Revision de log

[jmgm]

Hola, tengo algunas entradas sospechosas en el registro y el navegador "internet explorer" ha empezado a ir mal(se bloquea y me redirecciona a p´´aginas de publicidad), podr´´iais por favor eccharle un vistazo y aconsejarme sobre qu´´e entradas eliminar (tiene pinta de haber alg´´un virus)

Muchas gracias.







Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:50:17, on 24/02/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal



Running processes:

D:\Windows\System32\smss.exe

D:\Windows\system32\csrss.exe

D:\Windows\system32\wininit.exe

D:\Windows\system32\csrss.exe

D:\Windows\system32\services.exe

D:\Windows\system32\lsass.exe

D:\Windows\system32\lsm.exe

D:\Windows\system32\svchost.exe

D:\Windows\system32\nvvsvc.exe

D:\Windows\system32\svchost.exe

D:\Windows\System32\svchost.exe

D:\Windows\System32\svchost.exe

D:\Windows\system32\winlogon.exe

D:\Windows\System32\svchost.exe

D:\Windows\system32\svchost.exe

D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe

D:\Windows\system32\svchost.exe

D:\Windows\system32\SLsvc.exe

D:\Windows\system32\svchost.exe

D:\Windows\system32\nvvsvc.exe

D:\Windows\system32\svchost.exe

D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

D:\Windows\System32\spoolsv.exe

D:\Windows\system32\svchost.exe

D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe

D:\Windows\system32\svchost.exe

D:\Windows\system32\svchost.exe

D:\Program Files\Common Files\LightScribe\LSSrvc.exe

D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

D:\Windows\System32\svchost.exe

D:\Program Files\CDBurnerXP\NMSAccessU.exe

D:\Windows\System32\svchost.exe

D:\Windows\system32\svchost.exe

D:\Windows\system32\svchost.exe

D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

D:\Windows\system32\SearchIndexer.exe

D:\Windows\system32\wbem\unsecapp.exe

D:\Windows\system32\wbem\wmiprvse.exe

D:\Windows\system32\WUDFHost.exe

D:\Windows\system32\taskeng.exe

D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\Windows\system32\taskeng.exe

D:\Windows\system32\Dwm.exe

D:\Windows\Explorer.EXE

D:\Users\Claire\AppData\Roaming\dwm.exe

D:\Users\Claire\AppData\Roaming\Microsoft\conhost.exe

D:\Program Files\Windows Media Player\wmpnscfg.exe

D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

D:\Program Files\Windows Defender\MSASCui.exe

D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

D:\Program Files\IDT\WDM\sttray.exe

D:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Windows\ehome\ehtray.exe

D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

D:\Windows\ehome\ehmsas.exe

D:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

D:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

D:\Windows\system32\wuauclt.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Windows\servicing\TrustedInstaller.exe

D:\Program Files\Synaptics\SynTP\SynTPHelper.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNSPVVMB\setup_av_free_eng[1].exe

D:\Users\Claire\AppData\Local\Temp\_av_sfx.tm~a03016\avast.setup

D:\Windows\System32\svchost.exe

D:\Windows\system32\msiexec.exe

D:\Windows\system32\taskeng.exe

D:\Program Files\AVAST Software\Avast\AvastSvc.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Windows\system32\wbem\wmiprvse.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:62828

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=D:\Users\Claire\AppData\Local\Temp\csrss.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpWirelessAssistant] D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [conhost] D:\Users\Claire\AppData\Roaming\Microsoft\conhost.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "D:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ehTray.exe] D:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: SmarThru4 Capture Selection - D:\Program Files\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - D:\Program Files\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - D:\Program Files\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - D:\Program Files\SmarThru 4\WebCapture.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - D:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {74BDA0D0-1AD9-45C7-BDC6-7A1879CCBF06} (ZorapCtrl Class) - http://www.zorap.com/zorap_2_1_7_8.cab

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www2.agenciatributaria.gob.es/ES13/h/CACTIVEX.CAB

O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://www.cnig.es:8081/ecwplugins/NCS.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF198EAC-FFFA-4F41-A61E-A5CCF4595554}: NameServer = 80.58.61.250,80.58.61.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe

O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe

O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD File Management Engine (WDFME) - Unknown owner - D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe



--

End of file - 15471 bytes

[msc hotline sat]

Aparte de que no damos soporte a sistemas con VISTA, el log es lo ultimo que se debe postear !!!



https://foros.zonavirus.com/viewtopic.php?f=13&t=5148



Siga lo indicado y si el ELISTARA le detecta algun sospechoso, proceda segun se indica.



saludos



ms, 24-2-2011