Cita:
Originalmente publicado por anleg_30  uetal Aldifero, Bienvenid@ al Foro A.-Descarga y actualiza Super antispyware < Leer_manual> B.-Descarga y actualiza Malwarebytes' Anti-Malware<Leer_manual> 1.-Desactiva restaurar sistema
2.-Entra en modo seguro - Ejecuta super antispyware
- Ejecuta Malwarebytes' Anti-Malware de la siguiente manera:
- Realiza un examen completo
- Elimina lo que consiga con la opcion de quitar todo lo seleccionado,
- Reinicia el sistema (este paso es importante para eliminar lo que consiga)
- Abre el programa y ubica el reporte en la pestaña "Registros" ("Logs" en ingles) abrelo y pegalo aqui
3.- Estando en modo normal ejecuta el ccleaner <Leer_manual>en su modo de limpiador y luego en la opcion de registro (realizando su respectiva copia de seguridad) C-pasa el Ewido online < Leer_manual>Al finalizar marca Remove Infections, si no elimina todo guarda el reporte y peagalo aqui D.-pasa el Kaspersky online <Leer_manual> si usas firefox instala IE Tab., pega el log que te genere el kaspersky aqui
Regresa con los reportes e indicame como esta el paciente para recomendarte las acciones a tomar |
Aquí está el Log:
Malwarebytes' Anti-Malware 1.24
Database version: 1025
Windows 5.1.2600 Service Pack 2
03:01:25 p.m. 04/08/2008
mbam-log-8-4-2008 (15-01-25).txt
Scan type: Full Scan (C:\|)
Objects scanned: 246120
Time elapsed: 1 hour(s), 9 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 13
Files Infected: 46
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\rwgiye.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcgvdj0eje1 (Rogue.Multiple) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and
deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted
successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\80e95b44 (Trojan.Vundo) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smrhcgvdj0eje1
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and
deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispBackgroun
dPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispScrSavPag
e (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Archivos de programa\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted
successfully.
C:\Archivos de programa\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1 (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1\Quarantine (Rogue.Multiple)
-> Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1\Quarantine\Autorun
(Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1\Quarantine\Autorun\HKCU
(Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de
programa\rhcgvdj0eje1\Quarantine\Autorun\HKCU\RunO nce (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1\Quarantine\Autorun\HKLM
(Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de
programa\rhcgvdj0eje1\Quarantine\Autorun\HKLM\RunO nce (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\Documents and Settings\Aldo\Datos de
programa\rhcgvdj0eje1\Quarantine\Autorun\StartMenu AllUsers (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\Documents and Settings\Aldo\Datos de
programa\rhcgvdj0eje1\Quarantine\Autorun\StartMenu CurrentUser (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1\Quarantine\BrowserObjects
(Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aldo\Datos de programa\rhcgvdj0eje1\Quarantine\Packages
(Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\ilqrgujb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjugrqli.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwgiye.dll (Trojan.Vundo) -> Delete on reboot.
C:\Archivos de programa\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and
deleted successfully.
C:\Documents and Settings\Alan\Configuración local\Archivos temporales de
Internet\Content.IE5\14PHLYCT\css4[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Alan_2\Configuración local\Archivos temporales de
Internet\Content.IE5\OQ475W47\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Fabi\Configuración local\Archivos temporales de
Internet\Content.IE5\4DUFG16Z\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Fabi\Configuración local\Archivos temporales de
Internet\Content.IE5\WHIJG1YB\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Kiity y Toño\Configuración local\Archivos temporales de
Internet\Content.IE5\8V2WUS0H\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Kiity y Toño\Configuración local\Archivos temporales de
Internet\Content.IE5\P492K61M\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Kiity y Toño\Configuración local\Archivos temporales de
Internet\Content.IE5\VUVM75FP\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\Documents and Settings\Kiity y Toño\Configuración local\Archivos temporales de
Internet\Content.IE5\VUVM75FP\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted
successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\Fifoed\A0117861.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP284\A0119184.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119259.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119260.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119261.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119272.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119274.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119275.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP285\A0119288.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP287\A0120500.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP287\A0123544.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP287\A0123629.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP287\A0123696.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP287\A0123697.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP287\A0123698.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124870.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124910.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124911.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124912.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124913.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124915.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124916.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124917.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124918.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124919.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124920.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124921.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124923.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124924.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124926.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124927.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{D166B40C-795A-4BA3-89B3-8E8FC1146CEE}(2)\RP289\A0124928.dll
(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qysqsyi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted
successfully.