Virus "Trojan.Mailfinder.win32.blin.dr (SOLUCIONADO)

Aurelio · Mensaje por **Aurelio** » 18 Oct 2008, 22:37

Hola buenas tardes:

Cada vez que arranco Windows XP se me conecta automaticamente mi equipo a internet. Esto me pasa desde hace 4 o 5 horas. Antes tenia que hacerlo manualmente.

Esta situación me ha hecho sospechar sobre un posible virus. He pasado symantec pero no lo ha detectado y posteriormente he pasado Kaspersky online y detecta un virus en dos ficheros. Bueno no lo he podido pasar entero por el tiempo de duración.

Debe de ser un virus bastante problemático y necesitaria vuestra ayuda para limpiarlo y quitar la conexión automática.

Gracias de antemano

Aurelio

Pego el informe de Kaspersky a continuación.

Bombre del objeto infectado Nombre del virus Última acción

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B340000.VBN Infectados: Trojan-Mailfinder.Win32.Blen.dr saltado

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B400000.VBN Infectados: Trojan-Mailfinder.Win32.Blen.dr saltado

C:\Documents and Settings\Aurelio\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Identities\{D66AD497-92D5-4EA3-B074-8098C6F3687C}\Microsoft\Outlook Express\Folders.dbx Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Identities\{D66AD497-92D5-4EA3-B074-8098C6F3687C}\Microsoft\Outlook Express\Offline.dbx Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\History\History.IE5\MSHist012008101820081019\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temp\~DF4C24.tmp Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temp\~DF4C29.tmp Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\Aurelio\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado

Análisis interrumpido por el usuario!

Mensaje por **lucl** » 18 Oct 2008, 22:41

Veamos pasa estos dos antitrojanos que te indico y peganos el log que te dejara en C infosat.txt

http://www.zonavirus.com/descargas/elistara.asp

http://www.zonavirus.com/descargas/elitriip.asp

luego ejecuta hijackthis y nos pegas el log

~~[b]~~

[color=yellow]HJT : (HiJackThis)[/color][/b]

[i]¿Como utilizar el Hijackthis ?[/i]

Lo primero que debemos hacer es descargarlo en nuestro ordenador y lócalo en una carpeta propia C:\HijackThis\

Ejecútalo y presiona el botón "~~[b]~~Do a system scan and save a logfile[/b]"; el programa realizará el escaneo e inmediatamente generará el Log, sólo te pedira el nombre del archivo y su ubicación, puedes simplemente guardarlo así como está.

Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta de este Tema

· [url=http://www.zonavirus.com/descargas/trendmicro-hijackthis.asp]~~[b]~~Descargar Hijackthis[/b][/url]

y por ultimo trata de pasar el online entero aunque tarde mucho , y nos pegas el log. Ademas comentanos si con los antitrojanos pasados notas cambios, saludos

Mensaje por **msc hotline sat** » 19 Oct 2008, 08:53

Sí, tenias dos troyanos que ya están aparcados en cuarentena:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B340000.VBN Infectados: Trojan-Mailfinder.Win32.Blen.dr saltado

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B400000.VBN Infectados: Trojan-Mailfinder.Win32.Blen.dr saltado

Si al arrancar ya se conecta a Internet, es porque algo que lanzas en el inicio necesita hacerlo, no necesariamente un virus, puede ser una comprobacion de actualizacion de cualquier aplicacion que tengas instalada...

Pero como indica lucl, lanza el HJT y posteanos el log resultante, a ver qué vemos...

saludos

ms, 19-10-2008

Aurelio · Mensaje por **Aurelio** » 19 Oct 2008, 12:34

Gracias por vuestras rapidas respuestas.

Vamos por partes. (De la 1 a la 5)

~~[b]~~1.- Al bajar el Elistara me da mensaje de virus el Symantec. Adjunto ventana.[/b]

[color=#FF0000]Scan type: Realtime Protection Scan

Event: Virus Found!

Virus name: Trojan.Zlob

File: C:\Documents and Settings\Aurelio\Local Settings\Temporary Internet Files\Content.IE5\CL7L6LAN\ELISTARA.BGA%D8B%D8%D8H[1].EXE

Location: C:\Documents and Settings\Aurelio\Local Settings\Temporary Internet Files\Content.IE5\CL7L6LAN

Computer: HOGAR

User: Aurelio

Action taken: Clean failed : Quarantine failed : Access denied

Date found: domingo, 19 de octubre de 2008 11:56:30[/i][/color]

No me deja ejecutar la instalación me dice:

Elistara.exe no es una aplicación Win32 válida

Borro el fichero del disco y de la papelera.

~~[b]~~2.- Elitriip.[/b]

No hay problema en descarga ni en ejecución.

Lo primero que me sale es:

[color=#FF0000]"Desea bloquear el intento de intrusión por el TCP445"[/color]

Le digo que si y lo bloquea.

Sale algo de cancelar colas de impresión y le digo que si. Yo no estoy imprimiendo nada. Que pasa?

Me sale un mensaje del SPybot de cambio en el registro que acepto. Cambia una linea por otra igual que solo se diferencia en la mayuscula. Lo adjunto.

[color=#FF0000]19/10/2008 12:05:32 Permitido (based on user decision) value "" (new data: "Regedit.exe "%1"") cambiado in REG Extension handler![/color

Despues de explorar los dos discos duros no encuentra ningún fichero infectado. Adjunto Infosat.txt

[color=#FF0000]

Sun Oct 19 12:05:50 2008

EliTriIP v5.14 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Octubre del 2008)

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Nº Total de Directorios: 2494

Nº Total de Ficheros: 38815

Nº de Ficheros Analizados: 15898

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Sun Oct 19 12:11:38 2008

EliTriIP v5.14 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 14 de Octubre del 2008)

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Nº Total de Directorios: 53

Nº Total de Ficheros: 1677

Nº de Ficheros Analizados: 14

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0[/color]

~~[b]~~3.- Hijackthis.[/b]

Sin problemas en la descarga y ejecución. Adjunto texto.

[color=#FF0000]Logfile of HijackThis v1.99.1

Scan saved at 12:19:59, on 19/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\dllhst3g.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F3 - REG:win.ini: load=C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223738961937

O17 - HKLM\System\CCS\Services\Tcpip\..\{727E154D-9C44-48B2-B1C5-80A803296C68}: NameServer = 88.58.61.250,88.58.61.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A3A300A-5B7A-4065-9CAD-9F8D5E620602}: NameServer = 80.58.61.250 80.58.61.254

O18 - Protocol: bw+0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe[/color]

~~[b]~~ 4.- Voy a volver a pasar el Karspersky pero entero y os envío el informe.[/b]

~~[b]~~5.- Os adjunto la lista de programas que me indica el Spybot que se inician con Windows. Si veis alguno que deba quitar me lo decis.[/b]

[color=#FF0000]--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)

2008-08-14 SDFiles.exe (1.6.0.4)

2008-08-14 SDMain.exe (1.0.0.6)

2008-08-14 SDShred.exe (1.0.2.3)

2008-08-14 SDUpdate.exe (1.6.0.9)

2008-08-14 SDWinSec.exe (1.0.0.12)

2008-07-30 SpybotSD.exe (1.6.0.31)

2008-09-16 TeaTimer.exe (1.6.3.25)

2008-10-11 unins000.exe (51.41.0.0)

2008-10-11 unins001.exe (51.49.0.0)

2008-08-14 Update.exe (1.6.0.7)

2008-08-14 advcheck.dll (1.6.1.12)

2007-04-02 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-09-15 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2008-08-14 Tools.dll (2.1.5.7)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2008-09-02 Includes\Adware.sbi

2008-10-07 Includes\AdwareC.sbi

2008-06-03 Includes\Cookies.sbi

2008-09-02 Includes\Dialer.sbi

2008-09-09 Includes\DialerC.sbi

2008-07-23 Includes\HeavyDuty.sbi

2008-09-02 Includes\Hijackers.sbi

2008-10-07 Includes\HijackersC.sbi

2008-09-09 Includes\Keyloggers.sbi

2008-09-30 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2008-10-08 Includes\Malware.sbi

2008-10-08 Includes\MalwareC.sbi

2008-09-02 Includes\PUPS.sbi

2008-10-07 Includes\PUPSC.sbi

2007-11-07 Includes\Revision.sbi

2008-06-18 Includes\Security.sbi

2008-09-30 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2008-09-09 Includes\Spyware.sbi

2008-09-23 Includes\SpywareC.sbi

2008-06-03 Includes\Tracks.uti

2008-09-30 Includes\Trojans.sbi

2008-10-07 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, Adobe Reader Speed Launcher

command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

size: 39792

MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, Alcmtr

command: ALCMTR.EXE

file: C:\WINDOWS\ALCMTR.EXE

size: 69632

MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, BigDogPath

command: C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

file: C:\WINDOWS\VM_STI.EXE

size: 53248

MD5: 742CDD011F1E1F10007C36EA98C49EEB

Located: HK_LM:Run, HP Software Update

command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

size: 49152

MD5: 926A397334FE426A6C7657096FE681DB

Located: HK_LM:Run, NeroFilterCheck

command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

size: 155648

MD5: C93AB037A8C792D5F8A1A9FC88A7C7C5

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 7618560

MD5: 4BCC78C649D5B117F664CB83B6A791A2

Located: HK_LM:Run, NvMediaCenter

command: RunDLL32.exe NvMCTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\NvMCTray.dll

size: 86016

MD5: AF6AE431B9B063304F37AD052A5A1E66

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 1519616

MD5: 7AC98888346124460CC78860A3C73DF3

Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

file: C:\WINDOWS\RTHDCPL.EXE

size: 14477312

MD5: 96FCEB7B636E6A35CEBBC5E5F1F040E8

Located: HK_LM:Run, Sunkist2k

command: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

file: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

size: 135168

MD5: 504C9B456E415BD5A30747ED4E18D070

Located: HK_LM:Run, vptray

command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

size: 90112

MD5: 4B954730657F43B88A308C41FE570331

Located: HK_CU:Run, CTFMON.EXE

where: .DEFAULT...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

size: 147456

MD5: 928130E85250808BDB45694983AEDF65

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, LDM

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

size: 32768

MD5: 5588812731C64305F2579DD8215037E0

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

size: 1833296

MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-18...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, NavLogon

command: C:\WINDOWS\system32\NavLogon.dll

file: C:\WINDOWS\system32\NavLogon.dll

size: 45056

MD5: 4F08576DA1C93A5EC62EB2AD6EC3D084

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated![/color]

Gracias por todo.

Aurelio · Mensaje por **Aurelio** » 19 Oct 2008, 13:34

Hola de nuevo.

Ya tengo el resultado del Karpersky. Lo pego

[color=#FF0000]KASPERSKY ONLINE SCANNER INFORME

domingo, 19 de octubre de 2008 13:21:37

Sistema operativo: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)

Kaspersky Online Scanner versión: 5.0.84.1

Ultima actualización: 19/10/2008

Registros en la base antivirus: 1184030

Configuración del análisis

Analizar usando las siguientes bases standard

Analizar archivos verdadero

Analizar bases de correo verdadero

Objetivo a analizar Mi PC

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

Estadísticas

Número de objeros analizados 40703

Virus encontrados 1

Objetos infectados 2 / 0

Objetos sospechosos 0

Duración del análisis 00:37:46

Bombre del objeto infectado Nombre del virus Última acción

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B340000.VBN Infectados: Trojan-Mailfinder.Win32.Blen.dr saltado

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B400000.VBN Infectados: Trojan-Mailfinder.Win32.Blen.dr saltado

C:\Documents and Settings\Aurelio\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Identities\{D66AD497-92D5-4EA3-B074-8098C6F3687C}\Microsoft\Outlook Express\Folders.dbx Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Identities\{D66AD497-92D5-4EA3-B074-8098C6F3687C}\Microsoft\Outlook Express\Offline.dbx Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\History\History.IE5\MSHist012008101920081020\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temp\~DF4F31.tmp Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temp\~DF4F36.tmp Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado

C:\Documents and Settings\Aurelio\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Aurelio\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\Aurelio\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\BWDocMap.pht Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\BWInfopakMap.pht Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\chandir.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\chandir.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\chn.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\chn.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\D0000000.FCS Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\inuse.txt Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\L0000002.FCS Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\main.log Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_die.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_die.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_dnd.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_dnd.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_ext.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_ext.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_rcv.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\prs_rcv.idx Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\storydb.dat Object is locked saltado

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Aurelio\Data\storydb.idx Object is locked saltado

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado

C:\WINDOWS\SchedLgU.Txt Object is locked saltado

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked saltado

C:\WINDOWS\Sti_Trace.log Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\wiadebug.log Object is locked saltado

C:\WINDOWS\wiaservc.log Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

Análisis completado. [/color]

[size=150]~~[b]~~Atención:[/b][/size]

Al terminar el chequeo me ha salido un nuevo mensaje de virus en el Symantec. Es el mismo que se me presento ayer.

Por lo que en el Kaspersky me detecta un nuevo fichero en cuarentena 3 en vez de 2.

El fichero que indica el virus es el mismo también. hmunmlc03.exe pero no lo encuentro en mis discos duros.

Adjunto datos.

[color=#FF0000]Scan type: Realtime Protection Scan

Event: Virus Found!

Virus name: Trojan Horse

File: C:\DOCUME~1\Aurelio\LOCALS~1\Temp\~tmp\hmunmlc03\hmunmlc03.exe

Location: Quarantine

Computer: HOGAR

User: Aurelio

Action taken: Quarantine succeeded : Access denied

Date found: domingo, 19 de octubre de 2008 13:22:31[/color]

Mensaje por **msc hotline sat** » 19 Oct 2008, 13:46

Ni caso de los falsos positivos de algunos antivirus con el ELISTARA, ya es conocido:

https://foros.zonavirus.com/viewtopic.php?f=5&t=26228

Descargalo y pruebalo sin el antivirus residente !

Voy a ver el log

Hay estos dos ficheros atípicos :

C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\dllhst3g.exe

C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe

Los dos son sopechosos, envianoslos para analizar:

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

saludos

ms, 19-10-2008

Aurelio · Mensaje por **Aurelio** » 19 Oct 2008, 15:30

Hola de nuevo:

El Elistara no consigo lanzarlo. Me sale mensaje de error diciendo que no es una aplicación Win32 válida.

Sin la proteccion en tiempo real del Symantec sale el mismo mensaje y en Safety mode tambien.

Respecto a los ficheros atípicos.

El dllhst3g.exe lo tengo en 5 sitios diferentes.

En 4 de ellos el fichero es del mismo tamaño 80KB y la fecha es de ayer a las 17:59.

El 5 es de 5KB y de fecha 04/08/2004 (Está en Windows\System32)

El comrepl.exe lo tengo en 7 sitios diferentes

En 3 de ellos el fichero es del mismo tamaño 80KB y la fecha es de ayer a las 17:59.

Los otros 4 son de 10KB, tres de fecha 14/04/2008 y otro de fecha 04/08/2004

Los dos que he enviado como muestras son de ayer a las 17:59. (Son los que están en las direcciones indicadas por vosotros en el mail anterior)

Por otro lado cada poco tiempo me sale el mensaje de Symantec poniendo en cuarentena el fichero de siempre.

hmunmlc03.exe

Si busco en disco duro solo encuentro un fichero *.pf

HMUNMLC03.EXE-0778F4C6.pf situado en C:\Windows\Prefetch

Gracias y un saludo

Mensaje por **msc hotline sat** » 19 Oct 2008, 18:50

Muy bien hecho lo de enviarnos las muestras de la fecha de ayer, son las que estan actuando en este caso.

Y lo de que solo encuentras el PF del fichero que Norton pone en cuarentena, es natural porque lo ha movido a dicha carpeta, desactiva el antivirus y envianos el que tienes en la carpeta de cuarentena, aunque lo haya renombrado a otro nombre y extension.

Lo del ELISTARA, arranca en modo seguro con funciones de red, lo descargas de nuevo y loguardas en una carpeta, y sin reiniciar, pruebalo, y llega hasta el final, luego posteanos el infosat.txt resultante

saludos

ms, 19-10-2008

Aurelio · Mensaje por **Aurelio** » 19 Oct 2008, 20:07

Hola de nuevo:

Pero que buenos sois. Habeis dado en el clavo con los dos ficheros a la primera.

A raiz de vuestro correo anterior y comprobar que los dos ficheros eran de la misma fecha y hora y del mismo tamaño me he quedado mosqueado.

He actuado de la siguiente manera (Durante toda la tarde hasta ahora).

1.- He buscado todos los ficheros con la fecha y hora en cuestion. Eran todo ejecutables de 80KB imitando nombres de ficheros del sistema. Estaban en 4 o 5 directorios del disco duro repetidos. Los he borrado todos. Pero...

Volvian a aparacer. El unico que no me dejaba borrar era el dllhst3g.exe

2.- He revisado los procesos en curso (Control+alt+sup) y ahí estaba. Lo he parado y podido borrar todos y ya no han vuelto a aparecer.

3.- Me he metido en el registro y he borrado todas las alusiones a este fichero (al que estaba ubicado en la dirección que me habeis indicado).

4.- He reiniciado y problema resuelto. Ni conexión a internet al empezar, ni virus ni nada. Pero.....

El resgistro hacia referencia al otro fichero (comprepl.exe) y al arrancar windows daba error por que no lo encontraba. (Claro lo había borrado)

5.- He vuelto a meterme en el registro (regedit) y lo he borrado (el que estaba ubicado en la dirección que me habeis indicado). Pero aunque parecia borrarlo, no lo borraba y ahi seguia la referencia al fichero. La adjunto:

[color=#FF0000]Posición en el registro: Windows NT/Current version/Windows/

Load REG SZ

C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe[/color]

No he podido borrarlo (ni en safety mode) y para que no me diese error he copiado el fichero comrepl.exe (El bueno el de windows) a la carpeta en cuestion y así al menos al iniciar no mada ningún error.

6.- Tambien he borrado los ficheros de cuarentena de Symantec Norton. He vuelto a activar el sistema de restauración del sistema.

7.- He pasado Karsperky, Ad aware, Symantec, Spybot. Ahora todo Ok.

Me quedarian tres preguntas para dar el tema por solucionado:

1.- Como podria borrar en el registro la linea del comrepl.exe? No me da problemas pero es inutil.

2.- De los programas que se activan al inicio de windows (Os lo he pasado en un correo anterior sacado del spybot). Podria quitar alguno para que el ordenador arrancase más rapido?

3.- Depues de lo visto. Es interesante que pase el ELISATARA en safety mode con redes?. No tengo mucha confianza en saber hacer que las redes se conecten una vez iniciado el windows en ese modo.

Gracias.

Mensaje por **lucl** » 19 Oct 2008, 20:22

Como bien te dijo Msc pasa elistara en modo seguro con funciones de red . No olvides adems que enviaste las muestras y que estas se analizaran mañana y te daremos el programa adecuado para eliminarlas. Asi que si se te vuelven a reproducir renombralas a .VIR para que no incordien y mañana les damos matarile saludos

Mensaje por **msc hotline sat** » 20 Oct 2008, 12:17

Analizadas las dos muestras pasamos a controlaralas como MALWARE WAIT SERVICE a partir del ELISTARA de hoy 17.22

A partir de las 19 h GMT, estará disponible en esta web, para pruebas de evaluacion en el foro de zonavirus

saludos

ms, 20-10-2009

Aurelio · Mensaje por **Aurelio** » 20 Oct 2008, 20:39

Buenas noches.

Lo lamento pero no consigo pasar el Elistara. Ni guardandolo en C:\, ni en Safe mode con network, ni de ninguna manera. Adjunto mensaje que siempre me sale.

C:\ELISTARA. D%D8A%D8B%D8H.EXE no es una aplicación Win32 válida

Algo debo de estar haciendo mal.

Tambien es cierto que cuando inicio en Safe mode con network. Tengo conexión a mi red inhalambrica pero no consigo conectarme a internet porque no tengo ningun tipo de conexión marcada en el explorador y tampoco se como crearla.

Cuando no estoy en Safe mode el explorador tiene una conexión que es la que utilizo. ADSL AIM.

Un saludo

Mensaje por **msc hotline sat** » 20 Oct 2008, 20:50

Acabo de bajarme yo en casa el ELISTARA 17.22 por si lo hubiera subido mal, y tras guardarlo en una carpeta, corre perfectamente sin dar errores de win32

Me parece que has borrado a mano demasiadas cosas... , por esto no aconsejamos tocar el registro !!!

Nuestras utilidades ya restauran las claves correspondientes, evitando que el usuario haga estropicios.

Mira de arrancar en modo seguro con funciones de red, descargas de nuevo el ELISTARA y asi lo ejecutas, a ver si te da el mismo mensaje o no... y nos informas, gracias

saludos

ms, 20-10-2008

Aurelio · Mensaje por **Aurelio** » 21 Oct 2008, 20:34

Buenas noches.

Al fin conseguido.

El problema no era lo que habia tocado del registro.

No podia bajar el Elistara correctamente por que en modo seguro con network no conseguia conectarme a internet por lo que no lo podia bajar (logicamente) y en modo no seguro el symantec me bloqueba el fichero Elistara.exe y no me dejaba ejecutarlo.

Fianlmente lo he bajado desactivando el symantec y ejecutandolo en modo safe mode.

Adjunto fichero Infosat de los dos discos duros.

[color=#FF0000] Tue Oct 21 20:10:01 2008

EliStartPage v17.23 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 21 de Octubre del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Program Files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IKERNEL.DLL --> Eliminado, MyWebSearch

C:\Program Files\Realtek\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZ3A054.DLL --> Eliminado, MoviePass

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f300_seriedfce\HPZ3A054.DLL --> Eliminado, MoviePass

Nº Total de Directorios: 4183

Nº Total de Ficheros: 47323

Nº de Ficheros Analizados: 16512

Nº de Ficheros Infectados: 4

Nº de Ficheros Limpiados: 4

Tue Oct 21 20:15:19 2008

EliStartPage v17.23 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 21 de Octubre del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Nº Total de Directorios: 53

Nº Total de Ficheros: 1677

Nº de Ficheros Analizados: 9

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0[/color]

Ojo al reiniciar el equipo después de pasar el Elistara me sale lo siguiente (Siempre que reinicio)

[color=#FF0000]Runner error

Runner file name (LogitechDesktop Mesenger.exe) lacks a´-´(the app id separator)

Aceptar[/color]

Gracias

Mensaje por **msc hotline sat** » 21 Oct 2008, 21:37

Pues lanza el HJT y posteanos el informe resultante:

~~[b]~~

[color=yellow]HJT : (HiJackThis)[/color][/b]

[i]¿Como utilizar el Hijackthis ?[/i]

Lo primero que debemos hacer es descargarlo en nuestro ordenador y ubicarlo en una carpeta propia C:\HijackThis\

Ejecútarlo y presionar el botón "~~[b]~~Do a system scan and save a logfile[/b]"; el programa realizará el escaneo e inmediatamente generará el Log, sólo te pedira el nombre del archivo y su ubicación, puedes simplemente guardarlo así como está.

Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta de este Tema

· [url=http://www.zonavirus.com/descargas/trendmicro-hijackthis.asp]~~[b]~~Descargar Hijackthis[/b][/url]

Tras analizarlo, informaremos

saludos

ms, 21-10-2008

Aurelio · Mensaje por **Aurelio** » 22 Oct 2008, 00:21

Hecho. (Le cuesta breves segundos)

[color=#FF0000]Logfile of HijackThis v1.99.1

Scan saved at 0:18:58, on 22/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F3 - REG:win.ini: load=C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223738961937

O17 - HKLM\System\CCS\Services\Tcpip\..\{727E154D-9C44-48B2-B1C5-80A803296C68}: NameServer = 88.58.61.250,88.58.61.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A3A300A-5B7A-4065-9CAD-9F8D5E620602}: NameServer = 80.58.61.250 80.58.61.254

O18 - Protocol: bw+0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe[/color]

Un saludo

Mensaje por **msc hotline sat** » 22 Oct 2008, 05:41

Analizado el log, solo cabe ver que este fichero sea realmente el de microsoft:

C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe

subelo al VirusTotal www.virustotal.com/es e informanos el resultado, gracias

saludos

ms, 22-10-2008

Aurelio · Mensaje por **Aurelio** » 22 Oct 2008, 16:59

Hola.

Adjunto datos.

Sigo sin poder borrar esa linea del registro.

[color=#FF0000]Análisis del archivo comrepl.exe recibido el 22.10.2008 16:44:32 (CET)

Estado actual: Cargando ... en cola en espera en proceso análisis terminado NO ENCONTRADO DETENIDO

Resultado: 0/35 (0%)

Cargando información del servidor..

Su archivo se encuentra encolado en la posición: 1.

Se estima que tendrá que esperar entre 40 y 57 segundos

hasta el comienzo del análisis.

No cierre la ventana hasta se haya completado el análisis.

El analizador que estaba procesando su muestra se encuentra detenido,

se va a esperar unos segundos por si fuera posible recuperar el resultado.

Si lleva esperando varios minutos necesitará reenviar su archivo de nuevo.

Su archivo está siendo analizado por VirusTotal en estos momentos,

los resultados se iran mostrando a continuación.

Compactar Imprimir resultados

La muestra ha caducado o no existe.

El sistema se encuentra detenido en estos momentos, su muestra se encuentra a la espera de ser analizada (posicion: ) por un tiempo indefinido.

Usted puede continuar esperando la respuesta por web (se recargará automaticamente) o bien introducir su email en el siguiente formulario y pulsar el botón "solicitar" para que la respuesta le sea automaticamente remitida por correo electrónico.

Email:

Motor antivirus Versión Última actualización Resultado

AhnLab-V3 2008.10.22.0 2008.10.22 -

AntiVir 7.9.0.5 2008.10.22 -

Authentium 5.1.0.4 2008.10.22 -

Avast 4.8.1248.0 2008.10.22 -

AVG 8.0.0.161 2008.10.22 -

BitDefender 7.2 2008.10.22 -

CAT-QuickHeal 9.50 2008.10.22 -

ClamAV 0.93.1 2008.10.22 -

DrWeb 4.44.0.09170 2008.10.22 -

eSafe 7.0.17.0 2008.10.22 -

eTrust-Vet 31.6.6163 2008.10.22 -

Ewido 4.0 2008.10.22 -

F-Prot 4.4.4.56 2008.10.22 -

Fortinet 3.113.0.0 2008.10.22 -

GData 19 2008.10.22 -

Ikarus T3.1.1.44.0 2008.10.22 -

K7AntiVirus 7.10.503 2008.10.22 -

Kaspersky 7.0.0.125 2008.10.22 -

McAfee 5411 2008.10.22 -

Microsoft 1.4005 2008.10.22 -

NOD32 3545 2008.10.22 -

Norman 5.80.02 2008.10.22 -

Panda 9.0.0.4 2008.10.22 -

PCTools 4.4.2.0 2008.10.22 -

Prevx1 V2 2008.10.22 -

Rising 20.67.22.00 2008.10.22 -

SecureWeb-Gateway 6.7.6 2008.10.22 -

Sophos 4.34.0 2008.10.22 -

Sunbelt 3.1.1742.1 2008.10.21 -

Symantec 10 2008.10.22 -

TheHacker 6.3.1.0.123 2008.10.22 -

TrendMicro 8.700.0.1004 2008.10.22 -

VBA32 3.12.8.8 2008.10.22 -

ViRobot 2008.10.22.1432 2008.10.22 -

VirusBuster 4.5.11.0 2008.10.22 -

Información adicional

Tamano archivo: 9728 bytes

MD5...: deddbce9d0b6e4864f593a8a36849e1d

SHA1..: 5452b785fa6b7f1d7c68019069506c19e16fe21b

SHA256: 574ea78412169dab9416fa1f89f0f7c164b89a1df551c79ab5608f05fda8d5b8

SHA512: eddf188ad51b34e1dff0d7a7b6bccc6d7baba42477ff25d4571abf4aa49bc623

29102ac0c5726ca8dda471a8e75d0307eea9ba99a6569fba1b648c42d94a42f2

PEiD..: -

TrID..: File type identification

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x401fb0

timedatestamp.....: 0x46647751 (Mon Jun 04 20:34:25 2007)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1972 0x1a00 6.14 69030888c43576024b18a6503047a35e

.data 0x3000 0x54 0x200 0.25 130185adbbdaaa39f03b9acd1164e46e

.rsrc 0x4000 0x408 0x600 2.50 37a73969d01c5b0fb93fb164c9f3b3de

( 6 imports )

> USER32.dll: LoadStringW

> KERNEL32.dll: MultiByteToWideChar, lstrlenA, LocalFree, WriteConsoleW, GetStdHandle, FormatMessageW, GetLastError, CloseHandle, WaitForMultipleObjects, CreateThread, lstrcmpW, lstrcatW, lstrlenW, lstrcmpiW, GetConsoleOutputCP, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA

> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize

> OLEAUT32.dll: -, -

> msvcrt.dll: swprintf, __2@YAPAXI@Z, __3@YAXPAX@Z, wcslen, printf, __CxxFrameHandler, _flushall, fgetws, _iob, _wsetlocale, _c_exit, _exit, _XcptFilter, _cexit, exit, __initenv, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, __dllonexit, _onexit, _controlfp

> COMRes.dll: COMResModuleInstance

( 0 exports ) [/color]

Aurelio · Mensaje por **Aurelio** » 22 Oct 2008, 17:07

Hola de nuevo:

Creo que no os lo he enviado bien. Lo envío de nuevo.

[color=#FF0000]Análisis del archivo comrepl.exe recibido el 22.10.2008 17:01:33 (CET)

Estado actual: análisis terminado

Resultado: 0/36 (0%)

Compactar

Imprimir resultados

Email:

Motor antivirus Versión Última actualización Resultado

AhnLab-V3 2008.10.22.0 2008.10.22 -

AntiVir 7.9.0.5 2008.10.22 -

Authentium 5.1.0.4 2008.10.22 -

Avast 4.8.1248.0 2008.10.22 -

AVG 8.0.0.161 2008.10.22 -

BitDefender 7.2 2008.10.22 -

CAT-QuickHeal 9.50 2008.10.22 -

ClamAV 0.93.1 2008.10.22 -

DrWeb 4.44.0.09170 2008.10.22 -

eSafe 7.0.17.0 2008.10.22 -

eTrust-Vet 31.6.6163 2008.10.22 -

Ewido 4.0 2008.10.22 -

F-Prot 4.4.4.56 2008.10.22 -

F-Secure 8.0.14332.0 2008.10.22 -

Fortinet 3.113.0.0 2008.10.22 -

GData 19 2008.10.22 -

Ikarus T3.1.1.44.0 2008.10.22 -

K7AntiVirus 7.10.503 2008.10.22 -

Kaspersky 7.0.0.125 2008.10.22 -

McAfee 5411 2008.10.22 -

Microsoft 1.4005 2008.10.22 -

NOD32 3545 2008.10.22 -

Norman 5.80.02 2008.10.22 -

Panda 9.0.0.4 2008.10.22 -

PCTools 4.4.2.0 2008.10.22 -

Prevx1 V2 2008.10.22 -

Rising 20.67.22.00 2008.10.22 -

SecureWeb-Gateway 6.7.6 2008.10.22 -

Sophos 4.34.0 2008.10.22 -

Sunbelt 3.1.1742.1 2008.10.21 -

Symantec 10 2008.10.22 -

TheHacker 6.3.1.0.123 2008.10.22 -

TrendMicro 8.700.0.1004 2008.10.22 -

VBA32 3.12.8.8 2008.10.22 -

ViRobot 2008.10.22.1432 2008.10.22 -

VirusBuster 4.5.11.0 2008.10.22 -

Información adicional

Tamano archivo: 9728 bytes

MD5...: deddbce9d0b6e4864f593a8a36849e1d

SHA1..: 5452b785fa6b7f1d7c68019069506c19e16fe21b

SHA256: 574ea78412169dab9416fa1f89f0f7c164b89a1df551c79ab5608f05fda8d5b8

SHA512: eddf188ad51b34e1dff0d7a7b6bccc6d7baba42477ff25d4571abf4aa49bc623

29102ac0c5726ca8dda471a8e75d0307eea9ba99a6569fba1b648c42d94a42f2

PEiD..: -

TrID..: File type identification

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x401fb0

timedatestamp.....: 0x46647751 (Mon Jun 04 20:34:25 2007)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1972 0x1a00 6.14 69030888c43576024b18a6503047a35e

.data 0x3000 0x54 0x200 0.25 130185adbbdaaa39f03b9acd1164e46e

.rsrc 0x4000 0x408 0x600 2.50 37a73969d01c5b0fb93fb164c9f3b3de

( 6 imports )

> USER32.dll: LoadStringW

> KERNEL32.dll: MultiByteToWideChar, lstrlenA, LocalFree, WriteConsoleW, GetStdHandle, FormatMessageW, GetLastError, CloseHandle, WaitForMultipleObjects, CreateThread, lstrcmpW, lstrcatW, lstrlenW, lstrcmpiW, GetConsoleOutputCP, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA

> ole32.dll: CoInitialize, CoCreateInstance, CoUninitialize

> OLEAUT32.dll: -, -

> msvcrt.dll: swprintf, __2@YAPAXI@Z, __3@YAXPAX@Z, wcslen, printf, __CxxFrameHandler, _flushall, fgetws, _iob, _wsetlocale, _c_exit, _exit, _XcptFilter, _cexit, exit, __initenv, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, __dllonexit, _onexit, _controlfp

> COMRes.dll: COMResModuleInstance

( 0 exports ) [/color]

Mensaje por **msc hotline sat** » 22 Oct 2008, 17:43

Pues el fichero no es malware, asi que dejalo como está :wink:

y esta deteccion de Trojan.Mailfinder.win32.blin.dr posiblemente ya haya sido eliminada por las acciones anteriores, asi que compruebe si tras reiniciar ya no persiste ninguna anomalia, y nos informa para, en su caso, poder dar por solucionado el Tema, gracias.

saludos

ms, 22-10-2008

Aurelio · Mensaje por **Aurelio** » 22 Oct 2008, 19:01

Hola:

Al arrancar me sigue saliendo (Siempre que reinicio)

[color=#FF0000]Runner error

Runner file name (LogitechDesktop Mesenger.exe) lacks a´-´(the app id separator)

Aceptar[/color]

Puede que desinstalando al aplicación de Logitech me desaparezca.

La linea de registro que hemos comentado la borro y se vuelve a crear sola:

[color=#FF0000]Posición en el registro: Windows NT/Current version/Windows/

Load REG SZ

C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe[/color]

La dejo como está y listo.

Por otro lado me gustaría saber si puedo desactivar alguno de los siguientes procesos que se activan al iniciar windows.

Información sacada de Spybot.

[color=#FF0000]--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)

2008-08-14 SDFiles.exe (1.6.0.4)

2008-08-14 SDMain.exe (1.0.0.6)

2008-08-14 SDShred.exe (1.0.2.3)

2008-08-14 SDUpdate.exe (1.6.0.9)

2008-08-14 SDWinSec.exe (1.0.0.12)

2008-07-30 SpybotSD.exe (1.6.0.31)

2008-09-16 TeaTimer.exe (1.6.3.25)

2008-10-11 unins000.exe (51.41.0.0)

2008-10-11 unins001.exe (51.49.0.0)

2008-08-14 Update.exe (1.6.0.7)

2008-08-14 advcheck.dll (1.6.1.12)

2007-04-02 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-09-15 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2008-08-14 Tools.dll (2.1.5.7)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2008-09-02 Includes\Adware.sbi

2008-10-14 Includes\AdwareC.sbi

2008-06-03 Includes\Cookies.sbi

2008-09-02 Includes\Dialer.sbi

2008-09-09 Includes\DialerC.sbi

2008-07-23 Includes\HeavyDuty.sbi

2008-09-02 Includes\Hijackers.sbi

2008-10-07 Includes\HijackersC.sbi

2008-09-09 Includes\Keyloggers.sbi

2008-10-14 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2008-10-08 Includes\Malware.sbi

2008-10-14 Includes\MalwareC.sbi

2008-09-02 Includes\PUPS.sbi

2008-10-14 Includes\PUPSC.sbi

2007-11-07 Includes\Revision.sbi

2008-06-18 Includes\Security.sbi

2008-09-30 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2008-09-09 Includes\Spyware.sbi

2008-10-14 Includes\SpywareC.sbi

2008-06-03 Includes\Tracks.uti

2008-10-15 Includes\Trojans.sbi

2008-10-14 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, Adobe Reader Speed Launcher

command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

size: 39792

MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, BigDogPath

command: C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

file: C:\WINDOWS\VM_STI.EXE

size: 53248

MD5: 742CDD011F1E1F10007C36EA98C49EEB

Located: HK_LM:Run, HP Software Update

command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

size: 49152

MD5: 926A397334FE426A6C7657096FE681DB

Located: HK_LM:Run, NeroFilterCheck

command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

size: 155648

MD5: C93AB037A8C792D5F8A1A9FC88A7C7C5

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 7618560

MD5: 4BCC78C649D5B117F664CB83B6A791A2

Located: HK_LM:Run, NvMediaCenter

command: RunDLL32.exe NvMCTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\NvMCTray.dll

size: 86016

MD5: AF6AE431B9B063304F37AD052A5A1E66

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 1519616

MD5: 7AC98888346124460CC78860A3C73DF3

Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

file: C:\WINDOWS\RTHDCPL.EXE

size: 14477312

MD5: 96FCEB7B636E6A35CEBBC5E5F1F040E8

Located: HK_LM:Run, Sunkist2k

command: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

file: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

size: 135168

MD5: 504C9B456E415BD5A30747ED4E18D070

Located: HK_LM:Run, vptray

command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

size: 90112

MD5: 4B954730657F43B88A308C41FE570331

Located: HK_CU:Run, CTFMON.EXE

where: .DEFAULT...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

size: 147456

MD5: 928130E85250808BDB45694983AEDF65

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, LDM

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

size: 32768

MD5: 5588812731C64305F2579DD8215037E0

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

size: 1833296

MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-18...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, NavLogon

command: C:\WINDOWS\system32\NavLogon.dll

file: C:\WINDOWS\system32\NavLogon.dll

size: 45056

MD5: 4F08576DA1C93A5EC62EB2AD6EC3D084

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated![/color]

Gracias

Mensaje por **msc hotline sat** » 22 Oct 2008, 19:23

Veamos antes donde, como y en qué entorno, lanza esta aplicacikon LogitechDesktop Mesenger.exe...

Pruebe el SPROCES y posteenos el informe resultante:

~~[b]~~SPROCES[/b] (herramienta de investigación)

http://www.zonavirus.com/descargas/sproces.asp

Y tras pulsar en SALIR, posteanos el contenido del C:\SPROCLOG.TXT con un copiar y pegar

saludos

ms, 22-10-2008

Aurelio · Mensaje por **Aurelio** » 22 Oct 2008, 22:15

Lo envío. es larguísimo, Lo envío en varias respuestas me dice que tiene 391261 caracteres y el máximo son 90000.

Wed Oct 22 22:04:22 2008

SProces v3.1 (c)2008 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 3

Internet Explorer: (v7.0.5730.13) 0

Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\VM_STI.EXE

C:\PROGRAM FILES\MULTIMEDIA CARD READER\SHWICON2K.EXE

C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\VPTRAY.EXE

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE

C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\DEFWATCH.EXE

C:\PROGRA~1\WINTV\EPG SERVICES\SYSTEM\EPGSERVICE.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\RTVSCAN.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXINGSERVICE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\EXCEL.EXE

C:\PROGRAM FILES\HEROESOFAE\DATA\ENGINE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\DOCUMENTS AND SETTINGS\AURELIO\DESKTOP\SPROCES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F3 - REG:win.ini: load=C:\DOCUME~1\Aurelio\APPLIC~1\MICROS~1\comrepl.exe

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System32\drivers\cmstp.exe /waitservice

O4 - Startup: desktop.ini

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/ka ... nicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3738961937

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/fl ... rashim.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.macromedia.com/pub/sh ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{727E154D-9C44-48B2-B1C5-80A803296C68}: NameServer = 88.58.61.250,88.58.61.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A3A300A-5B7A-4065-9CAD-9F8D5E620602}: NameServer = 80.58.61.250 80.58.61.254

O18 - Protocol: bw+0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: offline-8876480 - {41B2B171-57ED-42BB-9C3C-5E523A59E2AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: DIMSNTFY - %SYSTEMROOT%\SYSTEM32\DIMSNTFY.DLL

O20 - Winlogon Notify: NAVLOGON - C:\WINDOWS\SYSTEM32\NAVLOGON.DLL

O20 - Winlogon Notify: WGALOGON - WGALOGON.DLL

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll

Información Adicional:

----------------------

Listado de Servicios (Carga Automatica):

----------------------------------------

**O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

**O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe

O23 - Service: NAVAPEL - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: nVidia WDM Video Capture (universal) (nvcap) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\nvcap.sys (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: nVidia WDM A/V Crossbar (NVXBAR) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\NVxbar.sys (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

**O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)

Listado de Servicios (Carga Manual):

------------------------------------

**O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Hauppauge WinTV-HVR 713X PCI Card (Hauppauge WinTV-HVR) - Hauppauge Computer Works inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HCW713x.sys

O23 - Service: Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - Windows (R) Server 2003 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\HDAudBus.sys

O23 - Service: IEEE-1284.4 Driver HPZid412 (HPZid412) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys

O23 - Service: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys

O23 - Service: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RtkHDAud.sys

O23 - Service: Logitech SetPoint Keyboard Driver (L8042Kbd) - Logitech, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys

O23 - Service: Logitech SetPoint PS/2 Mouse Filter Driver (L8042mou) - Logitech, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys

O23 - Service: Logitech SetPoint Mouse Filter Driver (LMouKE) - Logitech, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys

O23 - Service: ATK0110 ACPI UTILITY (MTsensor) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.sys

O23 - Service: NAVAP - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys

O23 - Service: NAVENG - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081018.004\NAVENG.sys

O23 - Service: NAVEX15 - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081018.004\NAVEX15.sys

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nv - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys

O23 - Service: Direct Parallel Link Driver (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys

O23 - Service: Conceptronic RT61 54g Wireless Driver (RT61) - Ralink Technology Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\RT61.sys

O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys

O23 - Service: Alcor Micro Corp - 6360 (SunkFilt6) - Unknown owner - C:\WINDOWS\System32\Drivers\sunkfilt6.sys (file missing)

O23 - Service: Alcor Micro Corp - 6362 (SunkFilt62) - Alcor Micro, Corp. - C:\WINDOWS\System32\Drivers\sunkfilt62.sys

O23 - Service: HP && Alcor Micro Corp for Phison (Sunkfiltp) - Unknown owner - C:\WINDOWS\System32\Drivers\sunkfiltp.sys (file missing)

O23 - Service: SymEvent - Symantec Corporation - C:\Program Files\Symantec\SYMEVENT.SYS

*O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)

O23 - Service: NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwxp) - Marvell - C:\WINDOWS\SYSTEM32\DRIVERS\yk51x86.sys

O23 - Service: Vimicro USB PC Camera (VC0305) (ZSMC301b) - VM - C:\WINDOWS\SYSTEM32\Drivers\usbVM31b.sys

Listado de Servicios (Deshabilitados):

--------------------------------------

**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys

39 Servicios.

11 de Carga Automatica.

27 de Carga Manual.

1 Deshabilitados.

Mensaje por **flacoroo** » 23 Oct 2008, 00:19

Despues de haberte eliminado lineas que no nos servian y ocupaban muchos espacio, examinare tu Log para ver que encuentro.....

pues encontre limpio tu Log.

si ya no tienes problemas dinoslo para cerrar tu tema....

Mensaje por **msc hotline sat** » 23 Oct 2008, 11:34

:lol: Rizando el rizo podriamos pensar mal de este cmstp.exe que tienes en drivers ??? Pues envianos dicho fichero para analizar :

C:\WINDOWS\System32\drivers\cmstp.exe

puede ser de microsoft ... o NO !

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

saludos

ms, 23-10-2008

Aurelio · Mensaje por **Aurelio** » 23 Oct 2008, 20:56

Hola:

En esa dirección no encuentro ningún fichero con ese nombre. (Veo archivos ocultos y del sistema).

Sólo encuentro este fichero en los siguientes directorios

C/Windows/System32

C/Windows/ServicePackFiles/i386

C/Windows/$NtServicePackUnistall$

Ninguno parece sospechoso ya que no tienen 80KB y fecha común a los detectados inicialmente

(No obstante el nombre del fichero es uno de los que genero el virus de tamaño 80KB y se eliminaron hace muchos mails)

Un saludo

Mensaje por **msc hotline sat** » 23 Oct 2008, 21:08

Claro, estos sí que deben ser los de Microsoft, es este otro que se lanza en:

O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\WINDOWS\System32\drivers\cmstp.exe /waitservice

el que daba que pensar, pero si dices que no lo tienes, pues nada, debe ser un resto ya inocuo

Por ello, y como bien indica flacoro, dinos si ya no perisste ninguna anomalia, para poder dar por solucionado el Tema

saludos

ms, 23-10-2008

Aurelio · Mensaje por **Aurelio** » 23 Oct 2008, 22:42

Hola:

Al arrancar me sigue saliendo (Siempre que reinicio)

Runner error

Runner file name (LogitechDesktop Mesenger.exe) lacks a´-´(the app id separator)

Aceptar

Puede que desinstalando al aplicación de Logitech me desaparezca. (Os parece que lo haga??

Por otro lado me gustaría saber si puedo desactivar alguno de los siguientes procesos que se activan al iniciar windows.

Información sacada de Spybot.

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.

2008-08-14 SDFiles.exe (1.6.0.4)

2008-08-14 SDMain.exe (1.0.0.6)

2008-08-14 SDShred.exe (1.0.2.3)

2008-08-14 SDUpdate.exe (1.6.0.9)

2008-08-14 SDWinSec.exe (1.0.0.12)

2008-07-30 SpybotSD.exe (1.6.0.31)

2008-09-16 TeaTimer.exe (1.6.3.25)

2008-10-11 unins000.exe (51.41.0.0)

2008-10-11 unins001.exe (51.49.0.0)

2008-08-14 Update.exe (1.6.0.7)

2008-08-14 advcheck.dll (1.6.1.12)

2007-04-02 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-09-15 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2008-08-14 Tools.dll (2.1.5.7)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2008-09-02 Includes\Adware.sbi

2008-10-14 Includes\AdwareC.sbi

2008-06-03 Includes\Cookies.sbi

2008-09-02 Includes\Dialer.sbi

2008-09-09 Includes\DialerC.sbi

2008-07-23 Includes\HeavyDuty.sbi

2008-09-02 Includes\Hijackers.sbi

2008-10-07 Includes\HijackersC.sbi

2008-09-09 Includes\Keyloggers.sbi

2008-10-14 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2008-10-08 Includes\Malware.sbi

2008-10-14 Includes\MalwareC.sbi

2008-09-02 Includes\PUPS.sbi

2008-10-14 Includes\PUPSC.sbi

2007-11-07 Includes\Revision.sbi

2008-06-18 Includes\Security.sbi

2008-09-30 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2008-09-09 Includes\Spyware.sbi

2008-10-14 Includes\SpywareC.sbi

2008-06-03 Includes\Tracks.uti

2008-10-15 Includes\Trojans.sbi

2008-10-14 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, Adobe Reader Speed Launcher

command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

size: 39792

MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, BigDogPath

command: C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

file: C:\WINDOWS\VM_STI.EXE

size: 53248

MD5: 742CDD011F1E1F10007C36EA98C49EEB

Located: HK_LM:Run, HP Software Update

command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

size: 49152

MD5: 926A397334FE426A6C7657096FE681DB

Located: HK_LM:Run, NeroFilterCheck

command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

size: 155648

MD5: C93AB037A8C792D5F8A1A9FC88A7C7C5

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\NvCpl.dll

size: 7618560

MD5: 4BCC78C649D5B117F664CB83B6A791A2

Located: HK_LM:Run, NvMediaCenter

command: RunDLL32.exe NvMCTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\NvMCTray.dll

size: 86016

MD5: AF6AE431B9B063304F37AD052A5A1E66

Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 1519616

MD5: 7AC98888346124460CC78860A3C73DF3

Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

file: C:\WINDOWS\RTHDCPL.EXE

size: 14477312

MD5: 96FCEB7B636E6A35CEBBC5E5F1F040E8

Located: HK_LM:Run, Sunkist2k

command: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

file: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

size: 135168

MD5: 504C9B456E415BD5A30747ED4E18D070

Located: HK_LM:Run, vptray

command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

size: 90112

MD5: 4B954730657F43B88A308C41FE570331

Located: HK_CU:Run, CTFMON.EXE

where: .DEFAULT...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

size: 147456

MD5: 928130E85250808BDB45694983AEDF65

Located: HK_CU:Run, ctfmon.exe

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, LDM

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

size: 32768

MD5: 5588812731C64305F2579DD8215037E0

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

size: 1833296

MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-18...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, NavLogon

command: C:\WINDOWS\system32\NavLogon.dll

file: C:\WINDOWS\system32\NavLogon.dll

size: 45056

MD5: 4F08576DA1C93A5EC62EB2AD6EC3D084

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Gracias

Aurelio · Mensaje por **Aurelio** » 23 Oct 2008, 23:37

Parecía que iba todo bien cuando Symantec me ha detectado lo siguiente

Scan type: Realtime Protection Scan

Event: Virus Found!

Virus name: Trojan.Zlob

File: C:\System Volume Information\_restore{FD0DB5DD-A159-4B58-BECE-18D38601EA35}\RP2\A0000091.EXE

Location: Quarantine

Computer: HOGAR

User: SYSTEM

Action taken: Quarantine succeeded : Access denied

Date found: jueves, 23 de octubre de 2008 22:57:56

Algo que da por ahí sin limpiar del todo.

Mensaje por **flacoroo** » 24 Oct 2008, 04:22

ahi no hay problema con este...

C:\System Volume Information\_restore{FD0DB5DD-A159-4B58-BECE-18D38601EA35}\RP2\A0000091.EXE

por que esta en la carpeta de restauracion, ahi se encuentra desactivado, el problema es si quieres restaurar tu compu a una fecha anterior y ahi se activaria.

haz esto, desactiva restaurar sistema, actualiza tu antivirus y reinicias en modo seguro y ejecutas tu antivirus y con eso lo eliminaras.

y deshabilitas estos del spybot....

Located: HK_LM:Run, Adobe Reader Speed Launcher

command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

size: 39792

MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, BigDogPath

command: C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)

file: C:\WINDOWS\VM_STI.EXE

size: 53248

MD5: 742CDD011F1E1F10007C36EA98C49EEB

Located: HK_LM:Run, HP Software Update

command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

size: 49152

MD5: 926A397334FE426A6C7657096FE681DB

Located: HK_LM:Run, NeroFilterCheck

command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

size: 155648

MD5: C93AB037A8C792D5F8A1A9FC88A7C7C5

Located: HK_CU:Run, LDM

where: S-1-5-21-1644491937-688789844-725345543-1003...

command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

size: 32768

MD5: 5588812731C64305F2579DD8215037E0

y ya que estas en herramientas del spybot, ve a partes internas del sistema, le das comprobar y despues reparar los problemas solucionados y despues le das que si a todos.

luego vas a BHOs y sigue las instrucciones, al igual en la pestaña ActiveX

claro nos e te olvide que debes tener actualizado tu spybot estamos en la version 1.6.2

Virus "Trojan.Mailfinder.win32.blin.dr (SOLUCIONADO)

Virus "Trojan.Mailfinder.win32.blin.dr (SOLUCIONADO)

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr

Re: Virus "Trojan.Mailfinder.win32.blin.dr