Primero expongo algo en problemilla; en el PC de mi hermana se han hallado diferentes adwares que se hacían pasar por 'antivirus' (al paracer siempre han cambiado, o sea, han sido diferentes, por lo que el nombre del mismo no le queda muy claro). Esto creaba problemas entre el firewall de windows y el mismo
También dice que tiene ciertos programas que no consigue borrar o eliminar con solo darle a "Desinstalar", así que, si podríais miraros un poco el log en busca de más cositas sopechosas o cuya presencia en el PC podría estorbar, os estaría agradecido.
Una cosa que quisiera añadir es una screenshot, de un mensaje que me sale al analizar el PC. No voy a mentir, me podría imaginar lo que quiere decir y cómo hacerlo, pero no tengo ni la menor idea del 'porqué' exactamente. Por lo tanto no voy a mover dedo hasta que alguien me pueda decir lo que es, como lo hago sin estropear algo y quizá el porqué. Aquí la teneis:
[img]
Comienza aquí el log del HijackThis-scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:23, on 16.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100
O1 - Hosts: 74.125.45.100
O1 - Hosts: 74.125.45.100
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.com
O1 - Hosts: 173.232.108.157 google.com.au
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.be
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.com.br
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.ca
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.ch
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.de
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.dk
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.fr
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.ie
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.it
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.co.jp
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.nl
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.no
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.co.nz
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.pl
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.se
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 google.co.uk
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 search.yahoo.com
O1 - Hosts: 173.232.108.157
O1 - Hosts: 173.232.108.157 uk.search.yahoo.com
O1 - Hosts: 173.232.108.157 ca.search.yahoo.com
O1 - Hosts: 173.232.108.157 de.search.yahoo.com
O1 - Hosts: 173.232.108.157 au.search.yahoo.com
O2 - BHO: (no name) - {0E12D48D-6FAE-4C9F-B914-D891FC426F3d} - C:\WINDOWS\system32\muzhhmzw.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5BC0354D-8881-497F-94A6-F1FC2231C66B} - c:\windows\system32\ntaiwth.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites -
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C44649A9-7ED6-4A9E-B03A-812F4271E682}: NameServer = 195.235.113.3,195.235.96.90
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOKUME~1\Besitzer\LOKALE~1\Temp\AVSETUP_4bec1cd8\basic\avupgsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Seekeen Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seekeen\seekeen140.exe (file missing)
O23 - Service: SeekeenSrch Service - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SeekeenSrch\seekeen147.exe (file missing)
--
End of file - 10530 bytes