| Gypsypma |  |
|
2009-11-14 14:41 - Respuestas: 3 - Tema nº: 2635920
Windows Vista Mem RAM de 2.0 GB, Intel(R) Atom(TM) 230 1.60ghz .
Saludos...este es mi reporte alguien me ayuda a establecer que debo hacer? no sea que elimine algo que no deba y alli si que me llevan las mil...por favor agradezco si me ayudan...aqui les copio en detalle el analisis de seguridad...
Esto lo hice con la finalidad de buscar una solución a ciertos elementos que aparecen dentro de mi Programas predeterminados y los cuales no conozco entre elos Ron too1 Gooochi entre otros...ademas al finalizar el reporte me aparecen algunos con signos de interrogación y otros marcados en rojo, y la verdad no tengo mucha pericia en esta area y me siento insegura sobre lo que debo hacer...! Que me aconsejan?
Ciao Ciao...
Gracias....
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 08:16:54 a.m., on 11/14/2009
Platform: Windows Vista (WinNT 6.0)
MSIE: Internet Explorer v8.0 (8.0.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\tsnp325.exe
C:\Windows\FixCamera.exe
C:\Windows\vsnp325.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WallpaperDownloader\WallpaperDownloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SmartAds browser enhancer qfryneeu - {2663D221-597F-4FF7-8E47-1BCA7658C28D} - C:\Windows\system32\qfryneeu.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: IObitCom Toolbar - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IObitCom Toolbar - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\pc2009\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WallpaperDownloader] C:\Program Files\WallpaperDownloader\WallpaperDownloader.exe -minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pc2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldes-es.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Intermediario de solicitud de red de F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RelevantKnowledge - Unknown - C:\Program Files\RelevantKnowledge\rlservice.exe
................
) If suspicious files or settings are found, you can use NOD32 Online Antivirus (Top, Free, Scan and Remove)
Type Status Entry Describe
Process System No Record
Process smss.exe Session Manager Subsystem
Process csrss.exe Client/Server Runtime Server Subsystem
Process wininit.exe No Record
Process csrss.exe Client/Server Runtime Server Subsystem
Process services.exe Windows Service Controller
Process winlogon.exe Windows Logon Process
Process lsass.exe Local Security Service
Process lsm.exe No Record
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process audiodg.exe No Record
Process svchost.exe Service Host Process
Process SLsvc.exe No Record
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process spoolsv.exe Printer Spooler Service
Process svchost.exe Service Host Process
Process taskeng.exe No Record
Process dwm.exe No Record
Process explorer.exe Windows Explorer
Process AWC.exe Advanced WindowsCare
Process taskeng.exe No Record
Process MSASCui.exe No Record
Process tsnp325.exe No Record
Process FixCamera.exe No Record
Process vsnp325.exe No Record
Process FSM32.EXE No Record
Process sidebar.exe No Record
Process WallpaperDownloader.exe No Record
Process sidebar.exe No Record
Process fsgk32st.exe No Record
Process FSMA32.EXE No Record
Process ijplmsvc.exe No Record
Process fsgk32.exe No Record
Process FSMB32.EXE No Record
Process InCDsrv.exe No Record
Process svchost.exe Service Host Process
Process svchost.exe Service Host Process
Process SearchIndexer.exe No Record
Process FCH32.EXE No Record
Process FAMEH32.EXE No Record
Process fsqh.exe No Record
Process fsaua.exe No Record
Process fssm32.exe No Record
Process FNRB32.exe No Record
Process fsorsp.exe No Record
Process fsdfwd.exe No Record
Process FIH32.exe No Record
Process fsguidll.exe No Record
Process Ymsgr_tray.exe No Record
Process fsav32.exe No Record
Process taskeng.exe No Record
Process wuauclt.exe No Record
Process TrustedInstaller.exe No Record
Process iexplore.exe Internet Explorer
Process iexplore.exe Internet Explorer
Process conime.exe Console IME
Process iexplore.exe Internet Explorer
Process iexplore.exe Internet Explorer
Process iexplore.exe Internet Explorer
Process SearchProtocolHost.exe No Record
Process SearchFilterHost.exe No Record
Process SearchProtocolHost.exe No Record
Services fsgk32st.exe Related to F-Secure Anti-Virus Prog.
Services FNRB32.EXE Related to F-Secure_Anti-Virus software. This File should be found in the Program Files\F-Secure\Common\ folder.
Services fsaua.exe Related to F-Secure Corporation. Note: Located in C:\Program Files\F-Secure\FSAUA\program\
Services fsdfwd.exe Related to F-Secure Corporation.
Services FSMA32.EXE Related to F-Secure Anti-Virus Prog.
Services fsorsp.exe No Record
Services IJPLMSVC.EXE No Record
Services InCDsrv.exe InCD Packet Writer related.
Services NBService.exe Related to Nero Backup service. Note: Located in C:\Program Files\Nero\Nero 7\Nero BackItUp\
Services NMIndexingService.exe Part of a Nero product
Services rlservice.exe No Record
Start UP autoRun No Record
Start UP YahooMessenger.exe -quiet No Record
Start UP c No Record
Start UP WallpaperDownloader.exe -minimized No Record
Start UP glps.exe No Record
Start UP NeroCheck.exe Added by the PROXY-X TROJAN! Note - this is not related to "Nero Burning Rom" CD writing software
Start UP logon No Record
Start UP tsnp325.exe No Record
Start UP FixCamera.exe No Record
Start UP vsnp325.exe No Record
Start UP splash No Record
Start UP WAITFORSW No Record
BHO 18DF081C-E8AD-4283-A596-FA578C2EBDC3 No Record
BHO 2663D221-597F-4FF7-8E47-1BCA7658C28D No Record
BHO 31c7d459-9cc3-44f2-9dca-fc11795309b4 No Record
BHO 9030D464-4C02-4ABF-8ECC-5164760863C6 WindowsLiveLogin.dll - Microsoft Windows_Live, http://ideas.live.com/
BHO DBC80044-A445-435b-BC74-9C25C1C588A9 No Record
Tool Bar 31c7d459-9cc3-44f2-9dca-fc11795309b4 No Record
Menu Add to AMV Converter... No Database
Menu Enlace de descarga usando Mega Manager... No Database
Menu MediaManager tool grab multimedia file No Database
Button {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} No Database
Button {85d1f590-48f4-11d9-9669-0800200c9a66} No Database
Button {d9288080-1baa-4bc4-9cf8-a92d743db949} No Database
ActiveX 1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB http://www.nwfusion.com/newsletters/web/2003/1208web2.html
ActiveX 2D8ED06D-3C30-438B-96AE-4D110FDC1FB8 No Record
ActiveX 4F1E5B1A-2A80-42CA-8532-2D05CB959537 http://help.msn.com/!data/en_us/data/wcv6.its51/$content$/PAWhatIsUploadControl.htm
ActiveX 5D86DDB5-BDF9-441B-9E9E-D4730F4EE499 oscan8.cab Bitdefender
ActiveX 8AD9C840-044E-11D1-B3E9-00805F499D93 http://java.sun.com/j2se
ActiveX 9191F686-7F0A-441D-8A98-2FE3AC1BD913 No Record
ActiveX CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA No Record
ActiveX CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA No Record
ActiveX E2883E8F-472F-4FB0-9522-AC9BF37916A7 No
Aqui esta el link....
http://live.iobit.com/report.php?PHPSESSID=3b69db44ebabec08e0284e6deaec7c6f
| |
|
|
| swissman |  |
|
Re: Inf de analisis de Hijacks 6 /Advanced SystemCarev.3 - 2009-11-14 15:02 - Respuesta 2
desinstala los programas innecesarios, así como las toolbar y esto de los wallpaper.
cierra todos los programas, navegador incluido, ejecuta hijackthis pulsando do a system scan only y marcas las siguientes entradas:
O2 - BHO: SmartAds browser enhancer qfryneeu - {2663D221-597F-4FF7-8E47-1BCA7658C28D} - C:\Windows\system32\qfryneeu.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O4 - HKCU\..\Run: [WallpaperDownloader] C:\Program Files\WallpaperDownloader\WallpaperDownloader.exe -minimized
O9 - Extra button: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSe tup1.0.1.1.cab
O23 - Service: RelevantKnowledge - Unknown - C:\Program Files\RelevantKnowledge\rlservice.exe
pulsa fix checked, sin reinciar busca y borra las siguientes carpetas y su contenido (habilita la opcion de ver archivos y carpetas ocultos). si alguno no se deja usa killbox o unlocker, o ambos
C:\Program Files\WallpaperDownloader
C:\Program Files\RelevantKnowledge
pasa ccleaner, para limpiar los temporales y cokies y registro, y regclener
reinicias y nos dices que tal va, pega el log de nuevo | |
|
|
| Gypsypma | |
|
Re: Inf de analisis de Hijacks 6 /Advanced SystemCarev.3 - 2009-11-17 00:51 - Respuesta 3
Muchas Gracias Swissman, por tu atenta y rapida respuesta....hice todo como me indicaste, aqui postee el Log....lo unico que me tiene desconcertada es que aun me aparece Ron too! Gooochi dentro de mis programas configurados, y no se si es correcto, que eso deba aparecer allí. Por todo lo demas arregle los problemas o conflictos que tenia mi PC, especialmente con la barra del explorador en donde se me cerraban todas las ventanas al cerrar una, Te agradezco mil el favor....
Ciao Ciao....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:02:19 p.m., on 11/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\tsnp325.exe
C:\Windows\FixCamera.exe
C:\Windows\vsnp325.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://latam.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\pc2009\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pc2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://h30.e-tmm.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://h30.e-tmm.com (HKLM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldes-es.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61718E58-9A39-4F45-B9F4-89172B844DFB}: NameServer = 200.75.200.2,200.75.200.3
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Intermediario de solicitud de red de F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
End of file - 6689 bytes
| |
|
|
| swissman | |
|
Re: Inf de analisis de Hijacks 6 /Advanced SystemCarev.3 - 2009-11-17 07:22 - Respuesta 4
marca las siguientes
R3 - URLSearchHook: (no name) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O8 - Extra context menu item: Enlace de descarga usando Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pc2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
le das fix select, pasas ccleaner y regcleaner, reinicias y pegas el log de nuevo
¿a donde te refieres con "Gooochi dentro de mis programas configurados"? si es una carpeta, la puedes eliminar.
| |
|
|
|
