Al iniciar, la carga del escritorio es muy lenta aún cuando tengo ocultos los iconos. Al término de la carga de programas, dejando un lapso de hasta 5 minutos, el primer proceso que se ejecuta, cualquiera que sea, Internet Explorer, Outlook, Explorador de windows, etc., se queda congelado por espacio hasta de 1 minuto, puede inciar la ejecución pero a partir de abrir la primer ventana del proceso, el mouse, el teclado y todo se queda paralizado. Posteriormmente se reanuda pero el equipo se alenta en todos los procesos subsecuentes.
Con el Administrador de tareas me he dado cuenta que la memoria RAM consumida llega siempre arriba de 850 Mb, aún cuando solo haya iniciado el equipo sin haber ejecutado nada todavía.
Ejecuté en Modo Seguro escaneos online de ESET, Bit Defender y Panda, adjunto los reportes en ése órden.
Además, después de los escaneos OnLine generé un reporte con HijackThis
¿Podrían revisar los reportes, por favor?
De antemano mil gracias y saludos cordiales.
REPORTE DE ESET
C:\Program Files\DelPSGuard\IED.exe probablemente una variante de Win32/Agent Troyano no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
C:\SDFix\apps\Process.exe Win32/PrcView aplicación no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
C:\Users\Franc\Desktop\DelPSGuard.exe probablemente una variante de Win32/Agent Troyano eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Proveedores\Kaspersky\Utilerías\xp\I386\S YSTEM32\ShutdwnRPC.exe probablemente una variante de Win32/Spy.Agent Troyano no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Proveedores\Kaspersky\Utilerías\xp\PROGRA MS\7zFM\7zFM.exe probablemente una variante de Win32/Agent Troyano no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Proveedores\Kaspersky\Utilerías\xp\PROGRA MS\pm8\PQLAUNCH.EXE probablemente una variante de Win32/Agent Troyano no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Proveedores\Kaspersky\Utilerías\xp\PROGRA MS\WinImage\xpkey.exe Win32/PSWTool.RAS.A aplicación no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Utilerias\DelPSGuard.zip probablemente una variante de Win32/Agent Troyano eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Utilerias\msconfig-cleanup.zip probablemente desconocido NewHeur_PE virus eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Utilerias\MSNFix.zip múltiples amenazas eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Utilerias\ScreenshotCaptorSetup.exe una variante de Win32/KeyLogger.BitLogic.AA aplicación eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Utilerias\SDFix.exe Win32/PrcView aplicación eliminado - puesto en Cuarentena
C:\Users\Franc\Documents\BIOS Defender\Utilerias\DelPSGuard\DelPSGuard.exe probablemente una variante de Win32/Agent Troyano eliminado - puesto en Cuarentena
C:\Users\Franc\Downloads\delpsguard.zip probablemente una variante de Win32/Agent Troyano eliminado - puesto en Cuarentena
C:\Users\Franc\Downloads\SDFix.exe Win32/PrcView aplicación eliminado - puesto en Cuarentena
C:\Users\Franc\Downloads\MSNFix\MSNFix\incl\Hostsc lean.exe Win32/Packed.Autoit.Gen aplicación eliminado - puesto en Cuarentena
C:\Users\Franc\Downloads\MSNFix\MSNFix\incl\Proces s.exe Win32/PrcView aplicación no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena
************************************************** **************
================================================== =======
************************************************** **************
REPORTE DE BIT DEFENDER
BitDefender QuickScan Beta 32-bit v0.9.9.5
------------------------------------------
Fecha de Análisis: Sun Jun 20 08:16:45 2010
ID de la Máquina: 6EDB0B0A
No se han encontrado infecciones.
-----------------------------------
Procesos
--------
<verificado> Microsoft® Windows® Operating System 380 C:\Windows\System32\smss.exe
<verificado> Microsoft® Windows® Operating System 1936 C:\Windows\system32\wbem\unsecapp.exe
<verificado> Microsoft® Windows® Operating System 2008 C:\Windows\system32\wbem\wmiprvse.exe
<verificado> Sistema operativo Microsoft® Windows® 1632 C:\Windows\Explorer.EXE
<verificado> Sistema operativo Microsoft® Windows® 440 C:\Windows\system32\csrss.exe
<verificado> Sistema operativo Microsoft® Windows® 476 C:\Windows\system32\csrss.exe
<verificado> Sistema operativo Microsoft® Windows® 572 C:\Windows\system32\lsass.exe
<verificado> Sistema operativo Microsoft® Windows® 580 C:\Windows\system32\lsm.exe
<verificado> Sistema operativo Microsoft® Windows® 556 C:\Windows\system32\services.exe
<verificado> Sistema operativo Microsoft® Windows® 720 C:\Windows\system32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 776 C:\Windows\system32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 812 C:\Windows\System32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 896 C:\Windows\System32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 920 C:\Windows\system32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 964 C:\Windows\System32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 1020 C:\Windows\system32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 1036 C:\Windows\system32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 1192 C:\Windows\system32\svchost.exe
<verificado> Sistema operativo Microsoft® Windows® 484 C:\Windows\system32\wininit.exe
<verificado> Sistema operativo Microsoft® Windows® 520 C:\Windows\system32\winlogon.exe
<verificado> Windows® Internet Explorer 428 C:\Program Files\Internet Explorer\iexplore.exe
<verificado> Windows® Internet Explorer 760 C:\Program Files\Internet Explorer\iexplore.exe
<verificado> Windows® Internet Explorer 1624 C:\Program Files\Internet Explorer\iexplore.exe
Actividad de red
----------------
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 69.192.124.20
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 66.102.7.101
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 69.192.124.20
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 69.192.124.20
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 69.192.117.115
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 207.46.216.54
Proceso iexplore.exe (760) conectado en el puerto 80 (HTTP) - 66.235.142.24
Proceso wininit.exe (484) escuchar en puertos: 49152 (RPC)
Proceso services.exe (556) escuchar en puertos: 49154 (RPC)
Proceso lsass.exe (572) escuchar en puertos: 49155 (RPC)
Proceso svchost.exe (776) escuchar en puertos: 135 (RPC)
Proceso svchost.exe (896) escuchar en puertos: 49153 (RPC)
Autoruns y archivos críticos
----------------------------
<verificado> Advanced SystemCare 3 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
<verificado> Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
<verificado> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verificado> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verificado> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
<verificado> GoToAssist C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
<verificado> GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
<verificado> Intel(R) Common User Interface C:\Windows\system32\hkcmd.exe
<verificado> Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
<verificado> Intel(R) Common User Interface C:\Windows\system32\igfxpers.exe
<verificado> Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
<verificado> Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verificado> Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
<verificado> Kaspersky Anti-Virus c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
<verificado> Kaspersky Anti-Virus c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
<verificado> Kaspersky Anti-Virus C:\Windows\system32\klogon.dll
<verificado> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
<verificado> Sistema operativo Microsoft® Windows® C:\Windows\System32\browseui.dll
<verificado> Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe
<verificado> Windows C:\Windows\system32\WpcUmi.exe
<verificado> Windows® Internet Explorer C:\Windows\System32\webcheck.dll
Plugins del Navegador
---------------------
<sin firma> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<sin firma> Picasa C:\Program Files\Picasa2\npPicasa2.dll
<sin firma> Process Scanner C:\Windows\Downloaded Program Files\sabspx.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<sin firma> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<sin firma> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<sin firma> RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<sin firma> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<sin firma> RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<sin firma> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<verificado> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verificado> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verificado> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verificado> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verificado> AhnLab MyKeyDefense 2.5 C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
<verificado> AhnLab Online Security C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\np aosmgr.dll
<verificado> BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.ocx
<verificado> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
<verificado> ewido anti-spyware C:\Windows\Downloaded Program Files\ewidoOnlineScan.dll
<verificado> Family Safety Browser Helper Object Lib c:\program files\windows live\family safety\fssbho.dll
<verificado> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verificado> Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll
<verificado> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verificado> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.5.5126.1836\s wg.dll
<verificado> GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
<verificado> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
<verificado> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
<verificado> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verificado> Java(TM) Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
<verificado> Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
<verificado> Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
<verificado> Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
<verificado> Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verificado> Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verificado> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verificado> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verificado> Microsoft® Windows® Operating System C:\Windows\System32\wshbth.dll
<verificado> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verificado> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verificado> Picasa C:\Program Files\Picasa2\npPicasa3.dll
<verificado> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verificado> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verificado> RealPlayer(tm) G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verificado> Sistema operativo Microsoft® Windows® C:\Windows\System32\mswsock.dll
<verificado> Sistema operativo Microsoft® Windows® C:\Windows\System32\NapiNSP.dll
<verificado> Sistema operativo Microsoft® Windows® C:\Windows\System32\pnrpnsp.dll
<verificado> Software Manager C:\Windows\Downloaded Program Files\isusweb.dll
<verificado> Symantec Security Check C:\Windows\Downloaded Program Files\rufsi.dll
<verificado> WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll
<verificado> Windows C:\Windows\System32\wpclsp.dll
<verificado> Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
<verificado> Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verificado> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verificado> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Archivos perdidos
-----------------
Archivo no encontrado: C:\ComboFix\catchme.sys
hace referencia a: HKLM\System\CurrentControlSet\Services\catchme\"Im agePath"
Archivo no encontrado: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
hace referencia a: HLKM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\"Path"
Archivo no encontrado: C:\Windows\system32\618.tmp
hace referencia a: HKLM\System\CurrentControlSet\Services\MEMSWEEP2\" ImagePath"
Analizar
--------
<sin firma> MD5: 903b5b4caa9a85b85ba57e411f7235fa C:\Program Files\A-FF Find and Mount\slicedisk.sys
<sin firma> MD5: 7cf1b716372b89568ae4c0fe769f5869 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
<sin firma> MD5: 0fdda4763c75e78f25e415440ea789aa C:\Program Files\Java\jre6\bin\awt.dll
<sin firma> MD5: d30b03edb557026f6f06602a9d04d61b C:\Program Files\Java\jre6\bin\deploy.dll
<sin firma> MD5: 24dceaee37e3f66f92daa52edf69c9e9 C:\Program Files\Java\jre6\bin\jp2native.dll
<sin firma> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<sin firma> MD5: 524574ba6609f10fe6c0b5bf11ae29e1 C:\Program Files\Java\jre6\bin\net.dll
<sin firma> MD5: 54b787cae56a6e0102c0dd77a21fd677 C:\Program Files\Java\jre6\bin\nio.dll
<sin firma> MD5: 82cd9719a11d9fef7ca751da31651158 C:\Program Files\Java\jre6\bin\regutils.dll
<sin firma> MD5: 2cb7c019a1ab8ea3d281c9606d097331 C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<sin firma> MD5: e93467c5327c2760fcab2b4670847496 C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<sin firma> MD5: 2c4092133f63ecdc20030c3e1703ab66 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<sin firma> MD5: dd33975dcfe8c020c07f6707f81a1d12 C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<sin firma> MD5: 01f0264937036bd962563f1adf35ce72 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<sin firma> MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files\Picasa2\npPicasa2.dll
<sin firma> MD5: adb28aa98d876afc1cd693570032fe81 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
<sin firma> MD5: dd33975dcfe8c020c07f6707f81a1d12 c:\program files\real\realplayer\Netscape6\nprjplug.dll
<sin firma> MD5: 01f0264937036bd962563f1adf35ce72 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<sin firma> MD5: a1ac92c4eb1a4ae2906709a5fb94d822 C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
<sin firma> MD5: 1d748a18416ce95461b79e5ccbeffaa8 C:\PROGRA~1\Java\jre6\bin\hpi.dll
<sin firma> MD5: bfaefedd5c54a40ea42ea5bcbe3215a6 C:\PROGRA~1\Java\jre6\bin\java.dll
<sin firma> MD5: bce9b4544f0a88b0d9f77ccdabd1d63e C:\PROGRA~1\Java\jre6\bin\verify.dll
<sin firma> MD5: fb4ff002962f6b06be36f4df11d2a0b9 C:\PROGRA~1\Java\jre6\bin\zip.dll
<sin firma> MD5: b2ba62258e77d34b4ea0a30ed408bbb9 C:\Windows\Downloaded Program Files\sabspx.dll
<sin firma> MD5: f79fa009f7f34388cd850c62e9bebb00 C:\Windows\System32\BTNCopy.dll
<sin firma> MD5: 6f4d79ea861137ef2f9078e265c2aa83 C:\Windows\system32\drivers\Mkd2kfNt.sys
<sin firma> MD5: fe7925784f6801e983b41ec118ef62ac C:\Windows\system32\drivers\Mkd2Nadr.sys
<sin firma> MD5: 26b8b7b8afd1bc7a447144fa3a2a21a5 C:\Windows\system32\DRIVERS\RTL8187.sys
<sin firma> MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 C:\Windows\system32\HPZinw12.dll
<sin firma> MD5: 79834aa2fbf9fe81eebb229024f6f7fc C:\Windows\system32\HPZipm12.dll
<sin firma> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a 1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80 .dll
Archivo no enviado
Scan finished - communication took 9 sec
Total traffic - 0.06 MB enviado, 2.74 KB recibido
Scanned 1010 files and modules - 75 seconds
************************************************** **************
================================================== =======
************************************************** **************
REPORTE DE PANDA
;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2010-06-01 19:44:36
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 23
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Microsoft Security Essentials Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\monitorip\appdata\roaming\microsoft\windo ws\cookies\monitorip@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@atdmt[4].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\monitorip\appdata\roaming\microsoft\windo ws\cookies\monitorip@atdmt[1].txt
00159881 Application/Pskill.A HackTools No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\i386\s ystem32\pskill.exe
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@yadro[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\monitorip\appdata\roaming\microsoft\windo ws\cookies\
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\monitorip\appdata\roaming\microsoft\windo ws\cookies\monitorip@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\monitorip\appdata\roaming\microsoft\windo ws\cookies\
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@advertising[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@adviva[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\franc\appdata\roaming\microsoft\windows\c ookies\franc@atwola[1].txt
00356048 Application/PassRock HackTools No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\winimage\ras.exe
01048301 Generic Malware Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\insidepro\saminside.exe
01666221 Application/PassRock HackTools No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\winimage\rockxp.exe
01674996 Application/Psexec.A HackTools No 0 Yes No c:\combofix\psexec.cfexe
02895977 HackTool/AsteriskView HackTools No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\passware\ariskkey.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\pm8\pqlaunch.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\insidepro\passwordspro.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\passware\efskey.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\jv16\jv16pt.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\spybotsd\borlndmm.dll
03074964 Trj/CI.A Virus/Trojan No 0 No No c:\users\franc\downloads\soft recovery pass\archpr.zip[setup.exe][archpr.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\program files\delpsguard\dpsg.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\franc\documents\bios defender\imagen\00 material didáctico de romina\mecanografia.zip[mecanografiax2.exe]
03205018 Generic Trojan Virus/Trojan No 0 Yes No c:\program files\delpsguard\ied.exe
03360493 Trj/Lineage.BZE Virus/Trojan No 1 Yes No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\i386\s ystem32\shutdwnrpc.exe
03587590 Adware/Yassist Adware No 0 No No c:\users\franc\downloads\divxbundle.exe[²çç\y_toolbar.exe][²èç]
03912084 Generic Trojan Virus/Trojan No 0 No No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\i386\s ystem32\shutdwnrpc.exe[shutpc.exe]
04277223 Generic Trojan Virus/Trojan No 0 No No c:\users\franc\downloads\poweriso.v3.9\adobe.photo shop.cs.con.image.ready.cs.v8.01.part1.rar[poweriso.v3.9.rar][poweriso.v3.9\keygen\keygen.exe]
04277223 Generic Trojan Virus/Trojan No 0 No No c:\users\franc\downloads\poweriso.v3.9\poweriso.v3 .9.rar[poweriso.v3.9\keygen\keygen.exe]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No c:\combofix\nircmdc.cfexe
No c:\program files\virussecurelab\virus effect remover\uninstall.exe
No c:\users\franc\documents\bios defender\cd.exe
No c:\users\franc\documents\bios defender\información anterior\seguridad informática empresarial\cd.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\pebuilder 313.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\i386\s ystem32\wscui.cpl
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\7zfm\7zfm.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\7zfm\iexpress.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\clam\app\clamwin\bin\freshclam.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\clam\app\clamwin\bin\sigtool.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\passware\ariskkey.exe
No c:\users\franc\documents\bios defender\proveedores\kaspersky\utilerías\xp\progra ms\pm8\partinnt.exe
No c:\users\franc\documents\bios defender\utilerias\msnfix.zip[msnfix/incl/hostsclean.exe]
No c:\users\franc\documents\bios defender\utilerias\scan_malware_tool_2.0.rar[scan_malware_tool_2.0\scan_malware_tool_2.0\cifra_ malware.exe]
No c:\users\franc\documents\bios defender\utilerias\scan_malware_tool_2.0.rar[scan_malware_tool_2.0\scan_malware_tool_2.0\scan_m alware.exe]
No c:\users\franc\downloads\delfeo radio tv player by_digital de gratisprogramas.org\setup1.0.4.exe
No c:\users\franc\downloads\delfeo radio tv player by_digital de gratisprogramas.org.rar[setup1.0.4.exe]
No c:\users\franc\downloads\delpsguard.zip[delpsguard.exe]
No c:\users\franc\downloads\msnfix\msnfix\incl\hostsc lean.exe
No c:\users\franc\downloads\soft recovery pass\aimpr\setup.exe
No c:\users\franc\downloads\soft recovery pass\aimpr.zip[setup.exe]
No c:\users\franc\downloads\soft recovery pass\archpr.zip[setup.exe]
No c:\users\franc\downloads\virus_effect_remover2.4.e xe
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
************************************************** **************
================================================== =======
************************************************** **************
REPORTE DE HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:06:24 p.m., on 20/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.0.16:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Agregar al componente Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: [&Verificar URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) -
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9c065ffa40920) (gupdate1c9c065ffa40920) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11006 bytes