el explorer no me funciona bien

mangoose77 · Mensaje por **mangoose77** » 09 May 2006, 12:26

hola hace tiempo q el explorer no me funciona correctamente no se si es un virus o un troyan agradeceria alguna ayuda al respecto

aui posteo el log gracias

Logfile of HijackThis v1.99.1

Scan saved at 11:25:46 AM, on 5/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Documents and Settings\joe\Desktop\mailcenter\emule\eMule0.47a\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\RTLCPL.EXE

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\WinAce\WinAce.exe

C:\DOCUME~1\joe\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\W

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe

O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\joe\Desktop\mailcenter\emule\eMule0.47a\emule.exe -AutoStart

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm472YYGB

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Descargar usando Download &Express - C:\Program Files\Download Express\Add_Url.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.canario.net

O15 - Trusted Zone: http://www.cbfsms.com

O15 - Trusted Zone: http://www.clinicadoctoracova.com

O15 - Trusted Zone: http://www.emule-project.net

O15 - Trusted Zone: http://www.londonpunks.co.uk

O15 - Trusted Zone: http://www.melanies-uk-swingers.com

O15 - Trusted Zone: http://www.oya-es.net

O15 - Trusted Zone: http://www.plyrics.com

O15 - Trusted Zone: http://www.sms.it

O15 - Trusted Zone: http://www.techzonez.com

O15 - Trusted Zone: https://foros.zonavirus.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141084523466

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143723978390

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4724/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6D92F383-7720-48A0-B3BA-20844876507B}: NameServer = 83.146.21.6 212.158.248.5

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Mensaje por **maura63** » 09 May 2006, 12:32

Pasa esta utilidad

http://www.zonavirus.com/descargas/elistara.asp

Peganos el contenido de un fichero que creara en C:Infosat.txt

y vuelve a pegarnos un nuevo log despues de pasar la utilidad.

Tienes Spy.

Saludos

maura63

mangoose77 · Mensaje por **mangoose77** » 10 May 2006, 01:03

he pasado el elistara a 2 de mis discos duros..no al extraible(e) y aqui os posteo el log

Tue May 09 16:58:07 2006

EliStartPage v11.63 (c)2006 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\WGALOGON]

Por favor, envienos una muestra del fichero

C:\WinLogon\WGALOGON.DLL

a "virus@satinfo.es". Gracias.

Entrada Eliminada [HKLM\...\Run] "My Web Search Bar"="rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S"

Entrada Eliminada [HKCU\...\Run] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"

Entrada Eliminada [HKLM\...\Run] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"

Eliminada Class, "{00A6FAF6-072E-44CF-8957-5838F569A31D}" -> C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

Eliminada Class, "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" -> C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

Eliminada Class, "{3E720452-B472-4954-B7AA-33069EB53906}" -> C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

Eliminada Class, "{53CED2D0-5E9A-4761-9005-648404E6F7E5}" -> C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

Eliminada Class, "{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}" -> C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

Eliminada Class, "{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}" -> C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

Eliminada Class, "{9AFB8248-617F-460D-9366-D71CDEDA3179}" -> NULL1

Eliminada Carpeta "%WinDir%\LastGood"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue May 09 16:59:40 2006

EliStartPage v11.63 (c)2006 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\BSPLAYER137.826.EXE --> AutoExtraible

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\SLSK156C.EXE --> AutoExtraible

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\WINAMP508E_FULL_EMUSIC-7PLUS.EXE --> AutoExtraible

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\WINAMP509_FULL_EMUSIC-8BASIC.EXE --> AutoExtraible

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\antivirus & antitrojans\NAV061200ES.EXE --> AutoExtraible

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\drivers\ATIMCATW.EXE --> AutoExtraible

C:\Documents and Settings\joe\Desktop\zzzdownloads\programs\p2p\SLSK157TEST8.EXE --> AutoExtraible

C:\kav\personal5\spanish\KAV5.0.227_PERSONALES.EXE --> AutoExtraible

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\UNINSTALL.EXE --> AutoExtraible

C:\Program Files\OutLaster\UN-SHHOST.EXE --> AutoExtraible

C:\Program Files\Soulseek\UNINSTALL.EXE --> AutoExtraible

C:\Program Files\Soulseek-Test\UNINSTALL.EXE --> AutoExtraible

C:\Program Files\Webteh\BSplayer\UNINSTALL.EXE --> AutoExtraible

C:\Program Files\Winamp\eMusic\UNINST-EMUSIC-PROMOTION.EXE --> AutoExtraible

C:\WINDOWS\system32\F3PSSAVR.SCR --> Eliminado, MyWebSearch (MWS)

Tue May 09 23:14:16 2006

EliStartPage v11.63 (c)2006 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

D:\Program Files\ACE Mega CoDecS Pack\UtilitieS\OGGCUT.EXE --> Eliminado, Spy.Delf (BHO)

D:\zztemp\SLSK156B.EXE --> AutoExtraible

D:\zztemp\zzdownloads\SLSK156C.EXE --> AutoExtraible

mangoose77 · Mensaje por **mangoose77** » 10 May 2006, 01:04

ah y he enviado el archivo WGALOGON.DLL a virus@satinfo.es a peticion del elistara. un saludo

Mensaje por **maura63** » 10 May 2006, 09:34

Esta semana Msc esta de vacaciones :twisted:

Una vez analizado te contestaran como respuesta a este mismo tema.

Paciencia.

Saludos

maura63