Foro de Spyware - Ver Mensaje Individual - Enhgtqt.exe...(Solucionado)

Tema: Enhgtqt.exe...(Solucionado)

Ver Mensaje Individual

post #6 (permalink)

09/05/08, 17:44:39

Blava

Usuario

Registrado: may 2008

Ubicación: España

Mensajes: 13

Re: Enhgtqt.exe

El registro de Kas limpio:

viernes, 09 de mayo de 2008 21:50:29
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 9/05/2008
Registros en la base antivirus: 670867

Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero

Objetivo a analizar Mi PC
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Estadísticas
Número de objeros analizados 94300
Virus encontrados 0
Objetos infectados 0 / 0
Objetos sospechosos 0
Duración del análisis 01:05:15

Bombre del objeto infectado Nombre del virus Última acción
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked saltado

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\usuario\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\ApplicationHistory\SysMonitor.exe.49302a1.ini .inuse Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Messenger\aiguamel@hotmail.com\Shar ingMetadata\Logs\Dfsr00005.log Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Messenger\aiguamel@hotmail.com\Shar ingMetadata\pending.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Messenger\aiguamel@hotmail.com\Shar ingMetadata\Working\database_96B0_2A71_1C2C_1E92\d fsr.db Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Messenger\aiguamel@hotmail.com\Shar ingMetadata\Working\database_96B0_2A71_1C2C_1E92\f sr.log Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Messenger\aiguamel@hotmail.com\Shar ingMetadata\Working\database_96B0_2A71_1C2C_1E92\f srtmp.log Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Messenger\aiguamel@hotmail.com\Shar ingMetadata\Working\database_96B0_2A71_1C2C_1E92\t mp.edb Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Contacts\aiguamel@hotmail.com\real\members.stg Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Contacts\aiguamel@hotmail.com\shadow\members.stg Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Mail\Contacts\aiguamel@hotmail.com\real\members.st g Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Mail\Contacts\aiguamel@hotmail.com\shadow\members. stg Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Mail\edb.log Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Mail\Mail.MSMessageStore Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Mail\tmp.edb Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Application Data\Microsoft\Windows Live Mail\WindowsLiveMail.log Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\History\History.IE5\MSHist012008050920080 510\index.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DF3169.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DF32D7.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFAF65.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFAF7C.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFBA29.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFBCC5.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFC9BE.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFCA6F.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFCBA0.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temp\~DFCBCE.tmp Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado

C:\Documents and Settings\usuario\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\usuario\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\usuario\ntuser.dat.LOG Object is locked saltado

C:\eDS_PSD_drive.vmdf Object is locked saltado

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

C:\System Volume Information\tracking.log Object is locked saltado

C:\System Volume Information\_restore{FBB54D42-5EA3-459E-B7FF-AB2A48C1DE54}\RP484\change.log Object is locked saltado

C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2295A2E4-159B-41C9-9D17-4049C7EE2D73}.crmlog Object is locked saltado

C:\WINDOWS\SchedLgU.Txt Object is locked saltado

C:\WINDOWS\SoftwareDistribution\EventCache\{261114 54-9443-4607-B6E7-AAAABFD6BA30}.bin Object is locked saltado

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado

C:\WINDOWS\Sti_Trace.log Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\Media Ce.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\wiadebug.log Object is locked saltado

C:\WINDOWS\wiaservc.log Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.

Pero el panda sigue saliendo:

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-05-09 23:33:14
PROTECTIONS: 0
MALWARE: 7
SUSPECTS: 1
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\usuario\Cookies\usuario@atdmt[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\usuario\Cookies\usuario@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\usuario\Cookies\usuario@ad.yieldmanager[2].txt
02388619 Application/Webmediaplayer HackTools No 0 Yes No C:\System Volume Information\_restore{FBB54D42-5EA3-459E-B7FF-AB2A48C1DE54}\RP479\A0089190.exe
02634860 Application/Keyloggerlite HackTools No 0 Yes No C:\Documents and Settings\usuario\My Documents\Download\Msn\kl_setup.exe
02634861 Application/Keyloggerlite HackTools No 0 Yes No C:\System Volume Information\_restore{FBB54D42-5EA3-459E-B7FF-AB2A48C1DE54}\RP482\A0089383.exe
02634861 Application/Keyloggerlite HackTools No 0 No No C:\Documents and Settings\usuario\My Documents\Download\Msn\kl_setup.exe[Keylogger Lite.exe]
02638505 Application/Keyloggerlite HackTools No 0 Yes No C:\System Volume Information\_restore{FBB54D42-5EA3-459E-B7FF-AB2A48C1DE54}\RP482\A0089384.dll
02638505 Application/Keyloggerlite HackTools No 0 No No C:\Documents and Settings\usuario\My Documents\Download\Msn\kl_setup.exe[exp32.dll]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location H
;================================================= ================================================== ================================================== ==============================No C:\DOCUMENTS AND SETTINGS\USUARIO\LOCAL SETTINGS\APPLICATION DATA\ENHGTQT.EXE
H
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description H
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================

Tengo instalado un keylog... a propósito. Pero ese ENHGTQT.EXE no sé de dónde sale. La única opció que me da es enviarla al laboratorio y eso ya lo he hecho antes. Alguna sugerencia?