Win32:FakeAlert [Trj]

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Responder
fl_fernando@hotmail.com
Mensajes: 5
Registrado: 12 Oct 2006, 19:29

Win32:FakeAlert [Trj]

Mensaje por fl_fernando@hotmail.com » 24 Ene 2007, 04:49

Hola de nuevo.

Disculpen la molestia pero quisiera que me ayuden con un virus que me está fastidiando la compu. El Avast lo identifica como un troyano "Win32:FakeAlert [Trj]" . Cada cinco minutos el Avast me avisa que este virus se quiere conectar a la compu, y tengo que estar a cada rato poniendole la opcion de abortar conexion. Corrí el antivirus, restaure el sistema, revise mis ultimos movimientos en la compu y nada que encuentro el problema.



Aquí les dejo mi log, espero me puedan ayudar



Logfile of HijackThis v1.99.1

Scan saved at 21:47:30, on 23/01/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe

C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe

C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Archivos de programa\Ahead\InCD\InCD.exe

C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe

C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Archivos de programa\mobile PhoneTools\WatchDog.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Archivos de programa\Logitech\Video\LogiTray.exe

C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe

D:\MISDOC~1\JJCARP~1\NOKIAP~1\LAUNCH~1.EXE

C:\Archivos de programa\iTunes\iTunesHelper.exe

C:\Archivos de programa\QuickTime\qttask.exe

C:\WINDOWS\svhost.exe

C:\Archivos de programa\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe

C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

C:\Archivos de programa\Winamp3\winampa.exe

C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

D:\Mis documentos\jj carpeta\Nokia PC Suite 6\PcSync2.exe

C:\Archivos de programa\eMule\emule.exe

C:\ARCHIV~1\ARCHIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Archivos de programa\Logitech\Video\FxSvr2.exe

C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe

C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe

C:\Archivos de programa\Palm\Hotsync.exe

C:\Archivos de programa\VIA\RAID\raid_tool.exe

C:\Archivos de programa\WinZip\WZQKPICK.EXE

C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE

E:\Archivos de Programas 2\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FlashGet\jccatch.dll

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WatchDog] C:\Archivos de programa\mobile PhoneTools\WatchDog.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Archivos de programa\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Archivos de programa\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\MISDOC~1\JJCARP~1\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Winnt] C:\WINDOWS\svhost.exe

O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [segru.exe] C:\WINDOWS\system32\segru.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Archivos de programa\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Archivos de programa\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [PcSync] D:\Mis documentos\jj carpeta\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Archivos de programa\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [LDM] \Program\

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Archivos de programa\Palm\Hotsync.exe

O4 - Global Startup: HPAiODevice(hp officejet g series) - 2.lnk = C:\Archivos de programa\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Archivos de programa\VIA\RAID\raid_tool.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm

O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm

O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm

O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2048BDE1-CCE7-4305-8383-575CEC74D6A4}: NameServer = 85.255.116.66,85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\..\{32081B0E-2BFA-456E-BE32-3CB7504E9F94}: NameServer = 85.255.116.66,85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E5F1EEC-9B59-4EC3-BA87-FA49D24AA48F}: NameServer = 85.255.116.66,85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEB157DF-D73D-49F5-9DB7-7CF74CF3936A}: NameServer = 85.255.116.66,85.255.112.80

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.66 85.255.112.80

O18 - Protocol: bw+0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {9CD2AD1D-6416-47F8-831B-FB6FABA1FD86} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 24 Ene 2007, 08:15

Para esto tenemos la utilidad ELISTARA, que puede probar y postearnos el log resultante C:\infosat.txt , pero ya que ha posteado el log del HJT; paso a analizarlo:



Aparte hay muchos malwares, y virus de MSN, como el SPY BANKER del icpldrvx.exe, entre otros conocidos y desconocidos:



Debes enviarnos estas muestras para analizar:



:\WINDOWS\svhost.exe



C:\WINDOWS\system32\segru.exe



C:\Archivos de programa\Archivos comunes\DataViz\DvzIncMsgr.exe











t estas entradas son de malwares, deben eliminarse:



O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll



O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL



tO4 - HKLM\..\Run: [Winnt] C:\WINDOWS\svhost.exe



O4 - HKLM\..\Run: [Avg Antivirus] C:\WINDOWS\system32\icpldrvx.exe



O4 - HKLM\..\Run: [segru.exe] C:\WINDOWS\system32\segru.exe



O4 - HKCU\..\Run: [LDM] \Program\



O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm



O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm



O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm



O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm



O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm





O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)



O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)







recordar: https://foros.zonavirus.com/viewtopic.php?f=5&t=45334



saludos



ms, 24-01-2007
Arriba
Responder

Volver a “Foro HijackThis - copia y pega tu log”