Revision de Log de una PC por HijackThis (SOLUCIONADO)

frankbeer · Mensaje por **frankbeer** » 21 Jul 2010, 21:05

Aqui le dejo el log para que cualquier experto lo pueda revisar ya que inesperadamente el cursor de mouse se mueve y habilita ventanas a lo loco gracias :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:30:23 p.m., on 21/07/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\FourJs\cliwtk\bin\wtk.exe

C:\Archivos de programa\UltraVNC\winvnc.exe

C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Documents and Settings\Administrador.CARS\Mis documentos\Descargas\HijackThis.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.googe.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [DrvLsnr] C:\Archivos de programa\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [conime.exe] conime.exe

O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"

O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Four J's Windows Front End Server ( 3.20.1a ).lnk = C:\Archivos de programa\FourJs\cliwtk\bin\wtk.exe

O4 - Global Startup: UltraVNC Server.lnk = C:\Archivos de programa\UltraVNC\winvnc.exe

O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estadísticas del componente Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.cars.com.ve

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cars.com.ve

O17 - HKLM\System\CCS\Services\Tcpip\..\{6906F00F-2D6B-4D11-A172-44A95EED3E4A}: NameServer = 200.1.1.1,200.47.79.133,200.47.79.134

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cars.com.ve

O17 - HKLM\System\CS1\Services\Tcpip\..\{6906F00F-2D6B-4D11-A172-44A95EED3E4A}: NameServer = 200.1.1.1,200.47.79.133,200.47.79.134

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cars.com.ve

O17 - HKLM\System\CS2\Services\Tcpip\..\{6906F00F-2D6B-4D11-A172-44A95EED3E4A}: NameServer = 200.1.1.1,200.47.79.133,200.47.79.134

O20 - AppInit_DLLs: NVDESK32.DLL,C:\ARCHIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\ARCHIV~1\KASPER~1\KASPER~1.0FO\kloehk.dll

O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OracleClientCache80 - Unknown owner - C:\oracle\forms6I\BIN\ONRSD80.EXE

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--

End of file - 7645 bytes

Mensaje por **msc hotline sat** » 21 Jul 2010, 21:27

Lo que vemos muy mal es que aun está usando el IE6, cuando Microsoft ya no lo actualiza y lo considera obsoleto.

Lance un windowsupdate e instale el IE8 !

Y esta clave es sospechosa:

O4 - HKLM\..\Run: [conime.exe] conime.exe

envienos el fichero que lanza para analizar:

CONIME.EXE

aunque dicho fichero existe en el sistema operativo, pero por el nombre no se sabe su contenido y su lanzamiento es sospechoso:

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Tras recibirlos, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos

Y si su mouse es inalambrico, haga la prueba de cambiarlo por uno de cable, a veces hay interferencias de otros ordenadores con similares mouses...

saludos

ms, 21-7-2010

NOTA:

y otra vez recuerde: https://foros.zonavirus.com/viewtopic.php?f=13&t=29543

frankbeer · Mensaje por **frankbeer** » 25 Jul 2010, 03:54

ok gracias amigo en cuanto pueda les paso el conime.exe a ver si es sospechoso y actualizo el IE por cierto aqui agrego otro log pero esta vez creado por Sproces sobre mi pc a ver si esta bien la ultima vez que le pase el Sproces fue hace 2 meses :

(25-7-2010 01:45:55 GMT)

SProces v4.7 (c)2010 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Ultimate (v6.1.7600)

Internet Explorer: (v8.0.7600.16385) 0

Nombre Equipo:

Nombre Usuario:

Procesos Activos:

C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\PCSUITE.EXE

C:\PROGRAM FILES (X86)\MEDIA KEY\MAGICKEY.EXE

C:\PROGRAM FILES (X86)\MEDIA KEY\OSD.EXE

C:\PROGRAM FILES (X86)\CYBERLINK\POWERDVD9\PDVD9SERV.EXE

C:\PROGRAM FILES (X86)\CYBERLINK\SHARED FILES\BRS.EXE

C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 FOR WINDOWS WORKSTATIONS MP4\AVP.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES (X86)\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLMSBTSRV.EXE

C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE

C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES (X86)\WINDOWS LIVE\CONTACTS\WLCOMM.EXE

C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE

D:\DESCARGAS\SPROCES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ve/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local (0)

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=explorer.exe

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 217.112.88.118 pes6gate-ec.winning-eleven.net

O1 - Hosts: 210.249.144.166 we9stun.winning-eleven.net

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Media Key.lnk = C:\Program Files (x86)\Media Key\MagicKey.exe

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Estadísticas del componente Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\NLAAPI.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\NAPINSP.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\PNRPNSP.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\PNRPNSP.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\WSHBTH.DLL

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\BONJOUR\MDNSNSP.DLL

O13 - Gopher Prefix: NULL2

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/es-xl/wlscctrl2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{01D2446D-9962-4B5E-95AB-2446B4A6EA10}: NameServer = 200.44.32.12,200.44.32.13

O18 - Protocol hijack: about - (no CLSID) - (no file)

O18 - Protocol hijack: dvd - (no CLSID) - (no file)

O18 - Protocol hijack: its - (no CLSID) - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol hijack: mhtml - (no CLSID) - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)

O18 - Protocol hijack: ms-its - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol hijack: tv - (no CLSID) - (no file)

O18 - Protocol hijack: vbscript - (no CLSID) - (no file)

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

Información Adicional:

----------------------

ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Groove GFS Stub Execution Hook - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Clave "HKLM\...\Image File Execution Options\IEInstal.exe"

"Debugger"="NULL1"

Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe (file missing)

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LogMeIn Kernel Information Provider (LMIInfo) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

O23 - Service: LogMeIn Remote File System Driver (LMIRfsDriver) - LogMeIn, Inc. - C:\Windows\system32\drivers\LMIRfsDriver.sys (file missing)

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Power Control [2009/12/17 08:11:41] ({B154377D-700F-42cc-9474-23858FBDF4BD}) - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl

Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\adp94xx.sys (file missing)

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\adpahci.sys (file missing)

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\adpu320.sys (file missing)

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\DRIVERS\aliide.sys (file missing)

O23 - Service: ALSysIO - Unknown owner - C:\Users\FRANKB~1\AppData\Local\Temp\ALSysIO64.sys (file missing)

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\DRIVERS\amdsata.sys (file missing)

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\DRIVERS\amdsbs.sys (file missing)

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\arc.sys (file missing)

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\arcsas.sys (file missing)

O23 - Service: AtiDCM - Advanced Micro Devices, Inc. - C:\ATI\Support\10-6_vista64_win7_64_dd_ccc_enu\Bin64\atdcm64a.sys

O23 - Service: ATI Service for HD Audio Codec (AtiHdmiService) - ATI Technologies, Inc. - C:\WINDOWS\SYSTEM32\drivers\AtiHdmi.sys (file missing)

O23 - Service: atikmdag - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\atikmdag.sys (file missing)

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\DRIVERS\bxvbda.sys (file missing)

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys (file missing)

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\DRIVERS\BrFiltLo.sys (file missing)

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\DRIVERS\BrFiltUp.sys (file missing)

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys (file missing)

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys (file missing)

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (file missing)

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys (file missing)

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\DRIVERS\cmdide.sys (file missing)

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\DRIVERS\evbda.sys (file missing)

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\DRIVERS\elxstor.sys (file missing)

O23 - Service: FlashUSB - Danish Wireless Design A/S - C:\WINDOWS\SYSTEM32\DRIVERS\FlashUSB_x64.sys

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys (file missing)

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\DRIVERS\HpSAMD.sys (file missing)

O23 - Service: iaStorV - Intel Corporation - C:\WINDOWS\system32\DRIVERS\iaStorV.sys (file missing)

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\DRIVERS\iirsp.sys (file missing)

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys (file missing)

O23 - Service: Keyboard Filter (kbfiltr) - WayTech Development, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\KBFILTER.SYS (file missing)

O23 - Service: Kaspersky Lab KLFltDev (KLFLTDEV) - Kaspersky Lab - C:\WINDOWS\SYSTEM32\DRIVERS\klfltdev.sys (file missing)

O23 - Service: LGE Bluetooth TransPort (LgBttPort) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgbtpt64.sys (file missing)

O23 - Service: LG Bluetooth Bus Enumerator (lgbusenum) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgbtbs64.sys (file missing)

O23 - Service: LGE Virtual Modem (LGVMODEM) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgvmdm64.sys (file missing)

O23 - Service: lmimirr - LogMeIn, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lmimirr.sys (file missing)

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_fc.sys (file missing)

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_sas.sys (file missing)

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_sas2.sys (file missing)

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys (file missing)

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\DRIVERS\megasas.sys (file missing)

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\DRIVERS\MegaSR.sys (file missing)

O23 - Service: PlayOn Virtual Audio Device (msvad_simple) - MediaMall Technologies, Inc. - C:\WINDOWS\SYSTEM32\drivers\povrtdev.sys (file missing)

O23 - Service: ATK0110 ACPI UTILITY (MTsensor) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.sys (file missing)

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\DRIVERS\nfrd960.sys (file missing)

O23 - Service: Nokia USB Generic (nmwcdcx64) - Nokia - C:\WINDOWS\SYSTEM32\drivers\ccdcmbox64.sys (file missing)

O23 - Service: Nokia USB Phone Parent (nmwcdx64) - Nokia - C:\WINDOWS\SYSTEM32\drivers\ccdcmbx64.sys (file missing)

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\DRIVERS\nvraid.sys (file missing)

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\DRIVERS\nvstor.sys (file missing)

O23 - Service: PCCS Mode Change Filter Driver (pccsmcfd) - Nokia - C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfdx64.sys (file missing)

O23 - Service: PORTIO - Unknown owner - D:\Descargas\JungleFlasher v0.1.73 (108S) by manuelin\JungleFlasher v0.1.73 Beta (108)\portio64.sys (file missing)

O23 - Service: PsSdk41 - microOLAP Technologies LTD - C:\Windows\system32\Drivers\pssdk41.sys (file missing)

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql2300.sys (file missing)

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql40xx.sys (file missing)

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys (file missing)

O23 - Service: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter (RTL8187B) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\rtl8187B.sys (file missing)

O23 - Service: Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter (RTL8192su) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\RTL8192su.sys (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys (file missing)

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\DRIVERS\sisraid4.sys (file missing)

O23 - Service: Service for enabling selective suspend to NDIS device (ssndis) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\Drivers\ssndis.sys (file missing)

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\DRIVERS\stexstor.sys (file missing)

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUpUtilitiesDrv - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys

O23 - Service: upperdev - Nokia - C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltx64.sys (file missing)

O23 - Service: LGE Mobile Composite USB Device (usbbus) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgx64bus.sys (file missing)

O23 - Service: LGE Mobile USB Serial Port (UsbDiag) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgx64diag.sys (file missing)

O23 - Service: LGE Mobile USB Modem (USBModem) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgx64modem.sys (file missing)

O23 - Service: UsbserFilt - Nokia - C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltx64j.sys (file missing)

O23 - Service: VClone - Elaborate Bytes AG - C:\WINDOWS\SYSTEM32\DRIVERS\VClone.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\DRIVERS\viaide.sys (file missing)

O23 - Service: VMware Virtual Ethernet Adapter Driver (VMnetAdapter) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\vmnetadapter.sys (file missing)

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\DRIVERS\vsmraid.sys (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\WINDOWS\system32\Wat\WatAdminSvc.exe (file missing)

Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

88 Servicios.

12 de Carga Automatica.

75 de Carga Manual.

1 Deshabilitados.

Mensaje por **msc hotline sat** » 25 Jul 2010, 09:13

De entrada convendría saber que anomalía presenta, y recuerda que antes de postear logs debes seguir lo indicado en:

https://foros.zonavirus.com/viewtopic.php?f=13&t=5148

De todas formas vemos que tienes el HOSTS modificado (suponemos que voluntariamente para juegos ONLINE del PES 6) y muchas aplicaciones mal desinstaladas (solo borrados los ficheros, pero manteniendo las claves de instalación)

En windows no basta borrar el fichero principal cuando se quiere eliminar una aplicación, sino desinstalarla desde Agregar o Quitar Programas.

Mira de hacer limpieza para liberar un monton de claves del registro inútiles.

Y tras hacer lo indicado al principio, informanos del resultado y si necesitas mas ayuda, empieza por decirnos la anomalia que notas. Al médico conviene empezar diciendo donde te duele...

saludos

ms, 25-7-2010

NOTA: Y dinos si cambiando el mouse, en el ordenador que el puntero se movia solo (como indicabamos), se solucionó el problema..., gracias.

ms.

frankbeer · Mensaje por **frankbeer** » 01 Ago 2010, 16:20

Exacto tengo HOSTS modificado para pes 6 jugarlo online y con respecto al problema que presentaba con mouse si despues de un buen mantenimiento he sustituido el mouse y problema resuelto gracias y con el 2do log pues no me quedo claro borrar los ficheros, pero manteniendo las claves de instalación por los programas mal desisntalado de igual forma voy a tomar otro log a ver si me lo puedes indicar amigo por cierto no presento nigun problema pero queria que un experto revisara el log gracias

(1-8-2010 14:19:09 GMT)

SProces v4.7 (c)2010 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Ultimate (v6.1.7600)

Internet Explorer: (v8.0.7600.16385) 0

Nombre Equipo:

Nombre Usuario:

Procesos Activos:

C:\PROGRAM FILES (X86)\MEDIA KEY\MAGICKEY.EXE

C:\PROGRAM FILES (X86)\CYBERLINK\POWERDVD9\PDVD9SERV.EXE

C:\PROGRAM FILES (X86)\CYBERLINK\SHARED FILES\BRS.EXE

C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0 FOR WINDOWS WORKSTATIONS MP4\AVP.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRAM FILES (X86)\MEDIA KEY\OSD.EXE

C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JAVAW.EXE

C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE

D:\DESCARGAS\SPROCES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local (0)

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=explorer.exe

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 217.112.88.118 pes6gate-ec.winning-eleven.net

O1 - Hosts: 210.249.144.166 we9stun.winning-eleven.net

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Media Key.lnk = C:\Program Files (x86)\Media Key\MagicKey.exe

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Estadísticas del componente Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\NLAAPI.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\NAPINSP.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\PNRPNSP.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\PNRPNSP.DLL

O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\WSHBTH.DLL

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\BONJOUR\MDNSNSP.DLL

O13 - Gopher Prefix: NULL2

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/es-xl/wlscctrl2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{01D2446D-9962-4B5E-95AB-2446B4A6EA10}: NameServer = 200.44.32.12,200.44.32.13

O18 - Protocol hijack: about - (no CLSID) - (no file)

O18 - Protocol hijack: dvd - (no CLSID) - (no file)

O18 - Protocol hijack: its - (no CLSID) - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol hijack: mhtml - (no CLSID) - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)

O18 - Protocol hijack: ms-its - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol hijack: tv - (no CLSID) - (no file)

O18 - Protocol hijack: vbscript - (no CLSID) - (no file)

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

Información Adicional:

----------------------

ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Groove GFS Stub Execution Hook - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Clave "HKLM\...\Image File Execution Options\IEInstal.exe"

"Debugger"="NULL1"

Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe (file missing)

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LogMeIn Kernel Information Provider (LMIInfo) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

O23 - Service: LogMeIn Remote File System Driver (LMIRfsDriver) - LogMeIn, Inc. - C:\Windows\system32\drivers\LMIRfsDriver.sys (file missing)

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Power Control [2009/12/17 08:11:41] ({B154377D-700F-42cc-9474-23858FBDF4BD}) - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl

Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\adp94xx.sys (file missing)

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\adpahci.sys (file missing)

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\adpu320.sys (file missing)

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\DRIVERS\aliide.sys (file missing)

O23 - Service: ALSysIO - Unknown owner - C:\Users\FRANKB~1\AppData\Local\Temp\ALSysIO64.sys (file missing)

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\DRIVERS\amdsata.sys (file missing)

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\DRIVERS\amdsbs.sys (file missing)

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\arc.sys (file missing)

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\arcsas.sys (file missing)

O23 - Service: AtiDCM - Advanced Micro Devices, Inc. - C:\ATI\Support\10-6_vista64_win7_64_dd_ccc_enu\Bin64\atdcm64a.sys

O23 - Service: ATI Service for HD Audio Codec (AtiHdmiService) - ATI Technologies, Inc. - C:\WINDOWS\SYSTEM32\drivers\AtiHdmi.sys (file missing)

O23 - Service: atikmdag - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\atikmdag.sys (file missing)

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\DRIVERS\bxvbda.sys (file missing)

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys (file missing)

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\DRIVERS\BrFiltLo.sys (file missing)

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\DRIVERS\BrFiltUp.sys (file missing)

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys (file missing)

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys (file missing)

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (file missing)

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys (file missing)

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\DRIVERS\cmdide.sys (file missing)

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\DRIVERS\evbda.sys (file missing)

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\DRIVERS\elxstor.sys (file missing)

O23 - Service: FlashUSB - Danish Wireless Design A/S - C:\WINDOWS\SYSTEM32\DRIVERS\FlashUSB_x64.sys

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys (file missing)

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\DRIVERS\HpSAMD.sys (file missing)

O23 - Service: iaStorV - Intel Corporation - C:\WINDOWS\system32\DRIVERS\iaStorV.sys (file missing)

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\DRIVERS\iirsp.sys (file missing)

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys (file missing)

O23 - Service: Keyboard Filter (kbfiltr) - WayTech Development, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\KBFILTER.SYS (file missing)

O23 - Service: Kaspersky Lab KLFltDev (KLFLTDEV) - Kaspersky Lab - C:\WINDOWS\SYSTEM32\DRIVERS\klfltdev.sys (file missing)

O23 - Service: LGE Bluetooth TransPort (LgBttPort) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgbtpt64.sys (file missing)

O23 - Service: LG Bluetooth Bus Enumerator (lgbusenum) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgbtbs64.sys (file missing)

O23 - Service: LGE Virtual Modem (LGVMODEM) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgvmdm64.sys (file missing)

O23 - Service: lmimirr - LogMeIn, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lmimirr.sys (file missing)

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_fc.sys (file missing)

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_sas.sys (file missing)

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_sas2.sys (file missing)

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys (file missing)

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\DRIVERS\megasas.sys (file missing)

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\DRIVERS\MegaSR.sys (file missing)

O23 - Service: PlayOn Virtual Audio Device (msvad_simple) - MediaMall Technologies, Inc. - C:\WINDOWS\SYSTEM32\drivers\povrtdev.sys (file missing)

O23 - Service: ATK0110 ACPI UTILITY (MTsensor) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.sys (file missing)

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\DRIVERS\nfrd960.sys (file missing)

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\DRIVERS\nvraid.sys (file missing)

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\DRIVERS\nvstor.sys (file missing)

O23 - Service: PCCS Mode Change Filter Driver (pccsmcfd) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfdx64.sys (file missing)

O23 - Service: PORTIO - Unknown owner - D:\Descargas\JungleFlasher v0.1.73 (108S) by manuelin\JungleFlasher v0.1.73 Beta (108)\portio64.sys (file missing)

O23 - Service: PsSdk41 - microOLAP Technologies LTD - C:\Windows\system32\Drivers\pssdk41.sys (file missing)

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql2300.sys (file missing)

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql40xx.sys (file missing)

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys (file missing)

O23 - Service: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter (RTL8187B) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\rtl8187B.sys (file missing)

O23 - Service: Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter (RTL8192su) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\RTL8192su.sys (file missing)

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys (file missing)

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\DRIVERS\sisraid4.sys (file missing)

O23 - Service: Service for enabling selective suspend to NDIS device (ssndis) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\Drivers\ssndis.sys (file missing)

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\DRIVERS\stexstor.sys (file missing)

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUpUtilitiesDrv - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys

O23 - Service: upperdev - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\usbser_lowerfltx64.sys (file missing)

O23 - Service: LGE Mobile Composite USB Device (usbbus) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgx64bus.sys (file missing)

O23 - Service: LGE Mobile USB Serial Port (UsbDiag) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgx64diag.sys (file missing)

O23 - Service: LGE Mobile USB Modem (USBModem) - LG Electronics Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\lgx64modem.sys (file missing)

O23 - Service: VClone - Elaborate Bytes AG - C:\WINDOWS\SYSTEM32\DRIVERS\VClone.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\DRIVERS\viaide.sys (file missing)

O23 - Service: VMware Virtual Ethernet Adapter Driver (VMnetAdapter) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\vmnetadapter.sys (file missing)

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\DRIVERS\vsmraid.sys (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\WINDOWS\system32\Wat\WatAdminSvc.exe (file missing)

Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

84 Servicios.

12 de Carga Automatica.

71 de Carga Manual.

1 Deshabilitados.

Mensaje por **msc hotline sat** » 01 Ago 2010, 19:41

Pues solo cabe indicar que este plugin de java a veces puede ser peligroso:

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

segun http://www.prevx.com/filenames/X902184742126341970-X1/JP2SSV.DLL.html

pero si ya ~~[b]~~el problema principal del Tema (el del mouse) ha quedado resuelto[/b], y dado que confirma que el HOST lo tiene modificado voluntariamenta para el PES, damos por solucionado el Tema y procedemos a cerrarlo

Si nos necesita de nuevo, ya sabe donde estamos

saludos

ms, 1-8-2010

Revision de Log de una PC por HijackThis (SOLUCIONADO)

Revision de Log de una PC por HijackThis (SOLUCIONADO)

Re: Revision de Log de una PC por HijackThis

Re: Revision de Log de una PC por HijackThis

Re: Revision de Log de una PC por HijackThis

Re: Revision de Log de una PC por HijackThis

Re: Revision de Log de una PC por HijackThis