Se me abren paginas de internet solas (SOLUCIONADO)

[tonileonli2]

Cuando navego en internet se me abren paginas solas de diferentes clases pero sobre todo hay una que me pone que el equipo esta infectado y que pase un Spyware que te puedes bajar en la misma pagina yo nunca lo usé.

De antivirus tengo el Tren Micro Pc Cillin internet security 2007 y el Spyware

terminator 2.1.1.314

Cuado analiso el ordenador con el Terminator me sale Affiliate tracking cookie (Cookie de seguimiento) lo borro y vuelve a salir en en siguiente analisis este es el informe



Logfile of Spyware Terminator v2.1.1.314 (db:1.0.157.922)

Scan Time: 25/03/2008 22:29:23 length: 212 s

Platform: WXP (5.1.0.2600)

User: Admin

Boot Mode: Normal

Scan type: Fast_Spyware_Scan

Scanned Objects: 9879 (Critical:0)

Filter: No System items, No Safe items, No Invalid items



Running Processes

PcCtlCom.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcCtlCom.exe

PDAgent.exe [Raxco Software, Inc.] : C:\Archivos de programa\Raxco\PerfectDisk\PDAgent.exe

PAStiSvc.exe : C:\WINDOWS\system32\PAStiSvc.exe

Tmntsrv.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\Tmntsrv.exe

TmPfw.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\TmPfw.exe

tmproxy.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\tmproxy.exe

PcScnSrv.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcScnSrv.exe



Internet Settings

R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.google.com/ie

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =



StartUps

04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : [Raxco Software, Inc.] : C:\WINDOWS\system32\PDBoot.exe



Shell Extensions

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Archivos de programa\WinRAR\rarext.dll

VBPropSheet - {771A9DA0-731A-11CE-993C-00AA004ADB6C} - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\VBProp.dll

Extensión Shell de TMD - {48F45200-91E6-11CE-8A4F-0080C81A28D4} - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\Tmdshell.dll

Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Archivos de programa\Nokia\Nokia PC Suite 6\PhoneBrowser.dll



Protocol Handler

IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll



Services

23 - : C:\WINDOWS\system32\DRIVERS\pfc027.sys

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcCtlCom.exe

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcScnSrv.exe

23 - [Raxco Software, Inc.] : C:\Archivos de programa\Raxco\PerfectDisk\PDAgent.exe

23 - [Realtek Semiconductor Corporation ] : C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\sbpci.sys

23 - : C:\WINDOWS\system32\PAStiSvc.exe

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\TM_CFW.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\drivers\tmcomm.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\Tmntsrv.exe

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\TmPfw.exe

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\tmpreflt.sys

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\tmproxy.exe

23 - [Trend Micro Incorporated.] : C:\WINDOWS\system32\DRIVERS\tmtdi.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\tmxpflt.sys

23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\videX32.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\vsapint.sys



Advanced Files Report

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia] [Phone Browser] MD5=EE72989BDAC20CC914ADEF6A7BCEEDB9 SIZE=544768

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PCSCM.dll [Nokia] [PCSCM] MD5=6550787D16122F4989CFE1987A23543B SIZE=557056

%SYSDIR%\ConnAPI.DLL [Nokia.] [Nokia Connectivity API] MD5=258154ED7DDA83E2F201EF7103142E5E SIZE=242688

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_spa.nlr [Nokia] [Nokia Phone Browser] MD5=1F2B58F51404F383146989365078323A SIZE=27648

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr [Nokia] [Nokia Phone Browser] MD5=E008D9B45A8955CA37307FA0516D1475 SIZE=569344

%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=7801791108C9FA442DD48BCD98869F21 SIZE=126464

%PROGRAMFILES%\Trend Micro\Internet Security 2007\Tmdshell.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=FAD1588DF3225791AA03EC48EA6E94CF SIZE=292368

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Lang\ConnectionManager_spa.nlr [Nokia] [Nokia ConnectionManager_eng] MD5=2742C7C67E2B07EFDEB4026D25B01F10 SIZE=5120

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmdbg.dll [] MD5=C8230A870738C9F2FC91C48A1C885C49 SIZE=300560

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcCtlPS.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=21F2436F67785B7805390C5A041B1750 SIZE=136720

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccAltUI.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=22E998F03E8A94822A3B569C29BCC6C5 SIZE=1627664

%PROGRAMFILES%\MSN Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=5F7A347E9D601E767EC69097C1EECDB2 SIZE=59728

%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=EBAAB228C847F6AFE0FB990514CA2A31 SIZE=3291472

%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll [] MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096

%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=364A6C6EF147168AB20E7354DAD01041 SIZE=1815376

%SYSDIR%\SP207.ax [PixArt Imaging Incorporation] [PAC207] MD5=EBAADDFA350FDE7801E12EBD69858EDF SIZE=48640

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcCtlCom.exe [Trend Micro Inc.] [Trend Micro Internet Security] MD5=B17E4FED1955E5F8C462AF5FC28E2895 SIZE=1930768

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccNFC.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=CF48FEDC4364B12878C5EBF8F5DC49E9 SIZE=202256

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmpxCfg.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=8D11DF00FAFEC1968F093EF7E21A6CA0 SIZE=374376

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmProxy.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=DBB4552F2F5082B9B7467BEB0EEA5E34 SIZE=124496

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TMOACfg.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=921CD5C02B016F1A82DC672E8F980DD8 SIZE=239120

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccScan.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=1C5643CC6C4EADF3CD50793E47B58903 SIZE=321040

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PEWNT2.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=0608B4CC4117B0B0684F2153D0E96988 SIZE=341520

%PROGRAMFILES%\Trend Micro\Internet Security 2007\vsapi32.dll [Trend Micro Inc.] [VSAPI] MD5=BED7313253A5B51E90B4F75F21CEA211 SIZE=1163344

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwApi.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=20A510A049B6CF9B71E1CB71C4DE5C33 SIZE=345680

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcSSrvPS.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=2D4C54B7C44767F119E03C108B389ED7 SIZE=67088

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmdp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=F7B099A57D85902D6F54A480195C662A SIZE=271888

%PROGRAMFILES%\Raxco\PerfectDisk\PDAgent.exe [Raxco Software, Inc.] [PDAgent Module] MD5=517A2D39B4D34631B2515A1006F0D096 SIZE=439824

%PROGRAMFILES%\Raxco\PerfectDisk\PDCommon.dll [Raxco Software, Inc.] [PerfectDisk] MD5=7087575F022559819A15229610C41DA8 SIZE=140816

%PROGRAMFILES%\Raxco\PerfectDisk\PDDb.dll [] [PerfectDisk] MD5=E53CDE26BC1E70612D44B8C106DBF5DD SIZE=71184

%PROGRAMFILES%\Raxco\PerfectDisk\sqlite3.dll [] [PerfectDisk] MD5=681450546344CC143ABE24B71C9E54E8 SIZE=366096

%PROGRAMFILES%\Raxco\PerfectDisk\PDLangEN.dll [Raxco Software, Inc.] [PerfectDisk] MD5=8F70F2FBE4125E8F64F302B6C5985BE6 SIZE=1414672

%SYSDIR%\PAStiSvc.exe [] MD5=ED78DFAD8EFCDFBC89500492C4D14645 SIZE=53248

%PROGRAMFILES%\Trend Micro\Internet Security 2007\Tmntsrv.exe [Trend Micro Inc.] [Trend Micro Internet Security] MD5=38759D7810E35D6B65DE36B3AE8C12AA SIZE=480784

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfw.exe [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=CD38C983A010DA8478AFB0F9461C92AF SIZE=943696

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwHlp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=C84A9CFB6660E7A482CBF3B883129C13 SIZE=161296

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmCfwApi.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=B9F8CE1BB8FE9F7CA41BBDA090EE5D55 SIZE=161360

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmHash.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=803E857103F97575962408C2AE292A92 SIZE=104016

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmMbd.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=88F10EC05FAF7DBFC246C701010D14C3 SIZE=235080

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmMbdRul.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=D749266A15273761E693E28401C4E91C SIZE=202328

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwRul.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=7660E75BDA4282B983F3185B1C1614AB SIZE=243280

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwLog.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=C78771BC2B9EA090427225BFBAD3E1F9 SIZE=132624

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmproxy.exe [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=385FD6EB0A09F4CC757CC7BB88B4B5DA SIZE=566872

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmpxHelp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=8EFEB4F8B37B5F61D39F01D25231FB4F SIZE=304656

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmtdi.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=B80FB78B7AA997CBB28DBCA78B5BA73D SIZE=91720

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmsmMail.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=540DF57474323C16051E9E6654EB04A3 SIZE=157280

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmMsg.dll [Trend Micro Inc.] [TMMSG 2.0] MD5=8ED81839668FA2B8E2FB432F2DC0A947 SIZE=697952

%PROGRAMFILES%\Trend Micro\Internet Security 2007\icuin18.dll [IBM Corporation and others] [International Components for Unicode] MD5=FD4CB38079C64A9BA9B761C0043A2BAC SIZE=499712

%PROGRAMFILES%\Trend Micro\Internet Security 2007\icuuc18.dll [IBM Corporation and others] [International Components for Unicode] MD5=A5D16E442E08E548B2C6FF95125DD0F2 SIZE=466944

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmpeVS.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=1CAC6DE894DA589F6D5ED1852A3F80DA SIZE=112224

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmphPop3.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=7D592B1B6D7EB909E87B6D7E54E7137F SIZE=104040

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmphSMTP.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=8F88D1347229AD3C62F86FF92E354D8F SIZE=104040

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcScnSrv.exe [Trend Micro Inc.] [Trend Micro Internet Security] MD5=E2458ADEB7C5E457F5247653EDF1DDC1 SIZE=214544

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccSpy.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=E4327E1278B124EE779CC5C7E5F66A0D SIZE=210448

%PROGRAMFILES%\Trend Micro\Internet Security 2007\ssapi32.dll [Trend Micro Inc.] [ssapi] MD5=00863FF8C03D85806BCC26053BBDD6EC SIZE=1275144

%PROGRAMFILES%\Trend Micro\Internet Security 2007\vstlib32.dll [Trend Micro Inc.] [ vstlib Dynamic Link Library] MD5=17743DF0465D33B33E78445F2D51239F SIZE=152840

%SYSDIR%\Macromed\Flash\Flash9e.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=D3C50535C26190FEAD7785A03499C0AC SIZE=2987392

%PROGRAMFILES%\Trend Micro\Internet Security 2007\VBProp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=FC1C2B69A2F51D22FEBF10A55707959C SIZE=321040

%SYSDIR%\svchost.exe -k netsvcs []

%SYSDIR%\svchost -k DcomLaunch []

%SYSDIR%\svchost.exe -k NetworkService []

%SYSDIR%\svchost.exe -k LocalService []

%SYSDIR%\DRIVERS\pfc027.sys [] MD5=3F24EAEB165328E00D687BF3B60A448A SIZE=162176

%SYSDIR%\svchost -k rpcss []

%SYSDIR%\DRIVERS\Rtnicxp.sys [Realtek Semiconductor Corporation ] [Realtek 10/100/1000 NIC Family all in one NDIS Driver ] MD5=1E11171C0B9989E1BDAA59E96B2E81C4 SIZE=85120

%SYSDIR%\drivers\sbpci.sys [Creative Technology Ltd.] [Sound Blaster PCI Audio Driver (WDM)] MD5=85EC267E5B6B8B3573E2037E82E86268 SIZE=465536

%SYSDIR%\svchost.exe -k imgsvc []

%SYSDIR%\DRIVERS\TM_CFW.sys [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=F4BCDD872D40A001C5255D7638804136 SIZE=288848

%SYSDIR%\drivers\tmcomm.sys [Trend Micro Inc.] [ActiveClean] MD5=3E4A1384A27013AB7B767A88B8A1BD34 SIZE=102800

%SYSDIR%\DRIVERS\tm_mbd_c.sys [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=BB6D5B0C5A996DBAB6FF7D374ECA3CA5 SIZE=111888

%SYSDIR%\DRIVERS\tmpreflt.sys [Trend Micro Inc.] [VSAPI] MD5=14DCD51F5C93C8F67FAA3911F9DF9191 SIZE=35856

%SYSDIR%\DRIVERS\tmtdi.sys [Trend Micro Incorporated.] [Trend Micro Network Security Components 3.2] MD5=F1545A94B6D5115B10A486FE8EEC310E SIZE=75088

%SYSDIR%\DRIVERS\tmxpflt.sys [Trend Micro Inc.] [VSAPI] MD5=919B437AB09588CEA3548D99D10729AC SIZE=202768

%SYSDIR%\DRIVERS\videX32.sys [VIA Technologies, Inc.] [VIA PCI IDE MINI Driver] MD5=F95C0FCFBCBDA6D8F202D2DF4052F88D SIZE=9216

%SYSDIR%\DRIVERS\vsapint.sys [Trend Micro Inc.] [VSAPI] MD5=9D489B26EE1525A3C3C1B7C2C2EA92ED SIZE=1126072

%COMMONFILES%\Skype\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=B608D23E4BC4DF3CB42EE2D69C24C8D1 SIZE=1934672



End of Report





Y aqui mando otro analisis este es el primetro que realize





Logfile of Spyware Terminator v2.1.1.314 (db:1.0.129.894)

Scan Time: 23/03/2008 16:51:15 length: 1996 s

Platform: WXP (5.1.0.2600)

User: Admin

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 37989 (Critical:1)

Filter: No System items, No Safe items, No Invalid items



Running Processes

PcCtlCom.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcCtlCom.exe

PDAgent.exe [Raxco Software, Inc.] : C:\Archivos de programa\Raxco\PerfectDisk\PDAgent.exe

PAStiSvc.exe : C:\WINDOWS\system32\PAStiSvc.exe

Tmntsrv.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\Tmntsrv.exe

TmPfw.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\TmPfw.exe

tmproxy.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\tmproxy.exe

PcScnSrv.exe [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcScnSrv.exe



Internet Settings

R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.google.com/ie

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =



StartUps

04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : [Raxco Software, Inc.] : C:\WINDOWS\system32\PDBoot.exe



Shell Extensions

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Archivos de programa\WinRAR\rarext.dll

VBPropSheet - {771A9DA0-731A-11CE-993C-00AA004ADB6C} - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\VBProp.dll

Extensión Shell de TMD - {48F45200-91E6-11CE-8A4F-0080C81A28D4} - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\Tmdshell.dll

Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Archivos de programa\Nokia\Nokia PC Suite 6\PhoneBrowser.dll



Protocol Handler

IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [Skype Technologies] : C:\Archivos de programa\Archivos comunes\Skype\Skype4COM.dll



Services

23 - : C:\WINDOWS\system32\DRIVERS\pfc027.sys

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcCtlCom.exe

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\PcScnSrv.exe

23 - [Raxco Software, Inc.] : C:\Archivos de programa\Raxco\PerfectDisk\PDAgent.exe

23 - [Realtek Semiconductor Corporation ] : C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\sbpci.sys

23 - : C:\WINDOWS\system32\PAStiSvc.exe

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\TM_CFW.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\drivers\tmcomm.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\Tmntsrv.exe

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\TmPfw.exe

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\tmpreflt.sys

23 - [Trend Micro Inc.] : C:\Archivos de programa\Trend Micro\Internet Security 2007\tmproxy.exe

23 - [Trend Micro Incorporated.] : C:\WINDOWS\system32\DRIVERS\tmtdi.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\tmxpflt.sys

23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\videX32.sys

23 - [Trend Micro Inc.] : C:\WINDOWS\system32\DRIVERS\vsapint.sys



Threat Files

<Unreadable Binary Files> : d:\Ad-Aware.SE Plus. 1.06 Build 1.06r1+Plugins.Multilengua-Lavasoft.garantia.alfrecopia\Ad-Aware Plusl 1.06 Build 1.06r1.exe-Lavasoft.garantia.alfrecopia.exe



Advanced Files Report

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmdbg.dll [] MD5=C8230A870738C9F2FC91C48A1C885C49 SIZE=300560

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcCtlPS.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=21F2436F67785B7805390C5A041B1750 SIZE=136720

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccAltUI.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=22E998F03E8A94822A3B569C29BCC6C5 SIZE=1627664

%PROGRAMFILES%\MSN Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=5F7A347E9D601E767EC69097C1EECDB2 SIZE=59728

%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=EBAAB228C847F6AFE0FB990514CA2A31 SIZE=3291472

%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll [] MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096

%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=364A6C6EF147168AB20E7354DAD01041 SIZE=1815376

%SYSDIR%\SP207.ax [PixArt Imaging Incorporation] [PAC207] MD5=EBAADDFA350FDE7801E12EBD69858EDF SIZE=48640

%SYSDIR%\Macromed\Flash\Flash9e.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=D3C50535C26190FEAD7785A03499C0AC SIZE=2987392

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcCtlCom.exe [Trend Micro Inc.] [Trend Micro Internet Security] MD5=B17E4FED1955E5F8C462AF5FC28E2895 SIZE=1930768

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccNFC.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=CF48FEDC4364B12878C5EBF8F5DC49E9 SIZE=202256

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmpxCfg.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=8D11DF00FAFEC1968F093EF7E21A6CA0 SIZE=374376

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmProxy.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=DBB4552F2F5082B9B7467BEB0EEA5E34 SIZE=124496

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TMOACfg.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=921CD5C02B016F1A82DC672E8F980DD8 SIZE=239120

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccScan.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=1C5643CC6C4EADF3CD50793E47B58903 SIZE=321040

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PEWNT2.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=0608B4CC4117B0B0684F2153D0E96988 SIZE=341520

%PROGRAMFILES%\Trend Micro\Internet Security 2007\vsapi32.dll [Trend Micro Inc.] [VSAPI] MD5=BED7313253A5B51E90B4F75F21CEA211 SIZE=1163344

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwApi.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=20A510A049B6CF9B71E1CB71C4DE5C33 SIZE=345680

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcSSrvPS.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=2D4C54B7C44767F119E03C108B389ED7 SIZE=67088

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmdp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=F7B099A57D85902D6F54A480195C662A SIZE=271888

%PROGRAMFILES%\Raxco\PerfectDisk\PDAgent.exe [Raxco Software, Inc.] [PDAgent Module] MD5=517A2D39B4D34631B2515A1006F0D096 SIZE=439824

%PROGRAMFILES%\Raxco\PerfectDisk\PDCommon.dll [Raxco Software, Inc.] [PerfectDisk] MD5=7087575F022559819A15229610C41DA8 SIZE=140816

%PROGRAMFILES%\Raxco\PerfectDisk\PDDb.dll [] [PerfectDisk] MD5=E53CDE26BC1E70612D44B8C106DBF5DD SIZE=71184

%PROGRAMFILES%\Raxco\PerfectDisk\sqlite3.dll [] [PerfectDisk] MD5=681450546344CC143ABE24B71C9E54E8 SIZE=366096

%PROGRAMFILES%\Raxco\PerfectDisk\PDLangEN.dll [Raxco Software, Inc.] [PerfectDisk] MD5=8F70F2FBE4125E8F64F302B6C5985BE6 SIZE=1414672

%SYSDIR%\PAStiSvc.exe [] MD5=ED78DFAD8EFCDFBC89500492C4D14645 SIZE=53248

%PROGRAMFILES%\Trend Micro\Internet Security 2007\Tmntsrv.exe [Trend Micro Inc.] [Trend Micro Internet Security] MD5=38759D7810E35D6B65DE36B3AE8C12AA SIZE=480784

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfw.exe [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=CD38C983A010DA8478AFB0F9461C92AF SIZE=943696

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwHlp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=C84A9CFB6660E7A482CBF3B883129C13 SIZE=161296

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmCfwApi.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=B9F8CE1BB8FE9F7CA41BBDA090EE5D55 SIZE=161360

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmHash.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=803E857103F97575962408C2AE292A92 SIZE=104016

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmMbd.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=88F10EC05FAF7DBFC246C701010D14C3 SIZE=235080

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmMbdRul.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=D749266A15273761E693E28401C4E91C SIZE=202328

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwRul.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=7660E75BDA4282B983F3185B1C1614AB SIZE=243280

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmPfwLog.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=C78771BC2B9EA090427225BFBAD3E1F9 SIZE=132624

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmproxy.exe [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=385FD6EB0A09F4CC757CC7BB88B4B5DA SIZE=566872

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmpxHelp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=8EFEB4F8B37B5F61D39F01D25231FB4F SIZE=304656

%PROGRAMFILES%\Trend Micro\Internet Security 2007\tmtdi.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=B80FB78B7AA997CBB28DBCA78B5BA73D SIZE=91720

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmsmMail.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=540DF57474323C16051E9E6654EB04A3 SIZE=157280

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmMsg.dll [Trend Micro Inc.] [TMMSG 2.0] MD5=8ED81839668FA2B8E2FB432F2DC0A947 SIZE=697952

%PROGRAMFILES%\Trend Micro\Internet Security 2007\icuin18.dll [IBM Corporation and others] [International Components for Unicode] MD5=FD4CB38079C64A9BA9B761C0043A2BAC SIZE=499712

%PROGRAMFILES%\Trend Micro\Internet Security 2007\icuuc18.dll [IBM Corporation and others] [International Components for Unicode] MD5=A5D16E442E08E548B2C6FF95125DD0F2 SIZE=466944

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmpeVS.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=1CAC6DE894DA589F6D5ED1852A3F80DA SIZE=112224

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmphPop3.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=7D592B1B6D7EB909E87B6D7E54E7137F SIZE=104040

%PROGRAMFILES%\Trend Micro\Internet Security 2007\TmphSMTP.dll [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=8F88D1347229AD3C62F86FF92E354D8F SIZE=104040

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PcScnSrv.exe [Trend Micro Inc.] [Trend Micro Internet Security] MD5=E2458ADEB7C5E457F5247653EDF1DDC1 SIZE=214544

%PROGRAMFILES%\Trend Micro\Internet Security 2007\PccSpy.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=E4327E1278B124EE779CC5C7E5F66A0D SIZE=210448

%PROGRAMFILES%\Trend Micro\Internet Security 2007\ssapi32.dll [Trend Micro Inc.] [ssapi] MD5=00863FF8C03D85806BCC26053BBDD6EC SIZE=1275144

%PROGRAMFILES%\Trend Micro\Internet Security 2007\vstlib32.dll [Trend Micro Inc.] [ vstlib Dynamic Link Library] MD5=17743DF0465D33B33E78445F2D51239F SIZE=152840

%PROGRAMFILES%\Trend Micro\Internet Security 2007\Tmdshell.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=FAD1588DF3225791AA03EC48EA6E94CF SIZE=292368

%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=7801791108C9FA442DD48BCD98869F21 SIZE=126464

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia] [Phone Browser] MD5=EE72989BDAC20CC914ADEF6A7BCEEDB9 SIZE=544768

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PCSCM.dll [Nokia] [PCSCM] MD5=6550787D16122F4989CFE1987A23543B SIZE=557056

%SYSDIR%\ConnAPI.DLL [Nokia.] [Nokia Connectivity API] MD5=258154ED7DDA83E2F201EF7103142E5E SIZE=242688

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_spa.nlr [Nokia] [Nokia Phone Browser] MD5=1F2B58F51404F383146989365078323A SIZE=27648

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr [Nokia] [Nokia Phone Browser] MD5=E008D9B45A8955CA37307FA0516D1475 SIZE=569344

%PROGRAMFILES%\Trend Micro\Internet Security 2007\VBProp.dll [Trend Micro Inc.] [Trend Micro Internet Security] MD5=FC1C2B69A2F51D22FEBF10A55707959C SIZE=321040

%SYSDIR%\svchost.exe -k netsvcs []

%SYSDIR%\svchost -k DcomLaunch []

%SYSDIR%\svchost.exe -k NetworkService []

%SYSDIR%\svchost.exe -k LocalService []

%SYSDIR%\DRIVERS\pfc027.sys [] MD5=3F24EAEB165328E00D687BF3B60A448A SIZE=162176

%SYSDIR%\svchost -k rpcss []

%SYSDIR%\DRIVERS\Rtnicxp.sys [Realtek Semiconductor Corporation ] [Realtek 10/100/1000 NIC Family all in one NDIS Driver ] MD5=1E11171C0B9989E1BDAA59E96B2E81C4 SIZE=85120

%SYSDIR%\drivers\sbpci.sys [Creative Technology Ltd.] [Sound Blaster PCI Audio Driver (WDM)] MD5=85EC267E5B6B8B3573E2037E82E86268 SIZE=465536

%SYSDIR%\svchost.exe -k imgsvc []

%SYSDIR%\DRIVERS\TM_CFW.sys [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=F4BCDD872D40A001C5255D7638804136 SIZE=288848

%SYSDIR%\drivers\tmcomm.sys [Trend Micro Inc.] [ActiveClean] MD5=3E4A1384A27013AB7B767A88B8A1BD34 SIZE=102800

%SYSDIR%\DRIVERS\tm_mbd_c.sys [Trend Micro Inc.] [Trend Micro Network Security Components 3.2] MD5=BB6D5B0C5A996DBAB6FF7D374ECA3CA5 SIZE=111888

%SYSDIR%\DRIVERS\tmpreflt.sys [Trend Micro Inc.] [VSAPI] MD5=14DCD51F5C93C8F67FAA3911F9DF9191 SIZE=35856

%SYSDIR%\DRIVERS\tmtdi.sys [Trend Micro Incorporated.] [Trend Micro Network Security Components 3.2] MD5=F1545A94B6D5115B10A486FE8EEC310E SIZE=75088

%SYSDIR%\DRIVERS\tmxpflt.sys [Trend Micro Inc.] [VSAPI] MD5=919B437AB09588CEA3548D99D10729AC SIZE=202768

%SYSDIR%\DRIVERS\videX32.sys [VIA Technologies, Inc.] [VIA PCI IDE MINI Driver] MD5=F95C0FCFBCBDA6D8F202D2DF4052F88D SIZE=9216

%SYSDIR%\DRIVERS\vsapint.sys [Trend Micro Inc.] [VSAPI] MD5=9D489B26EE1525A3C3C1B7C2C2EA92ED SIZE=1126072

%COMMONFILES%\Skype\Skype4COM.dll [Skype Technologies] [Skype4COM] MD5=B608D23E4BC4DF3CB42EE2D69C24C8D1 SIZE=1934672



End of Report



Gracias de antemano

[flacoroo]

comenzaremos por lo mas basico, bajate estos programas, reinicias en modo seguro y las ejecutas y despues nos pegas el resultado de C:infosat.txt



[url=http://www.zonavirus.com/descargas/elistara.asp]Elistara[/url]

[url=http://www.zonavirus.com/descargas/elitriip.asp]Elitriip[/url]

[url=http://www.zonavirus.com/descargas/elinotif.asp]Elinotiff[/url]

[msc hotline sat]

Por lo que cuenta, tiene un FAKE ALERT que le quiere "vender la moto"... con publicidad poco ética.



Cada día conocemos mas y mas troyanos de este tipo, que vamos controlando con el ELISTARA, que muy bien indica flacoroo pruebe y nos postee el resultado, pero es posible que aun no lo conzcamos, dada profusion de dichos nuevos malwares a diario.



Si no apareciera controlado en el log resultante (infosat.txt) , pruebe el SPROCES y posteenos luego el fichero que habrá creado en c:\sproclog.txt para indicar el posible causante y pedir que nos envie el sospechoso para analizarlo y pasar a controlarlo:





SPROCES (herramienta de investigación)

http://www.zonavirus.com/descargas/sproces.asp



Y tras pulsar en SALIR, posteanos el contenido del C:\SPROCLOG.TXT :



saludos



ms, 26-03-2008

[tonileonli2]

Muchas gracias por vuestra valiosa y rápida ayuda.

Como me dijisteis pase lo dos programas en modo seguro y el Elinotif.dll, también aunque me salio un cartel donde decía que no encontró la ruta.

Llevo unos minutos navegando por Internet y ya no me sale ninguna publicidad,

No se si es que ya esta solucionado o casualidad.

Aquí os pego el resultado de los análisis y volveros a dar las gracias por todo espero noticias vuestra

Un abrazo





Wed Mar 26 18:07:49 2008

EliStartPage v15.91 (c)2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\NVS2.INF --> Eliminado

Entrada Eliminada [HKCU\...\Run] "NOVOV"="c:\documents and settings\administrador\configuración local\datos de programa\novov.exe novov"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



Wed Mar 26 18:08:53 2008

EliStartPage v15.91 (c)2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\Trend Micro\Internet Security 2007\PCCBROWS.EXE --> Eliminado, Zlob.Rich(ocx)

C:\WINDOWS\system32\VITrans\VIVP.EXE --> Eliminado, RiskTool.CloseApp(dropper)



Nº Total de Directorios: 2324

Nº Total de Ficheros: 25841

Nº de Ficheros Analizados: 6761

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2



Wed Mar 26 18:20:53 2008

EliTriIP v4.54 (c)2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):



Wed Mar 26 18:21:04 2008

EliTriIP v4.54 (c)2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\



Nº Total de Directorios: 2323

Nº Total de Ficheros: 25841

Nº de Ficheros Analizados: 6203

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

[msc hotline sat]

Pue si ya no persisten los problemas, damos el Tema por solucionado y procedemos a cerralo.



Si por lo contrario reaparecieran, abra otro Tema indicandolo y posteenos de entrada el log del SPROCES que indicabamos en post anterior



saludos



ms, 26-03-2008