssistant = R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,CustomizeSearch = R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ ssv.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\ \ Program Files\ \ Java\ \ jre6\ \ bin\ \ jp2ssv.dll O4 - HKLM\ \ .\ \ Run: [SynTPEnh] %ProgramFiles%\ \ Synaptics\ \ SynTP\ \ SynTPEnh.exe O4 - HKLM\ \ .\ \ Run: [RtHDVCpl] C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe -s O4 - HKLM\ \ .\ \ Run: [RtHDVCpl] C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ RtHDVCpl.exe -s O4 - HKLM\ \ .\ \ Run: [RemoteControl8] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe\ " O4 - HKLM\ \ .\ \ Run: [RemoteControl8] \ "C:\ \ Program Files\ \ CyberLink\ \ PowerDVD8\ \ PDVD8Serv.exe\ " O4 - HKLM\ \ .\ \ Run: [CLMLServer] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe\ " O4 - HKLM\ \ .\ \ Run: [CLMLServer] \ "C:\ \ Program Files\ \ CyberLink\ \ Power2Go\ \ CLMLSvc.exe\ " O4 - HKLM\ \ .\ \ Run: [SunJavaUpdateSched] \ "C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe\ " O4 - HKLM\ \ .\ \ Run: [SunJavaUpdateSched] \ "C:\ \ Program Files\ \ Common Files\ \ Java\ \ Java Update\ \ jusched.exe\ " O4 - HKLM\ \ .\ \ Run: [IgfxTray] C:\ \ windows\ \ system32\ \ igfxtray.exe O4 - Startup: 85992.exe O4 - Startup: libcurl-4.dll O4 - Startup: pthreadGC2.dll O4 - Global Startup: Hotkey.lnk = C:\ \ Program Files\ \ Hotkey\ \ Hotkey.exe O8 - Extra context menu item: Translate this web page with Babylon - res://C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll/Action.htm O9 - Extra button: @C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WriterBrowserExtension.dll O9 - Extra \ 'Tools\ ' menuitem: @C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\ \ Program Files\ \ Windows Live\ \ Writer\ \ WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll O9 - Extra \ 'Tools\ ' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ \ Program Files\ \ Spybot - Search & Destroy\ \ SDHelper.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll O9 - Extra \ 'Tools\ ' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\ \ Program Files\ \ Babylon\ \ Babylon-Pro\ \ Utils\ \ BabylonIEPI.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\ \ Program Files\ \ Windows Live\ \ Photo Gallery\ \ AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\ \ windows\ \ system32\ \ Macromed\ \ Flash\ \ FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\ \ system32\ \ aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ Alg.exe,-112 (ALG) - Unknown owner - C:\ \ windows\ \ System32\ \ alg.exe O23 - Service: @%systemroot%\ \ system32\ \ appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ appinfo.dll,-100 (Appinfo) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ bfe.dll,-1001 (BFE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ qmgr.dll,-1000 (BITS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ browser.dll,-100 (Browser) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ bthserv.dll,-101 (bthserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\ \ windows\ \ system32\ \ IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ dps.dll,-500 (DPS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ eapsvc.dll,-1 (EapHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ FntCache.dll,-100 (FontCache) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Google Update Servicio (gupdate) (gupdate) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\ \ Program Files\ \ Google\ \ Update\ \ GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\ \ Program Files\ \ LogMeIn Hamachi\ \ hamachi-2.exe O23 - Service: @%SystemRoot%\ \ System32\ \ hidserv.dll,-101 (hidserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Rapid Storage Technology\ \ IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ LMS\ \ LMS.exe O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-100 (MMCSS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\ \ Program Files\ \ Mozilla Maintenance Service\ \ maintenanceservice.exe O23 - Service: @%SystemRoot%\ \ system32\ \ FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\ \ windows\ \ System32\ \ msdtc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ msimsg.dll,-27 (msiserver) - Unknown owner - C:\ \ windows\ \ system32\ \ msiexec.exe O23 - Service: @%SystemRoot%\ \ system32\ \ qagentrt.dll,-6 (napagent) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ netman.dll,-109 (Netman) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ netprofm.dll,-202 (netprofm) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ nsisvc.dll,-200 (nsi) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ pla.dll,-500 (pla) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ umpo.dll,-100 (Power) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: PowerBiosServer - Unknown owner - C:\ \ Program Files\ \ Hotkey\ \ PowerBiosServer.exe O23 - Service: @%systemroot%\ \ system32\ \ profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ qwave.dll,-1 (QWAVE) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ rasauto.dll,-200 (RasAuto) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ rasmans.dll,-200 (RasMan) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\ \ Program Files\ \ CyberLink\ \ Shared files\ \ RichVideo.exe O23 - Service: @%windir%\ \ system32\ \ RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ Locator.exe,-2 (RpcLocator) - Unknown owner - C:\ \ windows\ \ system32\ \ locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ schedsvc.dll,-100 (Schedule) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ seclogon.dll,-7001 (seclogon) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ Sens.dll,-200 (SENS) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\ \ windows\ \ System32\ \ snmptrap.exe O23 - Service: @%systemroot%\ \ system32\ \ spoolsv.exe,-1 (Spooler) - Unknown owner - C:\ \ windows\ \ System32\ \ spoolsv.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ sppsvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ swprv.dll,-103 (swprv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ sysmain.dll,-1000 (SysMain) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ tbssvc.dll,-100 (TBS) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ termsrv.dll,-268 (TermService) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ themeservice.dll,-8192 (Themes) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ trkwks.dll,-1 (TrkWks) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ servicing\ \ TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\ \ windows\ \ servicing\ \ TrustedInstaller.exe O23 - Service: @%SystemRoot%\ \ system32\ \ ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\ \ windows\ \ system32\ \ UI0Detect.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\ \ Program Files\ \ Intel\ \ Intel(R) Management Engine Components\ \ UNS\ \ UNS.exe O23 - Service: @%systemroot%\ \ system32\ \ upnphost.dll,-213 (upnphost) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ dwm.exe,-2000 (UxSms) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ vds.exe,-100 (vds) - Unknown owner - C:\ \ windows\ \ System32\ \ vds.exe O23 - Service: @%systemroot%\ \ system32\ \ vssvc.exe,-102 (VSS) - Unknown owner - C:\ \ windows\ \ system32\ \ vssvc.exe O23 - Service: @%SystemRoot%\ \ system32\ \ w32time.dll,-200 (W32Time) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wbengine.exe,-104 (wbengine) - Unknown owner - C:\ \ windows\ \ system32\ \ wbengine.exe O23 - Service: @%systemroot%\ \ system32\ \ wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ webclnt.dll,-100 (WebClient) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wersvc.dll,-100 (WerSvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%ProgramFiles%\ \ Windows Defender\ \ MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\ \ windows\ \ system32\ \ wbem\ \ WmiApSrv.exe O23 - Service: @%PROGRAMFILES%\ \ Windows Media Player\ \ wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\ \ Program Files\ \ Windows Media Player\ \ wmpnetwk.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\ \ windows\ \ System32\ \ svchost.exe O23 - Service: @%systemroot%\ \ system32\ \ SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\ \ windows\ \ system32\ \ SearchIndexer.exe O23 - Service: @%systemroot%\ \ system32\ \ wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ system32\ \ wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe O23 - Service: @%SystemRoot%\ \ System32\ \ wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\ \ windows\ \ system32\ \ svchost.exe -- End of file - 21880 bytes | ||
Bajar - Subir | ||
#6 coscuprrum (39 Posts) - 03/08/2012 06:47:55 | ||
Ayuda Por Favor (: | ||
Bajar - Subir | ||
#7 swissman (39.814 Posts) - 03/08/2012 07:41:59 | ||
Yo haria una restauracion de fabrica para ir sobre seguro, pero nates deberias hacer una copia de todos los archivos en un soporte externo, ya que quedaria cmo de fabrica.
también puedes intentar restuarar sistema a antes de que te fuera mal. si no quieres o puedes hacer, envia a virustotal c:\ \ Users\ \ fafuhi\ \ AppData\ \ Roaming\ \ svchost64.exe es posible que sea un virus o esté infectado, si lo esta lo eliminas marca y dale fix a F3 - REG:win.ini: load=C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp\ \ mszcac.cmd O4 - Startup: 85992.exe O4 - Startup: libcurl-4.dll O4 - Startup: pthreadGC2.dll busca y elimina, si encuentras, lo siguiente: C:\ \ Users\ \ fafuhi\ \ LOCALS~1\ \ Temp --carpeta y contenido, intentalo con killbox, unlocker, marcarlo para que se elimine al reiniciar. pthreadGC2.dll ibcurl-4.dll pthreadGC2.dll habilia la opción de buscar en subcarpetas y en archivos y carpetas ocultos y de sistema. pasas ccleaner. si después de reiniciar siguen ahí, intenta lo mismo en modo seguro, si siguen ahí, deshabilitas restaurar sistema y lo intentas de nuevo todo. si sigue mal solo quedara (hasta donde sé) combofix, que puede estropearte el sistema. saludos descarga oficial killbox [Mensaje editado por Moderador swissman con fecha: 09/08/2012 14:08:56]. | ||
Bajar - Subir | ||
#8 CoscuPrrum (39 Posts) - 08/08/2012 22:21:35 | ||
Restauré el sistema, y volvió todo a la normalidad.
Ahora instalaré todos los Antivirus y lo que me dijeron para evitar problemas más adelante. Mi pregunta es de ésa página que me pusiste ahí (www.uptodown.com), intenté bajar el Nod32 Y me pide instalar una Toolbar (funmod o algo así). Ustedes me dicen que las Toolbar, son un coladero de virus. De dónde podría descargar los archivos seguramente sin instalar archivos extras como Toolbar u otras cosas? Muchísimas gracias por su ayuda. | ||
Bajar - Subir | ||
#9 swissman (39.814 Posts) - 09/08/2012 14:08:24 | ||
Realmente esta toolbar puede ser un coladero, las de google, por ejemplo, no he dicho que sea un coladero de virus o que sea mala, sino que ralentizan el sistema (y además no me gustan xD).
el link que puse no parece correcto (ahora lo editaré) este lo acabo de descargar e instalar, y sale lo de la toolbar, pero estas cosas aparecen en algunos de los programas gratuitos, solo debe tenerse la precaucion de no usar el boton de \ "instalacion recomendada\ " o similar, y eswcoger la manual, que ponen \ "para expertos\ " para que la gente pique e instale las toolbar. puedes instalarlo del link de arriba, solo fijate en no instalar la toolbar. el nod 32 creo que es de pago, actualmente yo uso el avg, la version gratuita, y no atosigan con publicidad como otros antivirus gratuitos ( e incluso no gratuitos). saludos | ||
Bajar - Subir |
Temas relacionados: |
Detección de virus troyanos y archivos corruptos. | |
Acer aspire 5738z-4017. sist operativo w. vista tengo instalado el antivirus avg, cuando hago el análisis del equipo detecta unos archivos como troyanos , los mismos se encuentran en videojuegos que instalé. Es posible que los videojuegos tuvieran dichos virus? También detecta archivos que los califica como \"corruptos\" , a que se refiere? Anteriormente tenía el antivirus avast y no lo detectaba Gracias ... | |
Hacer chequeo para detectar virus, troyanos, etc en mi equipo (Windows XP) | |
Quisiera que alguien me recomendara cómo hacer el chequeo a mi equipo. Tengo unas recomendaciones que me dieron hace algunos años en esta página, lo que no sé es si siguen en vigor o esán anticuadas. Estas recomendaciones eran: Pasa a tu ordenador tu antivirus y los siguientes programas actualizados y en modo a prueba de fallos: Spybot S&D Ad-Aware (pack de lenguajes ) AVG AntiSpyware El Ad-Aware pásalo con la opción Realizar exploración completa del sistema Limpia el ordenador de archivos y entradas de registro innecesa... | |
Ayuda con mi PC con virus por favor !! | |
AMD Athlon Dual Core x2 215 Processor 2.7GHz/Windows 7/4gb ram Mi PC estas últimas semanas ha estado muy lento y quisiera saber si ustedes me podrían ayudar leyendome el log de HijackThis. Seguí una guía que dejaron en otro post. En cuánto termine el scan, pegaré el log aquí, serían tan amables de leermelo? :c ... | |
Ayuda por favor... Virus o un troyano !! | |
Procesador: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz 2.60GHz Hola gente, tengo un gran problema parece que un virus se me metio en la pc pero no se como, quisiera que ustedes lograran ayudarme a solucionarlo por favor. mi antivirus se llama Microsoft Segurity Essentials y vino con mi windows 7 starter. Capture una imagen de lo que me sucede: http://imageshack.us/photo/my-images/40/virusky.png/ espero que puedan ayudarme, por favor. ... | |
Por favor, ayuda con un virus imposible de eliminar!! | |
Hola a todos. Sé que estaréis muy ocupados pero por favor, si alguien supiera algo sobre el tema de eliminar troyanos y tal se lo agradecería mucho. Resulta que el otro día me entró un virus (o más, quién sabe) que me deja el ordenador totalmente inutilizado. Nada más iniciarlo sale todo descolocado, algunas veces nisiquiera entra al Usuario sino que se reinicia una y otra vez. Me ha desactivado el antivirus NOD32 y sale el siguiente mensaje \"El análisis de los protocolos utilizados por la aplicación no funcionará. Ha ocurrido un error mien... | |
Foros: Virus |
Subir |
Foros: |
|