Hola a todos tengo un problema con un icono de un triangulo rojo en mi barra de tareas que dice "System Alert" system detected virus activities. These may impact the perfomance of you computer. Please, use recomended antispyware software to protect your system from parasite programs.
Por favor si me pueden ayudar se los agradecería mucho, ya intente elistra y muchos antispyware y no he sido capas de eliminarlo.
Gracias..
Problema con System Alert en mi barra de tareas - SOLUCIONADO
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
De entrada pruebe el ELISTARA:
saludos
ms, 25-06-2007
ELISTARA: http://www.zonavirus.com/descargas/elistara.asp
ELINOTIF.DLL: http://www.zonavirus.com/descargas/elinotif.asp
Descargar los dos en una misma carpeta y probar el ELISTARA, tras lo cual reiniciar para terminar la eliminación y luego postearnos el contenido de C:\infosat.txt para ver el resultado del proceso
saludos
ms, 25-06-2007
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
Muchas gracias por su colaboracion, pero el problema persiste, a continuacion envio el resultado del ELISTARA,
Mon Jun 25 10:46:03 2007
EliStartPage v14.26 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
LOS ARCHIVOS ELIMINADOS VOLVIERON AL REINICIAR MI EQUIPO.
MUCHAS GRACIAS POR SU COLABORACIÓN.
Mon Jun 25 10:46:03 2007
EliStartPage v14.26 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Código: Seleccionar todo
Lista de Acciones (por Acción Directa):
C:\Documents and Settings\Jairo\Desktop\Error Cleaner.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\Jairo\Desktop\Privacy Protector.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\Jairo\Desktop\Spyware&Malware Protection.url --> Eliminado (Fichero Complementario).
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (D)
OPEN=setupSNK.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Mon Jun 25 10:46:27 2007
EliStartPage v14.26 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\MUCHAS GRACIAS POR SU COLABORACIÓN.
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Entonces es una variante aun no controlada.
pruebe el SPROCES y posteanos el contenido del C:\SPROCLOG.TXT
saludos
ms, 25-06-2007
pruebe el SPROCES y posteanos el contenido del C:\SPROCLOG.TXT
saludos
ms, 25-06-2007
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
Este es el contenido del C:\SPROCLOG.TXT de nuevo muhcas gracias...
Mon Jun 25 11:30:26 2007
SProces v2.8 (c)2007 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2
Internet Explorer: (v7.0.5730.11) 0
Procesos Activos:
Gracias!!!
Mon Jun 25 11:30:26 2007
SProces v2.8 (c)2007 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2
Internet Explorer: (v7.0.5730.11) 0
Procesos Activos:
Código: Seleccionar todo
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
C:\PROGRAM FILES\SONIC\DIGITALMEDIA PLUS V7\MYDVD PLUS\DETECTORAPP.EXE
C:\PROGRAM FILES\HPQ\HP WIRELESS ASSISTANT\HP WIRELESS ASSISTANT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\HP\QUICKPLAY\QPSERVICE.EXE
C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE
C:\PROGRAM FILES\JAVA\JRE1.6.0_01\BIN\JUSCHED.EXE
C:\WINDOWS\VSNPSTD2.EXE
C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.2\APPS\APDPROXY.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVAPSVC.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SECURITY CONSOLE\NSCSRVCE.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\SONIC\DIGITALMEDIA PLUS V7\MYDVD PLUS\USBDEVICESERVICE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXINGSERVICE.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\USNSVC.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\DOCUMENTS AND SETTINGS\JAIRO\DESKTOP\SPROCES.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKLM\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] "C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - Startup: desktop.ini
O4 - Global Startup: Bluetooth.lnk
O4 - Global Startup: desktop.ini
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jairovillota.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: IGFXCUI - IGFXDEV.DLL
O20 - Winlogon Notify: WGALOGON - WGALOGON.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vpssup - {4046C8FA-3380-41BA-9DB3-350E4622F518} - C:\WINDOWS\vpssup.dll
O21 - SSODL: expro - {A6814172-36F8-4B51-8ED5-63F6D8B37E51} - C:\WINDOWS\expro.dll
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll
Información Adicional:
----------------------
ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - AVG Anti-Spyware 7.5 - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
Listado de Servicios (Carga Automatica):
----------------------------------------
O23 - Service: AMON - Eset - C:\WINDOWS\system32\drivers\amon.sys
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mdmxsdk - Conexant - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PfModNT - Creative Technology Ltd. - C:\WINDOWS\system32\drivers\PfModNT.sys
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: symlcbrd - Symantec Corporation - C:\WINDOWS\system32\drivers\symlcbrd.sys
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
Listado de Servicios (Carga Manual):
------------------------------------
O23 - Service: Bluetooth Audio Device (btaudio) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\drivers\btaudio.sys
O23 - Service: Bluetooth Virtual Communications Driver (BTDriver) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys
O23 - Service: Bluetooth Bus Enumerator (BTKRNL) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys
O23 - Service: Bluetooth LAN Access Server (BTWDNDIS) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys
O23 - Service: WIDCOMM USB Bluetooth Driver (BTWUSB) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\Drivers\btwusb.sys
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel(R) PRO Network Connection Driver (E100B) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys
O23 - Service: eabusb - Hewlett-Packard Development Company, L.P. - C:\WINDOWS\system32\drivers\eabusb.sys
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft UAA Function Driver for High Definition Audio Service (HdAudAddService) - Conexant Systems Inc. - C:\WINDOWS\SYSTEM32\drivers\CHDAud.sys
O23 - Service: Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - Windows (R) Server 2003 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\HDAudBus.sys
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: HSFHWAZL - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWAZL.sys
O23 - Service: HSF_DPV - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys
O23 - Service: ialm - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Filter Driver (IKFileFlt) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\ikfileflt.sys
O23 - Service: File Security Driver (IKFileSec) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\ikfilesec.sys
O23 - Service: System Filter Driver (IkSysFlt) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\iksysflt.sys
O23 - Service: System Security Driver (IKSysSec) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\iksyssec.sys
O23 - Service: Sony Ericsson 750 driver (WDM) (k750bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys
O23 - Service: Sony Ericsson 750 USB WMC Modem Filter (k750mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750mdfl.sys
O23 - Service: Sony Ericsson 750 USB WMC Modem Drivers (k750mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750mdm.sys
O23 - Service: Sony Ericsson 750 USB WMC Device Management Drivers (k750mgmt) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750mgmt.sys
O23 - Service: Sony Ericsson 750 USB WMC OBEX Interface Drivers (k750obex) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750obex.sys
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: HP Webcam 1000 (Mvc25U870_VID_1262&PID_25FD) - Micro Vision Co.,Ltd - C:\WINDOWS\SYSTEM32\Drivers\Mvc25U870.sys
O23 - Service: NAVENG - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060728.018\NAVENG.Sys
O23 - Service: NAVEX15 - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060728.018\NavEx15.Sys
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Direct Parallel Link Driver (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys
O23 - Service: rimmptsk - REDC - C:\WINDOWS\SYSTEM32\DRIVERS\rimmptsk.sys
O23 - Service: rimsptsk - REDC - C:\WINDOWS\SYSTEM32\DRIVERS\rimsptsk.sys
O23 - Service: Ricoh xD-Picture Card Driver (rismxdp) - REDC - C:\WINDOWS\SYSTEM32\DRIVERS\rixdptsk.sys
O23 - Service: SAVRT - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secdrv - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
O23 - Service: SMC IrCC Miniport Device Driver (SMCIRDA) - SMC - C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys
O23 - Service: Trust WB-3400T Webcam (snpstd2) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\snpstd2.sys
O23 - Service: ST330 - THOMSON Telecom Belgium - C:\WINDOWS\SYSTEM32\drivers\st330.sys
O23 - Service: STBUS - THOMSON Telecom Belgium - C:\WINDOWS\SYSTEM32\drivers\stbus.sys
O23 - Service: SpeedTouch Ethernet Adapter NT Driver (STETH) - THOMSON Telecom Belgium - C:\WINDOWS\SYSTEM32\DRIVERS\steth.sys
O23 - Service: SYMDNS - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
O23 - Service: SymEvent - Symantec Corporation - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
O23 - Service: SYMFW - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMFW.SYS
O23 - Service: SYMIDS - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
O23 - Service: SYMIDSCO - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070612.005\symidsco.sys
O23 - Service: SYMNDIS - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
O23 - Service: SYMREDRV - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)
O23 - Service: Sony Ericsson W300 Driver driver (WDM) (w300bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w300bus.sys
O23 - Service: Sony Ericsson W300 USB WMC Modem Filter (w300mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w300mdfl.sys
O23 - Service: Sony Ericsson W300 USB WMC Modem Driver (w300mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w300mdm.sys
O23 - Service: Intel(R) PRO/Wireless 3945ABG Adapter Driver (w39n51) - Intel® Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\w39n51.sys
O23 - Service: winachsf - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
Listado de Servicios (Deshabilitados):
--------------------------------------
O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys
O23 - Service: dmio - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmio.sys
O23 - Service: dmload - Microsoft Corp., Veritas Software. - C:\WINDOWS\SYSTEM32\drivers\dmload.sys
85 Servicios.
22 de Carga Automatica.
60 de Carga Manual.
3 Deshabilitados.-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
me parece que ya controlamos con la nueva versión 14.27 que acabo de subir a esta web, algún troyano que aparece en el log que nos has enviado.
Mira de descargarte la nueva versión del ELISTARA ya disponible, la pruebas, y nos posteas el contenido de c:\infosat.txt , espero que alguno como estos:
C:\WINDOWS\vpssup.dll
C:\WINDOWS\expro.dll
ya los controle y elimine, y puede que otros...
Tras ello, si persiste algun problema, vuelve a probar el SPROCES y nos posteas el SPROCLOG, que habrá cambiado
nota: Ahora habríamos pedido para analizar:
saludos
ms, 25-06-2007
Mira de descargarte la nueva versión del ELISTARA ya disponible, la pruebas, y nos posteas el contenido de c:\infosat.txt , espero que alguno como estos:
C:\WINDOWS\vpssup.dll
C:\WINDOWS\expro.dll
ya los controle y elimine, y puede que otros...
Tras ello, si persiste algun problema, vuelve a probar el SPROCES y nos posteas el SPROCLOG, que habrá cambiado
nota: Ahora habríamos pedido para analizar:
pero a la vista que tienes bichos que o son variantes de los del mismo nombre de hoy, o son los mismos, prefiero eliminar lo ya conocido, pero si quieres enviarnos los demas que no controle, hazlo:-> Para ello recordar: viewtopic.php?f=2&t=45334Pues envianos estos ficheros para analizar:
C:\PROGRAM FILES\SONIC\DIGITALMEDIA PLUS V7\MYDVD PLUS\DETECTORAPP.EXE
C:\WINDOWS\vpsnetwork.dll <-------- elistara 14.27
C:\WINDOWS\system32\upnpui.dll
C:\WINDOWS\vpssup.dll <-------- elistara 14.27
C:\WINDOWS\expro.dll <-------- elistara 14.27
C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys
C:\WINDOWS\SYSTEM32\DRIVERS\snpstd2.sys
saludos
ms, 25-06-2007
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
Todvia sigue ahi el problemita, envio el resultado del ELISTARA y sproces los ficheros que me pidieron los voy a empezar a enviar, y lo del anivirus voy a desnstalare l norton.
MUCHAS GRACIAS!!!!
Mon Jun 25 12:05:51 2007
EliStartPage v14.27 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
SPROCES
Mon Jun 25 12:32:59 2007
SProces v2.8 (c)2007 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2
Internet Explorer: (v7.0.5730.11) 0
GRACIAS!!!.
MUCHAS GRACIAS!!!!
Mon Jun 25 12:05:51 2007
EliStartPage v14.27 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Código: Seleccionar todo
Lista de Acciones (por Acción Directa):
C:\Documents and Settings\Jairo\Desktop\Error Cleaner.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\Jairo\Desktop\Privacy Protector.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\Jairo\Desktop\Spyware&Malware Protection.url --> Eliminado (Fichero Complementario).
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (D)
OPEN=setupSNK.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Mon Jun 25 12:06:26 2007
EliStartPage v14.27 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\SPROCES
Mon Jun 25 12:32:59 2007
SProces v2.8 (c)2007 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2
Internet Explorer: (v7.0.5730.11) 0
Código: Seleccionar todo
Procesos Activos:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
C:\PROGRAM FILES\SONIC\DIGITALMEDIA PLUS V7\MYDVD PLUS\DETECTORAPP.EXE
C:\PROGRAM FILES\HPQ\HP WIRELESS ASSISTANT\HP WIRELESS ASSISTANT.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\HP\QUICKPLAY\QPSERVICE.EXE
C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE
C:\PROGRAM FILES\JAVA\JRE1.6.0_01\BIN\JUSCHED.EXE
C:\WINDOWS\VSNPSTD2.EXE
C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.2\APPS\APDPROXY.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\CAPABILITYMANAGER.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\NAVAPSVC.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SECURITY CONSOLE\NSCSRVCE.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\SONIC\DIGITALMEDIA PLUS V7\MYDVD PLUS\USBDEVICESERVICE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXINGSERVICE.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\DOCUMENTS AND SETTINGS\JAIRO\DESKTOP\SPROCES.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - C:\WINDOWS\vpsnetwork.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKLM\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] "C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - Startup: desktop.ini
O4 - Global Startup: Bluetooth.lnk
O4 - Global Startup: desktop.ini
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jairovillota.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: IGFXCUI - IGFXDEV.DLL
O20 - Winlogon Notify: WGALOGON - WGALOGON.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vpssup - {B33AE219-F15F-433C-9901-D3E3EB8043C2} - C:\WINDOWS\vpssup.dll
O21 - SSODL: expro - {8BC84255-84CC-47CB-AA6F-8945467899EE} - C:\WINDOWS\expro.dll
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll
Información Adicional:
----------------------
ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - AVG Anti-Spyware 7.5 - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
Listado de Servicios (Carga Automatica):
----------------------------------------
O23 - Service: AMON - Eset - C:\WINDOWS\system32\drivers\amon.sys
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mdmxsdk - Conexant - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PfModNT - Creative Technology Ltd. - C:\WINDOWS\system32\drivers\PfModNT.sys
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: symlcbrd - Symantec Corporation - C:\WINDOWS\system32\drivers\symlcbrd.sys
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
Listado de Servicios (Carga Manual):
------------------------------------
O23 - Service: Bluetooth Audio Device (btaudio) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\drivers\btaudio.sys
O23 - Service: Bluetooth Virtual Communications Driver (BTDriver) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys
O23 - Service: Bluetooth Bus Enumerator (BTKRNL) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys
O23 - Service: Bluetooth LAN Access Server (BTWDNDIS) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys
O23 - Service: WIDCOMM USB Bluetooth Driver (BTWUSB) - Broadcom Corporation. - C:\WINDOWS\SYSTEM32\Drivers\btwusb.sys
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel(R) PRO Network Connection Driver (E100B) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys
O23 - Service: eabusb - Hewlett-Packard Development Company, L.P. - C:\WINDOWS\system32\drivers\eabusb.sys
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft UAA Function Driver for High Definition Audio Service (HdAudAddService) - Conexant Systems Inc. - C:\WINDOWS\SYSTEM32\drivers\CHDAud.sys
O23 - Service: Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - Windows (R) Server 2003 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\HDAudBus.sys
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: HSFHWAZL - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWAZL.sys
O23 - Service: HSF_DPV - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys
O23 - Service: ialm - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Filter Driver (IKFileFlt) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\ikfileflt.sys
O23 - Service: File Security Driver (IKFileSec) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\ikfilesec.sys
O23 - Service: System Filter Driver (IkSysFlt) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\iksysflt.sys
O23 - Service: System Security Driver (IKSysSec) - PCTools Research Pty Ltd. - C:\WINDOWS\SYSTEM32\drivers\iksyssec.sys
O23 - Service: Sony Ericsson 750 driver (WDM) (k750bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys
O23 - Service: Sony Ericsson 750 USB WMC Modem Filter (k750mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750mdfl.sys
O23 - Service: Sony Ericsson 750 USB WMC Modem Drivers (k750mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750mdm.sys
O23 - Service: Sony Ericsson 750 USB WMC Device Management Drivers (k750mgmt) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750mgmt.sys
O23 - Service: Sony Ericsson 750 USB WMC OBEX Interface Drivers (k750obex) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k750obex.sys
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: HP Webcam 1000 (Mvc25U870_VID_1262&PID_25FD) - Micro Vision Co.,Ltd - C:\WINDOWS\SYSTEM32\Drivers\Mvc25U870.sys
O23 - Service: NAVENG - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060728.018\NAVENG.Sys
O23 - Service: NAVEX15 - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060728.018\NavEx15.Sys
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Direct Parallel Link Driver (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys
O23 - Service: rimmptsk - REDC - C:\WINDOWS\SYSTEM32\DRIVERS\rimmptsk.sys
O23 - Service: rimsptsk - REDC - C:\WINDOWS\SYSTEM32\DRIVERS\rimsptsk.sys
O23 - Service: Ricoh xD-Picture Card Driver (rismxdp) - REDC - C:\WINDOWS\SYSTEM32\DRIVERS\rixdptsk.sys
O23 - Service: SAVRT - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secdrv - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
O23 - Service: SMC IrCC Miniport Device Driver (SMCIRDA) - SMC - C:\WINDOWS\SYSTEM32\DRIVERS\smcirda.sys
O23 - Service: Trust WB-3400T Webcam (snpstd2) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\snpstd2.sys
O23 - Service: ST330 - THOMSON Telecom Belgium - C:\WINDOWS\SYSTEM32\drivers\st330.sys
O23 - Service: STBUS - THOMSON Telecom Belgium - C:\WINDOWS\SYSTEM32\drivers\stbus.sys
O23 - Service: SpeedTouch Ethernet Adapter NT Driver (STETH) - THOMSON Telecom Belgium - C:\WINDOWS\SYSTEM32\DRIVERS\steth.sys
O23 - Service: SYMDNS - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMDNS.SYS
O23 - Service: SymEvent - Symantec Corporation - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
O23 - Service: SYMFW - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMFW.SYS
O23 - Service: SYMIDS - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMIDS.SYS
O23 - Service: SYMIDSCO - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070612.005\symidsco.sys
O23 - Service: SYMNDIS - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
O23 - Service: SYMREDRV - Symantec Corporation - C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)
O23 - Service: Sony Ericsson W300 Driver driver (WDM) (w300bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w300bus.sys
O23 - Service: Sony Ericsson W300 USB WMC Modem Filter (w300mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w300mdfl.sys
O23 - Service: Sony Ericsson W300 USB WMC Modem Driver (w300mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w300mdm.sys
O23 - Service: Intel(R) PRO/Wireless 3945ABG Adapter Driver (w39n51) - Intel® Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\w39n51.sys
O23 - Service: winachsf - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
Listado de Servicios (Deshabilitados):
--------------------------------------
O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys
O23 - Service: dmio - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmio.sys
O23 - Service: dmload - Microsoft Corp., Veritas Software. - C:\WINDOWS\SYSTEM32\drivers\dmload.sys
85 Servicios.
22 de Carga Automatica.
60 de Carga Manual.
3 Deshabilitados.
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Pues sin duda se trata de una variante del troyano que hoy hemos pasado a controlar con la 14.27 del ELISTARA y que utiliza los mismos nombres de ficheros:
C:\WINDOWS\vpsnetwork.dll <-------- elistara 14.27
C:\WINDOWS\vpssup.dll <-------- elistara 14.27
C:\WINDOWS\expro.dll <-------- elistara 14.27
ya que no han sido detectados y eliminados por dicha versión, así que cuando mañana entremos a trabajar en SATINFO las analizaremos e informaremos
saludos
ms, 25-06-2007
C:\WINDOWS\vpsnetwork.dll <-------- elistara 14.27
C:\WINDOWS\vpssup.dll <-------- elistara 14.27
C:\WINDOWS\expro.dll <-------- elistara 14.27
ya que no han sido detectados y eliminados por dicha versión, así que cuando mañana entremos a trabajar en SATINFO las analizaremos e informaremos
saludos
ms, 25-06-2007
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
MUCHAS GRACIAS POR SU COLORACIÓN EL PROBLEMA SE HA SOLUCIONADO, EJECUTE ELISTARA 14.27 EN MODO SEGURO Y FUNCIONO, SOLO QUEDA ALGO AL REINICIAR EL WINDOWS SOBRE UN ARCHIVO DAÑADO QUE ANEXO A CONTINUACIÓN POR SI ACASO TIENEN ALGUNA INFORMACIÓN.
MUCHAS GRACIAS DE NUEVO!!!
MUCHAS GRACIAS DE NUEVO!!!
- Adjuntos
-
- untitled4.JPG (9.86 KiB) Visto 4086 veces
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Es muy importante que nos postees el contenido de c:\infosat.txt para ver el resultado del proceso realizado por el ELISTARA, ya que igual solo las ha movido a una carpeta muestras, y puede faltar terminar de eliminar los restos y restaurar las claves, ya veremos...
Sobre el mensaje de error que indicas, mira lo que indican al respecto: https://www.processlibrary.com/es/direc ... 08/471858/
Esperamos ver el infosat, gracias
saludos
ms, 26-06-2007
Sobre el mensaje de error que indicas, mira lo que indican al respecto: https://www.processlibrary.com/es/direc ... 08/471858/
Esperamos ver el infosat, gracias
saludos
ms, 26-06-2007
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
Este es el informe de ELISTARA infosat.txt:
Mon Jun 25 14:22:55 2007
EliStartPage v14.27 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
MUCHAS GRACIAS DE NUEVO
Mon Jun 25 14:22:55 2007
EliStartPage v14.27 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Código: Seleccionar todo
Lista de Acciones (por Acción Directa):
C:\Documents and Settings\Jairo\Desktop\Error Cleaner.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\Jairo\Desktop\Privacy Protector.url --> Eliminado (Fichero Complementario).
C:\Documents and Settings\Jairo\Desktop\Spyware&Malware Protection.url --> Eliminado (Fichero Complementario).
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Detectado AUTORUN.INF en la Unidad (D)
OPEN=setupSNK.exe
Si Desconoce la Aplicación, por favor envienosla
acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.
Mon Jun 25 14:23:11 2007
EliStartPage v14.27 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Analizado el fichero resulta ser un ejecutable de red inalambrica, propio de estar en un pendrive
Toma nota, pues es de los pocos que puede haber en los pendrives, si son llaves de acceso a redes inalambricas
No hace falta enviarnos los ficheros que se conoce lo que son, como este, aceptarlos pues son logicos en elos pendrive segun sea su funcion. (y la de este debe ser llave de conexion a Red)
saludos
ms, 27-06-2007
Toma nota, pues es de los pocos que puede haber en los pendrives, si son llaves de acceso a redes inalambricas
No hace falta enviarnos los ficheros que se conoce lo que son, como este, aceptarlos pues son logicos en elos pendrive segun sea su funcion. (y la de este debe ser llave de conexion a Red)
saludos
ms, 27-06-2007
-
iguanawana
- Mensajes: 8
- Registrado: 25 Jun 2007, 17:19
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar: