| Tengo Varios Spyware segun my DoctoSpyware son 8 que no pueden quitarse
holas que tal, primero anuncio que coloco pero es q estoy harto ... me salen mensaje como Overburn Detect microsoft Visual c++ , otro que dice desea instalar el Software De Barrera Integral y tambien multiples ventanas emergentes de Explorer (7) que dicen http 404 no encontrado o algo asi .
Tengo Vista Home Premiun .. aquie les dejo los logs de Doctor Spyware y Nod32 ...
Análisis (solo información básica)
Resultados del análisis:
Análisis realizado: 11/05/2008 15:04:30
Análisis detenido: 11/05/2008 16:06:23
Objetos analizados: 150673
Objetos encontrados: 16
Encontrados y excluidos: 0
Herramientas utilizadas: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
DOCTOR SPYWARE
Nombre de la infección Ubicación Riesgo
Trojan.Virtumonde C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\7SCIC9LE\443[1].htm Elevado
Spyware.Known_Bad_Sites C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\HK1YCZ47\idkfa[1] Alto
Trojan.Virtumonde C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\YHR5VYQV\443[1].htm Elevado
Adware.Advertising C:\Users\Rober\AppData\Roaming\Microsoft\Windows\C ookies\rober@atdmt[1].txt Bajo
Adware.Maxifiles C:\Windows\mrofinu1000106.exe Alto
Trojan-Downloader.VB.AWJ C:\Windows\system32\pac.txt Elevado
Adware.Maxifiles HKCR\WR Alto
Adware.Maxifiles HKCR\WR## Alto
Adware.Maxifiles HKCR\WR##cmd Alto
Adware.Maxifiles HKCR\WR##configversion Alto
Adware.Maxifiles HKCR\WR##nextupdate Alto
Adware.Maxifiles HKCR\WR##p Alto
Adware.Maxifiles HKCR\WR##version Alto
Trojan.Agent HKCU\Software\Microsoft\rdfa Alto
Trojan.Agent HKCU\Software\Microsoft\rdfa## Alto
Adware.Maxifiles HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ##runner1 Alto
NOD32
Scan Log
Version of virus signature database: 2740 (20071221)
Date: 11/05/2008 Time: 15:02:52
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\$RECYCLE.BIN\S-1-5-21-2776558434-2606945691-64469822-1000\$RX7U625.rar » RAR » Rockstar Games\GTA San Andreas\audio\SFX\SCRIPT - archive damaged - the file could not be extracted.
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\Downloads\BitComet_setup_wtorrentdtl.exe » NSIS » passport_info_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\BitComet_setup_wtorrentdtl.exe » NSIS » passport_info_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\BitComet_setup_wtorrentdtl.exe » NSIS » passport_login_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\BitComet_setup_wtorrentdtl.exe » NSIS » passport_login_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\BitComet\fav\passport_info_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\BitComet\fav\passport_info_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\BitComet\fav\passport_info_zh_tw.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\BitComet\fav\passport_login_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\BitComet\fav\passport_login_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\BitComet\fav\passport_login_zh_tw.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.ilg - error opening [4]
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Customer Support.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Hardware Tracker.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Status Report.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveF orms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Windows Media Components\Encoder\WMEncoder_eula.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\ESET\ESET Smart Security\Charon\CACHE.NDB - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32 7dab32280f227acc1d53cf1a457bd1_b4a1c216-e1e1-418b-8171-9c1a120e96ef - error opening [4]
C:\Users\All Users\ESET\ESET Smart Security\Charon\CACHE.NDB - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\327dab32280 f227acc1d53cf1a457bd1_b4a1c216-e1e1-418b-8171-9c1a120e96ef - error opening [4]
C:\Users\Rober\NTUSER.DAT - error opening [4]
C:\Users\Rober\ntuser.dat.LOG1 - error opening [4]
C:\Users\Rober\ntuser.dat.LOG2 - error opening [4]
C:\Users\Rober\AppData\Local\Microsoft\Windows\Usr Class.dat - error opening [4]
C:\Users\Rober\AppData\Local\Microsoft\Windows\Usr Class.dat.LOG1 - error opening [4]
C:\Users\Rober\AppData\Local\Microsoft\Windows\Usr Class.dat.LOG2 - error opening [4]
C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\2RFEQA94\install_es[1].cab » CAB » UGA6PY_0001_N122M1902NetInstaller.exe - archive damaged - the file could not be extracted.
C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\2RFEQA94\install_es[2].cab » CAB » UGA6PY_0001_N122M1902NetInstaller.exe - archive damaged - the file could not be extracted.
C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\M6PMTBXB\install_es[1].cab » CAB » UGA6PY_0001_N122M1902NetInstaller.exe - archive damaged - the file could not be extracted.
C:\Users\Rober\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\Z6VT1T8H\install_es[1].cab » CAB » UGA6PY_0001_N122M1902NetInstaller.exe - archive damaged - the file could not be extracted.
C:\Users\Rober\AppData\Local\Microsoft\Windows Defender\FileTracker\{FF19C745-A97F-4F11-B016-E3872D3B0F92} - error opening [4]
C:\Users\Rober\AppData\Roaming\Microsoft\Windows\C ookies\Low\rober@www.phun[2].txt » MIME - is OK (internal scanning not performed)
C:\Users\Rober\Desktop\Trabajo\robert\MsgPlusLive-423.exe » RAR » Sponsor Agreement (es).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert\MsgPlusLive-423.exe » RAR » Sponsor Agreement (fr).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert\MsgPlusLive-423.exe » RAR » Sponsor Agreement (ne).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert\MsgPlusLive-423.exe » RAR » Sponsor Agreement (pt).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert\MsgPlusLive-423.exe » RAR » Sponsor Agreement.rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert\MsgPlusLive-423.exe » RAR » spinstall.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert2\MsgPlusLive-423.exe » RAR » Sponsor Agreement (es).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert2\MsgPlusLive-423.exe » RAR » Sponsor Agreement (fr).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert2\MsgPlusLive-423.exe » RAR » Sponsor Agreement (ne).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert2\MsgPlusLive-423.exe » RAR » Sponsor Agreement (pt).rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert2\MsgPlusLive-423.exe » RAR » Sponsor Agreement.rtf - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Desktop\Trabajo\robert2\MsgPlusLive-423.exe » RAR » spinstall.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Users\Rober\Documents\Rockstar Games.rar » RAR »
ÙM•�Õ™Q‘�Õ‡j»V-ªíX欣V ª
X˜V�«�Õfª5a!Qj—Á·ç»ûß - incorrect CRC checksum, the file may be damaged
C:\Users\Rober\Downloads\bitcomet_setup.exe » NSIS » passport_info_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Users\Rober\Downloads\bitcomet_setup.exe » NSIS » passport_info_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Users\Rober\Downloads\bitcomet_setup.exe » NSIS » passport_login_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Users\Rober\Downloads\bitcomet_setup.exe » NSIS » passport_login_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Windows\MEMORY.DMP - error opening [4]
C:\Windows\mrofinu1000106.exe - probably a variant of Win32/TrojanDownloader.Agent.BLS trojan - error while
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]
C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]
C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\SoftwareDistribution\Download\26924cbc8 132a10b438ce6e2b49d4652\BIT5F21.tmp » CAB » MAINWWsp1.msp - archive damaged - the file could not be extracted.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\config\COMPONENTS - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG1 - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG2 - error opening [4]
C:\Windows\System32\config\DEFAULT - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG1 - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG2 - error opening [4]
C:\Windows\System32\config\SAM - error opening [4]
C:\Windows\System32\config\SAM.LOG1 - error opening [4]
C:\Windows\System32\config\SAM.LOG2 - error opening [4]
C:\Windows\System32\config\SECURITY - error opening [4]
C:\Windows\System32\config\SECURITY.LOG1 - error opening [4]
C:\Windows\System32\config\SECURITY.LOG2 - error opening [4]
C:\Windows\System32\config\SOFTWARE - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - error opening [4]
C:\Windows\System32\config\SYSTEM - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG1 - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG2 - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\sysprep\Panther\diagerr.xml - error opening [4]
C:\Windows\System32\sysprep\Panther\diagwrn.xml - error opening [4]
C:\Windows\System32\sysprep\Panther\setupact.log - error opening [4]
C:\Windows\System32\sysprep\Panther\setuperr.log - error opening [4]
C:\Windows\System32\wbem\AutoRecover\3460B7617E042 9A960E481B197F238A3.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C97 21E744C05D78DBACFD3.mof - error opening [4]
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\DFS Replication.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evt x - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Media Center.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\ODiag.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\OSession.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6386_none_cef7ceb03914a67f\dnary.xsd - error opening [4]
Number of scanned objects: 207152
Number of threats found: 1
Time of completion: 16:08:12 Total scanning time: 3920 sec (01:05:20)
ESPERO SU ATENCION Y QUE PUEDAN AYUDARME PLS  |