| Ver la Versión Completa : virus por msn alexis_ve 26/02/08, 01:13:10 Me entro un virus por el msn,era un archivo comprimido al q tenias q aceptar,pase varios programas pra tratar de eliminarlo,pero no lo encuentran y sigue mandando ese archivo a mis contactos. Q puedo hacer?manda frases y el archivo es algo como fotos_jpg...Les agradeceria q me ayudaran Kirigi 26/02/08, 01:19:07 Hola alexis_ve Bienvenido al Foro :manos: :1: Descarga MsnCleaner (http://www.forospyware.com/t92153.html#post398656) pero no lo ejecutes aun :2: Inicia en Modo a Prueba de Fallos (http://www.forospyware.com/292284-post4.html) *Descomprimes el archivo MSNCleaner.zip *Ejecutar el archivo MSNCleaner.exe *Hacer Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar *Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts" *Hacer Clic en el botón Eliminar Guardar el informe q genere y pegalo aqui :3: Inicia en modo normal y si aun sigues con el problema me pegas un reporte del Panda ActiveScan Online (http://www.forospyware.com/t75446.html) :Bien: Salu2 alexis_ve 26/02/08, 13:28:20 Mira hice lo que me dijiste con el msn cleaner,pero no me detecto ningun archivo infectado,el reporte fue el siguiente: - Reporte MSNCleaner 1.5.6 by www.forospyware.com - Reporte Creado: 26/02/2008 a las 4:25:39 - Sistema Operativo: Windows XP - Modo de Inicio: Prueba de fallos _________________________________________ Archivos detectados: 0 Archivos eliminados: 0 Archivos no eliminados: 0 <<<<<<< No se ha encontrado ningún archivo >>>>>>> Como el problema sigue,hice un escaneo con el panda online y el reporte es el siguiente: Incidencia Estado Elemento Adware:adware/whenusearch No desinfectado Registro de Windows Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Administrador\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta] Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@terra .com[1].txt Spyware:Cookie/Overture No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.overture.com/] Spyware:Cookie/Advertising No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.advertising.com/] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Default User\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Familia\7zS4DA.tmp\SPTD138.exe Spyware:Cookie/888 No desinfectado C:\Documents and Settings\Familia\Cookies\familia@888[1].txt Spyware:Cookie/Casinotropez No desinfectado C:\Documents and Settings\Familia\Cookies\familia@casinotropez[2].txt Spyware:Cookie/fe.lea.lycos No desinfectado C:\Documents and Settings\Familia\Cookies\familia@fe.lea.lycos[1].txt Spyware:Cookie/Searchportal No desinfectado C:\Documents and Settings\Familia\Cookies\familia@searchportal.info rmation[1].txt Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Cookies\familia@terra.com[3].txt Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.terra.com.br/] Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.weborama.fr/] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\hector\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta] Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@888[2].txt Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[1].txt Spyware:Cookie/Cassava No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[2].txt Spyware:Cookie/Lop No desinfectado C:\Documents and Settings\hector\Cookies\hector@www.lop[2].txt Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Zedo No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.zedo.com/] Spyware:Cookie/FastClick No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.fastclick.net/] Spyware:Cookie/Apmebf No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.apmebf.com/] Spyware:Cookie/Tribalfusion No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.doubleclick.net/] Spyware:Cookie/Statcounter No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.statcounter.com/] Spyware:Cookie/Yadro No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.yadro.ru/] Spyware:Cookie/onestat.com No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[stat.onestat.com/] Spyware:Cookie/Xiti No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.xiti.com/] Spyware:Cookie/adultfriendfinder No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/SexList No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.sexlist.com/] Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.weborama.fr/] Spyware:Cookie/Adrevolver No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adrevolver.com/] Spyware:Cookie/Mediaplex No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.mediaplex.com/] Spyware:Cookie/Server.iad.Liveperson No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[server.iad.liveperson.net/hc/43370379] Spyware:Cookie/Server.iad.Liveperson No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Adtech No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adtech.de/] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\JONATAN\7zS4DA.tmp\SPTD138.exe Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\JONATAN\Cookies\jonatan@ad.yieldmanager[1].txt Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\HijackThis(para gusanos)\ComboFix.exe[327882R2FWJFW\nircmd.com] Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\HijackThis(para gusanos)\ComboFix.exe[327882R2FWJFW\nircmd.cfexe] Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\WINDOWS\Nircmd.exe Adware:Adware/Maxifiles No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DA.tm p\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[Pass.exe][Contraseña.hta] Espero su respuesta, desde ya,muchas gracias alexis_ve 27/02/08, 11:04:07 Espero que puedan ayudarme,les dejo mi ultimo log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:00:08, on 27/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\odcwp.exe C:\Archivos de programa\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Eset\nod32kui.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe C:\Archivos de programa\DAEMON Tools\daemon.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\BitTorrent_DNA\dna.exe C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE C:\Windows\Temp\Install_WLMessenger.exe C:\WINDOWS\system32\msiexec.exe C:\Archivos de programa\Windows Live\installer\Dashboard.exe C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] realsched.exe -osboot O4 - HKLM\..\Run: [ISUSPM] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [odcwp] C:\WINDOWS\system32\odcwp.exe O4 - HKLM\..\RunServices: [odcwp] C:\WINDOWS\system32\odcwp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Archivos de programa\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [Remote itch] C:\DOCUME~1\JONATAN\DATOSD~1\PROCAC~1\bindelse.exe O4 - HKCU\..\Run: [Steam] D:\Juegos Joni\counter\Steam.exe -silent O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: RAV4MSN StartUp.lnk = C:\Archivos de programa\GeCAD\RAV4MSN\RAV4MSN.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {0270E604-387F-48ED-BB6D-AA51F51D6FC3} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.readyforcrysis.com/sysreqlab2.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A7E1CB0E-C3F2-40F0-9254-FB841D0AD624}: NameServer = 200.51.212.7 200.51.211.7 O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe O23 - Service: Print Spooler Service (ayotbda0x) - Unknown owner - C:\WINDOWS\system32\odcwp.exe O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\antivirus\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\antivirus\Spyware Doctor\pctsSvc.exe -- End of file - 9082 bytes digamne a q le tengo que poner fix.Arriba tenes el reporte del msn cleaner y el panda. Muchas gracias Kirigi 27/02/08, 12:55:25 Hola alexis_ve Por favor edita tu log de hijackthis ya que en este sector no se pueden pegar esos log al menos que un miembro del staff del foro te lo pida ;) :1:-Apaga el "Restaurar Sistema (http://www.forospyware.com/292280-post2.html)" (solo en Win Me y XP) y activa ver archivos ocultos (http://www.forospyware.com/292282-post3.html). :2:- Descarga, Instala y/o actualiza y estos programas, (pero no las ejecutes aun). Malwarebytes' Anti-Malware (http://www.infospyware.com/Anti-Malwares.htm) <---instalalo y actualizalo pero no lo ejecutes todavia. NOTA: Si despues de instalarlo el lenguaje esta en Ingles ve a la pestaña "Settings" y lo cambias a Español. Descarga la herramienta SDFix (http://www.forospyware.com/t77529.html) y guardala y descomprimila en tu escritorio pero no la ejecutes aun. :3: Inicia en Modo a Prueba de Fallos (http://www.forospyware.com/292284-post4.html) Ve a “Inicio” ---> “Ejecutar” y escribes el siguiente código tal cual esta escrito: sc delete ayotbda0x y le das "Aceptar". (para mayor comodidad lo copias y pegas para no cometer errores en su escritura ) :4: Ejecuta Malwarebytes' Anti-Malware <---- realiza un escaneo completo del PC y elimina las infecciones que este detecte. El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema. Abre la pestaña "Herramientas" y en la opción FileASSASSIN, selecciona ejecutar herramienta y busca y elimina este archivo (que te pongo en rojo): C:\WINDOWS\system32\odcwp.exe :5: Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio, entra en dicha carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el chequeo, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega lo que indique ese reporte acá. :6: Reinicia el PC a "Modo normal", te pegas el reporte del SDFix, y Malwarebytes' Anti-Malware aqui :Bien: Salu2 alexis_ve 27/02/08, 14:05:10 Hice todo lo que me dijiste.El reporte del Malwarebytes' Anti-Malware es el siguiente: Malwarebytes' Anti-Malware 1.05 Versión de la Base de Datos: 416 Tipo de examen : Examen Completo (A:\|C:\|D:\|) Objetos examinados: 105451 Tiempo transcurrido: 13 minute(s), 39 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 69 Valores del Registro Infectados: 5 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 26 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\ Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valores del Registro Infectados: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: C:\Archivos de programa\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.v ir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.s cr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. El reporte del SDFix.exe es el siguiente: SDFix: Version 1.148 Run by JONATAN on 27/02/2008 at 16:49 Microsoft Windows XP [Versión 5.1.2600] Running From: C:\DOCUME~1\JONATAN\ESCRIT~1\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted Removing Temp Files ADS Check : C:\WINDOWS :BZ-VIRTUAL-LINK 0 Total size: 0 bytes. WINDOWS: deleted 0 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS No streams found. Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-27 16:52:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg] "s1"=dword:6e206277 "s2"=dword:9c7336f8 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:ac,60,6c,60,79,74,dc,23,35,20,bb,f9,26,e9,2b, 28,20,0a,26,e6,ef,.. "p0"="C:\Archivos de programa\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001] "khjeh"=hex:66,fe,8c,ec,0a,e8,c8,94,41,e5,e3,fd,13,04,2c, 3d,a6,80,8e,cd,87,.. "a0"=hex:20,01,00,00,63,17,4c,06,a8,ef,6f,d3,9f,0e,7b, 82,95,30,99,49,c5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40] "khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87,e1,3e, eb,b9,e7,0f,15,25,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41] "khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87,e1,3e, eb,b9,e7,0f,15,25,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42] "khjeh"=hex:10,ea,8d,48,7e,00,5d,e5,35,b7,6c,2e,b8,a1,8f, ee,78,a6,e6,18,ae,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43] "khjeh"=hex:66,44,85,23,13,03,14,2c,19,98,60,f1,9b,9c,89, f5,78,1d,bf,10,ad,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:ac,60,6c,60,79,74,dc,23,35,20,bb,f9,26,e9,2b, 28,20,0a,26,e6,ef,.. "p0"="C:\Archivos de programa\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:66,fe,8c,ec,0a,e8,c8,94,41,e5,e3,fd,13,04,2c, 3d,a6,80,8e,cd,87,.. "a0"=hex:20,01,00,00,63,17,4c,06,a8,ef,6f,d3,9f,0e,7b, 82,95,30,99,49,c5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40] "khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87,e1,3e, eb,b9,e7,0f,15,25,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41] "khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87,e1,3e, eb,b9,e7,0f,15,25,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42] "khjeh"=hex:10,ea,8d,48,7e,00,5d,e5,35,b7,6c,2e,b8,a1,8f, ee,78,a6,e6,18,ae,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43] "khjeh"=hex:66,44,85,23,13,03,14,2c,19,98,60,f1,9b,9c,89, f5,78,1d,bf,10,ad,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Archivos de programa\\BitTorrent_DNA\\dna.exe"="C:\\Archivos de programa\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTor rent DNA" "D:\\Documentos de joni\\Descargas ares\\Torrent\\BitTorrent\\bittorrent.exe"="D:\\Documentos de joni\\Descargas ares\\Torrent\\BitTorrent\\bittorrent.exe:*:Enable d:BitTorrent" "C:\\Archivos de programa\\BitTorrent\\bittorrent.exe"="C:\\Archivos de programa\\BitTorrent\\bittorrent.exe:*:Enabled:Bit Torrent" "D:\\Juegos Joni\\ultimo pro\\PES2008.exe"="D:\\Juegos Joni\\ultimo pro\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "D:\\Juegos Joni\\Crysis\\juego\\Bin32\\Crysis.exe"="D:\\Juegos Joni\\Crysis\\juego\\Bin32\\Crysis.exe:*:Enabled:C rysis_32" "D:\\Juegos Joni\\Crysis\\juego\\Bin32\\CrysisDedicatedServer. exe"="D:\\Juegos Joni\\Crysis\\juego\\Bin32\\CrysisDedicatedServer. exe:*:Enabled:CrysisDedicatedServer_32" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkB strA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkB strB" "C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\JONATAN\ESCRIT~1\SDFix\backups\backups .zip Files with Hidden Attributes : Tue 12 Jun 2007 213,293 A.SH. --- "C:\Documents and Settings\JONATAN\Datos de programa\7z.dll" Tue 12 Jun 2007 59,418 A.SHR --- "C:\Documents and Settings\JONATAN\Datos de programa\7z.exe" Fri 9 Feb 2007 386,630 A.SHR --- "C:\Documents and Settings\JONATAN\Datos de programa\wunauclt.zip" Thu 27 Jun 1996 83,520 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PCDLIB.DLL" Thu 27 Jun 1996 2,336 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PCDXBMP.DLL" Thu 27 Jun 1996 36,976 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PHOTO.DLL" Thu 27 Jun 1996 1,038,112 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50BAS.DLL" Thu 27 Jun 1996 120,192 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50BMP.DLL" Thu 27 Jun 1996 48,320 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50CBT.DLL" Thu 27 Jun 1996 328,288 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50CMP.DLL" Thu 27 Jun 1996 83,296 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50DLG.DLL" Thu 27 Jun 1996 18,880 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50DOS.DLL" Thu 27 Jun 1996 171,136 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50FLT.DLL" Thu 27 Jun 1996 65,472 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50JPG.DLL" Thu 13 Dec 2001 188,224 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50LNL.DLL" Thu 27 Jun 1996 43,616 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50MM.DLL" Thu 27 Jun 1996 47,520 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50NET.EXE" Thu 27 Jun 1996 176,088 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50RCR.DLL" Thu 27 Jun 1996 713,696 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50RUN.EXE" Thu 27 Jun 1996 119,008 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50UTL.DLL" Thu 27 Jun 1996 57,728 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50WIN.DLL" Thu 27 Jun 1996 12,352 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TBLOAD.EXE" Wed 11 Feb 1998 55,808 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\voice32.dll" Thu 9 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 17 Jul 2007 1,824,648 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0430282f2 bf1ec57c42b1f57f6d61a29\BIT34C.tmp" Mon 16 Jul 2007 2,303,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0f371b323 f6d6a7a2edf7796ad531854\BIT47C.tmp" Mon 16 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\302e0d5b8 5d3f962e1987493dc5d679a\BIT275.tmp" Tue 17 Jul 2007 1,271,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3fa9cf831 49bfaaf6b5cc816631a3987\BIT11C.tmp" Tue 17 Jul 2007 640,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5816d9cc0 46a67540201dd8fb4b4b279\BIT6.tmp" Mon 16 Jul 2007 518,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a4806980 940e8f88638af5558753593\BITF.tmp" Tue 17 Jul 2007 544,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f6650871 42eabdac6e73a101b60e654\BIT7.tmp" Tue 17 Jul 2007 4,692,872 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb5 483991b3e0ca9650ffff5c3\BITE.tmp" Thu 28 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b57123f3 4b36d78301160a5473d6135\BIT3.tmp" Mon 16 Jul 2007 568,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac2e0a452 23141a46f81bedd3b9f192a\BIT16C.tmp" Tue 17 Jul 2007 1,607,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3958dae4 9728da026def65195c3aa84\BIT8.tmp" Tue 17 Jul 2007 792,888 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b9b86da35 72751e60098fe1626d3a89a\BIT521.tmp" Tue 17 Jul 2007 902,456 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6062a2b7 ad73a3b90ab048fdb80f48f\BIT4.tmp" Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4878a187 565d10d360502f64c0bf9b8\BIT10.tmp" Tue 17 Jul 2007 582,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e62973c02 1403938dc26bb4b31008e0d\BIT5.tmp" Mon 16 Jul 2007 3,147,576 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1a57820c 5945cd21c25ee55f39f3d90\BIT481.tmp" Tue 17 Jul 2007 1,830,280 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f4a915cff b8101d320f17a94bff8fa38\BIT9.tmp" Finished! Espero q ahora este todo bien,y sino espero q me sigan ayudando.Una pregunta ahora activo el restaurar sistema no?otra vez muchas gracias:biggrin: Kirigi 27/02/08, 14:33:33 Hola alexis_ve Aun no terminamos ya que aun veo archivos que hay que eliminar: :1: Descargate OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) lo guardas en el Escritorio. Haz un doble clic sobre OTMoveIt.exe para ejecutarlo. Asegurate que este marcado "Unregister Dll's and Ocx's". Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste List of Filas / Folders to be moved. C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\WINDOWS\SoftwareDistribution\Download\0430282f 2bf1ec57c42b1f57f6d61a29\BIT34C.tmp C:\WINDOWS\SoftwareDistribution\Download\f4a915cf fb8101d320f17a94bff8fa38\BIT9.tmp C:\WINDOWS\SoftwareDistribution\Download\f1a57820 c5945cd21c25ee55f39f3d90\BIT481.tmp C:\WINDOWS\SoftwareDistribution\Download\e62973c0 21403938dc26bb4b31008e0d\BIT5.tmp C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT10.tmp C:\WINDOWS\SoftwareDistribution\Download\d6062a2b 7ad73a3b90ab048fdb80f48f\BIT4.tmp C:\WINDOWS\SoftwareDistribution\Download\b9b86da3 572751e60098fe1626d3a89a\BIT521.tmp C:\WINDOWS\SoftwareDistribution\Download\b3958dae 49728da026def65195c3aa84\BIT8.tmp C:\WINDOWS\SoftwareDistribution\Download\ac2e0a45 223141a46f81bedd3b9f192a\BIT16C.tmp C:\WINDOWS\SoftwareDistribution\Download\9b57123f 34b36d78301160a5473d6135\BIT3.tmp C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb 5483991b3e0ca9650ffff5c3\BITE.tmp C:\WINDOWS\SoftwareDistribution\Download\6f665087 142eabdac6e73a101b60e654\BIT7.tmp C:\WINDOWS\SoftwareDistribution\Download\6a480698 0940e8f88638af5558753593\BITF.tmp C:\WINDOWS\SoftwareDistribution\Download\5816d9cc 046a67540201dd8fb4b4b279\BIT6.tmp C:\WINDOWS\SoftwareDistribution\Download\3fa9cf83 149bfaaf6b5cc816631a3987\BIT11C.tmp C:\WINDOWS\SoftwareDistribution\Download\302e0d5b 85d3f962e1987493dc5d679a\BIT275.tmp C:\WINDOWS\SoftwareDistribution\Download\0f371b32 3f6d6a7a2edf7796ad531854\BIT47C.tmp Haz clic en MoveIt! Para lanzar la supresión. Cuando el resultado aparece en el marco Results, hace clic en Exit. Reinicia el PC (Este paso es muy importante). Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles. :2: Vuelves con el reporte del OTmoveit y con uno del panda ;) Salu2 alexis_ve 27/02/08, 17:16:34 bueno aca esta mi reporte del OTMoveIt : C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp moved successfully. File/Folder C:\WINDOWS\SoftwareDistribution\Download\0430282f 2bf1ec57c42b1f57f6d61a29\BIT34C.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\f4a915cf fb8101d320f17a94bff8fa38\BIT9.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\f1a57820 c5945cd21c25ee55f39f3d90\BIT481.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\e62973c0 21403938dc26bb4b31008e0d\BIT5.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT10.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\d6062a2b 7ad73a3b90ab048fdb80f48f\BIT4.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\b9b86da3 572751e60098fe1626d3a89a\BIT521.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\b3958dae 49728da026def65195c3aa84\BIT8.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\ac2e0a45 223141a46f81bedd3b9f192a\BIT16C.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\9b57123f 34b36d78301160a5473d6135\BIT3.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb 5483991b3e0ca9650ffff5c3\BITE.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\6f665087 142eabdac6e73a101b60e654\BIT7.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\6a480698 0940e8f88638af5558753593\BITF.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\5816d9cc 046a67540201dd8fb4b4b279\BIT6.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\3fa9cf83 149bfaaf6b5cc816631a3987\BIT11C.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\302e0d5b 85d3f962e1987493dc5d679a\BIT275.tmp not found. File/Folder C:\WINDOWS\SoftwareDistribution\Download\0f371b32 3f6d6a7a2edf7796ad531854\BIT47C.tmp not found. OTMoveIt2 v1.0.20 log created on 02272008_173714 Y este es el del panda: Incidencia Estado Elemento Adware:adware/whenusearch No desinfectado Registro de Windows Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Administrador\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta] Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@terra .com[1].txt Spyware:Cookie/Overture No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.overture.com/] Spyware:Cookie/Advertising No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.advertising.com/] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Default User\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Familia\7zS4DA.tmp\SPTD138.exe Spyware:Cookie/888 No desinfectado C:\Documents and Settings\Familia\Cookies\familia@888[1].txt Spyware:Cookie/Casinotropez No desinfectado C:\Documents and Settings\Familia\Cookies\familia@casinotropez[2].txt Spyware:Cookie/fe.lea.lycos No desinfectado C:\Documents and Settings\Familia\Cookies\familia@fe.lea.lycos[1].txt Spyware:Cookie/Searchportal No desinfectado C:\Documents and Settings\Familia\Cookies\familia@searchportal.info rmation[1].txt Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Cookies\familia@terra.com[3].txt Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.terra.com.br/] Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.weborama.fr/] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\hector\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta] Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@888[2].txt Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[1].txt Spyware:Cookie/Cassava No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[2].txt Spyware:Cookie/Lop No desinfectado C:\Documents and Settings\hector\Cookies\hector@www.lop[2].txt Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Zedo No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.zedo.com/] Spyware:Cookie/FastClick No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.fastclick.net/] Spyware:Cookie/Apmebf No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.apmebf.com/] Spyware:Cookie/Tribalfusion No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.doubleclick.net/] Spyware:Cookie/Statcounter No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.statcounter.com/] Spyware:Cookie/Yadro No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.yadro.ru/] Spyware:Cookie/onestat.com No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[stat.onestat.com/] Spyware:Cookie/Xiti No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.xiti.com/] Spyware:Cookie/adultfriendfinder No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/SexList No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.sexlist.com/] Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.weborama.fr/] Spyware:Cookie/Adrevolver No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adrevolver.com/] Spyware:Cookie/Mediaplex No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.mediaplex.com/] Spyware:Cookie/Server.iad.Liveperson No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[server.iad.liveperson.net/hc/43370379] Spyware:Cookie/Server.iad.Liveperson No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Adtech No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adtech.de/] Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\JONATAN\7zS4DA.tmp\SPTD138.exe Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\HijackThis(para gusanos)\ComboFix.exe[327882R2FWJFW\nircmd.com] Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\HijackThis(para gusanos)\ComboFix.exe[327882R2FWJFW\nircmd.cfexe] Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\HijackThis(para gusanos)\SDFix\apps\Process.exe Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\HijackThis(para gusanos)\SDFix.exe[SDFix\apps\Process.exe] Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\WINDOWS\Nircmd.exe Adware:Adware/Maxifiles No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DA.tm p\SPTD138.exe Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[cmdow.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[Pass.exe] Hacktool:HackTool/NewPassword.A No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[Pass.exe][Contraseña.hta] Espero su respuesta Kirigi 27/02/08, 18:00:22 Hola alexis_ve ::pensar:: lo que mostro el panda en su gran mayoria son falsos positivos y cookies Descarga Ccleaner + Manual (http://www.forospyware.com/t39511.html) y usalo primero en modo Limpiador para limpiar cookies y temporales de internet y luego en modo Registro (haciendo copia de seguridad como lo indica el manual) Y comentame entonce como va tu pc ;) Salu2:adios: Recuerda Volver |