virus por msn - Foro de Spyware

Buscar

		Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Foro de Virus y Spywares
virus por msn

Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Foro de Virus y Spywares Ayuda con: Malwares - Virus - Spywares - Troyanos - Adwares - Worms - Hijackers - Dialers - Rootkits - Keylogger - etc.) Plantéanos tu problema en este sector.
No ponga su log de HijackThis aquí !!

Herramientas

post #1 (permalink)

26/02/08, 01:13:10

alexis_ve

Usuario

Registrado: feb 2008

Ubicación: argentina

Mensajes: 6

virus por msn

Me entro un virus por el msn,era un archivo comprimido al q tenias q aceptar,pase varios programas pra tratar de eliminarlo,pero no lo encuentran y sigue mandando ese archivo a mis contactos. Q puedo hacer?manda frases y el archivo es algo como fotos_jpg...Les agradeceria q me ayudaran

post #2 (permalink)

26/02/08, 01:19:07

Kirigi

Warrior

Registrado: jun 2007

Ubicación: Venezuela

Mensajes: 4.190

Re: virus por msn

Hola alexis_ve Bienvenido al Foro

Descarga MsnCleaner pero no lo ejecutes aun

Inicia en Modo a Prueba de Fallos

Cita:

*Descomprimes el archivo MSNCleaner.zip
*Ejecutar el archivo MSNCleaner.exe
*Hacer Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar
*Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts"
*Hacer Clic en el botón Eliminar

Guardar el informe q genere y pegalo aqui

Inicia en modo normal y si aun sigues con el problema me pegas un reporte del Panda ActiveScan Online

Salu2

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

post #3 (permalink)

26/02/08, 13:28:20

alexis_ve

Usuario

Registrado: feb 2008

Ubicación: argentina

Mensajes: 6

Re: virus por msn

Mira hice lo que me dijiste con el msn cleaner,pero no me detecto ningun archivo infectado,el reporte fue el siguiente:

- Reporte MSNCleaner 1.5.6 by www.forospyware.com
- Reporte Creado: 26/02/2008 a las 4:25:39
- Sistema Operativo: Windows XP
- Modo de Inicio: Prueba de fallos
_________________________________________

Archivos detectados: 0
Archivos eliminados: 0
Archivos no eliminados: 0

<<<<<<< No se ha encontrado ningún archivo >>>>>>>

Como el problema sigue,hice un escaneo con el panda online y el reporte es el siguiente:

Incidencia Estado Elemento

Adware:adware/whenusearch No desinfectado Registro de Windows
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Administrador\7zS4DA.tmp\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta]
Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@terra .com[1].txt
Spyware:Cookie/Overture No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.overture.com/]
Spyware:Cookie/Advertising No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.advertising.com/]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Default User\7zS4DA.tmp\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Familia\7zS4DA.tmp\SPTD138.exe
Spyware:Cookie/888 No desinfectado C:\Documents and Settings\Familia\Cookies\familia@888[1].txt
Spyware:Cookie/Casinotropez No desinfectado C:\Documents and Settings\Familia\Cookies\familia@casinotropez[2].txt
Spyware:Cookie/fe.lea.lycos No desinfectado C:\Documents and Settings\Familia\Cookies\familia@fe.lea.lycos[1].txt
Spyware:Cookie/Searchportal No desinfectado C:\Documents and Settings\Familia\Cookies\familia@searchportal.info rmation[1].txt
Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Cookies\familia@terra.com[3].txt
Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.terra.com.br/]
Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.weborama.fr/]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\hector\7zS4DA.tmp\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta]
Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@888[2].txt
Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[1].txt
Spyware:Cookie/Cassava No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[2].txt
Spyware:Cookie/Lop No desinfectado C:\Documents and Settings\hector\Cookies\hector@www.lop[2].txt
Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.apmebf.com/]
Spyware:Cookie/Tribalfusion No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.statcounter.com/]
Spyware:Cookie/Yadro No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.yadro.ru/]
Spyware:Cookie/onestat.com No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[stat.onestat.com/]
Spyware:Cookie/Xiti No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.xiti.com/]
Spyware:Cookie/adultfriendfinder No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/SexList No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.sexlist.com/]
Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.weborama.fr/]
Spyware:Cookie/Adrevolver No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adrevolver.com/]
Spyware:Cookie/Mediaplex No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.mediaplex.com/]
Spyware:Cookie/Server.iad.Liveperson No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[server.iad.liveperson.net/hc/43370379]
Spyware:Cookie/Server.iad.Liveperson No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Adtech No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[.adtech.de/]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\JONATAN\7zS4DA.tmp\SPTD138.exe
Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\JONATAN\Cookies\jonatan@ad.yieldmanager[1].txt
Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\HijackThis(para gusanos)\ComboFix.exe[327882R2FWJFW\nircmd.com]
Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\HijackThis(para gusanos)\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Herramienta potencialmente no deseada:Application/NirCmd.A No desinfectado C:\WINDOWS\Nircmd.exe
Adware:Adware/Maxifiles No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DA.tm p\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\WINDOWS\system32\config\systemprofile\7zS4DC.tm p\WinuEFiles.exe[Pass.exe][Contraseña.hta]

Espero su respuesta, desde ya,muchas gracias

post #4 (permalink)

27/02/08, 11:04:07

alexis_ve

Usuario

Registrado: feb 2008

Ubicación: argentina

Mensajes: 6

Re: ayuda por favor

Espero que puedan ayudarme,les dejo mi ultimo log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:08, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\odcwp.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\BitTorrent_DNA\dna.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Windows\Temp\Install_WLMessenger.exe
C:\WINDOWS\system32\msiexec.exe
C:\Archivos de programa\Windows Live\installer\Dashboard.exe
C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] realsched.exe -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [odcwp] C:\WINDOWS\system32\odcwp.exe
O4 - HKLM\..\RunServices: [odcwp] C:\WINDOWS\system32\odcwp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Archivos de programa\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Remote itch] C:\DOCUME~1\JONATAN\DATOSD~1\PROCAC~1\bindelse.exe
O4 - HKCU\..\Run: [Steam] D:\Juegos Joni\counter\Steam.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: RAV4MSN StartUp.lnk = C:\Archivos de programa\GeCAD\RAV4MSN\RAV4MSN.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0270E604-387F-48ED-BB6D-AA51F51D6FC3} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.readyforcrysis.com/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7E1CB0E-C3F2-40F0-9254-FB841D0AD624}: NameServer = 200.51.212.7 200.51.211.7
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Print Spooler Service (ayotbda0x) - Unknown owner - C:\WINDOWS\system32\odcwp.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\antivirus\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\antivirus\Spyware Doctor\pctsSvc.exe

--
End of file - 9082 bytes

digamne a q le tengo que poner fix.Arriba tenes el reporte del msn cleaner y el panda. Muchas gracias

post #5 (permalink)

27/02/08, 12:55:25

Kirigi

Warrior

Registrado: jun 2007

Ubicación: Venezuela

Mensajes: 4.190

Re: virus por msn

Hola alexis_ve

Por favor edita tu log de hijackthis ya que en este sector no se pueden pegar esos log al menos que un miembro del staff del foro te lo pida

-Apaga el "Restaurar Sistema" (solo en Win Me y XP) y activa ver archivos ocultos.

- Descarga, Instala y/o actualiza y estos programas, (pero no las ejecutes aun).

Malwarebytes' Anti-Malware <---instalalo y actualizalo pero no lo ejecutes todavia.
NOTA: Si despues de instalarlo el lenguaje esta en Ingles ve a la pestaña "Settings" y lo cambias a Español.

Cita:

Descarga la herramienta SDFix y guardala y descomprimila en tu escritorio pero no la ejecutes aun.

Inicia en Modo a Prueba de Fallos

Ve a “Inicio” ---> “Ejecutar” y escribes el siguiente código tal cual esta escrito:

Código HTML:

sc delete ayotbda0x

y le das "Aceptar". (para mayor comodidad lo copias y pegas para no cometer errores en su escritura )

Ejecuta Malwarebytes' Anti-Malware <---- realiza un escaneo completo del PC y elimina las infecciones que este detecte. El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.

Abre la pestaña "Herramientas" y en la opción FileASSASSIN, selecciona ejecutar herramienta y busca y elimina este archivo (que te pongo en rojo):

C:\WINDOWS\system32\odcwp.exe

Ejecuta SDFix.exe en el escritorio, se creará una nueva carpeta en el escritorio, entra en dicha carpeta y ejecuta el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el chequeo, al terminar, se creará un archivo dentro de la carpeta llamado Report.txt, copia y pega lo que indique ese reporte acá.

Reinicia el PC a "Modo normal", te pegas el reporte del SDFix, y Malwarebytes' Anti-Malware aqui

Salu2

post #6 (permalink)

27/02/08, 14:05:10

alexis_ve

Usuario

Registrado: feb 2008

Ubicación: argentina

Mensajes: 6

Re: virus por msn

Hice todo lo que me dijiste.El reporte del Malwarebytes' Anti-Malware es el siguiente:

Malwarebytes' Anti-Malware 1.05
Versión de la Base de Datos: 416

Tipo de examen : Examen Completo (A:\|C:\|D:\|)
Objetos examinados: 105451
Tiempo transcurrido: 13 minute(s), 39 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 69
Valores del Registro Infectados: 5
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 26

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\ Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Archivos de programa\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Archivos de programa\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.v ir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.s cr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

El reporte del SDFix.exe es el siguiente:

SDFix: Version 1.148

Run by JONATAN on 27/02/2008 at 16:49

Microsoft Windows XP [Versión 5.1.2600]
Running From: C:\DOCUME~1\JONATAN\ESCRIT~1\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted

Removing Temp Files

ADS Check :

C:\WINDOWS
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
WINDOWS: deleted 0 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 16:52:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:6e206277
"s2"=dword:9c7336f8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ac,60,6c,60,79,74,dc,23,35,20,bb,f9,26 ,e9,2b,28,20,0a,26,e6,ef,..
"p0"="C:\Archivos de programa\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"khjeh"=hex:66,fe,8c,ec,0a,e8,c8,94,41,e5,e3,fd,13 ,04,2c,3d,a6,80,8e,cd,87,..
"a0"=hex:20,01,00,00,63,17,4c,06,a8,ef,6f,d3,9f,0e ,7b,82,95,30,99,49,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42]
"khjeh"=hex:10,ea,8d,48,7e,00,5d,e5,35,b7,6c,2e,b8 ,a1,8f,ee,78,a6,e6,18,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43]
"khjeh"=hex:66,44,85,23,13,03,14,2c,19,98,60,f1,9b ,9c,89,f5,78,1d,bf,10,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ac,60,6c,60,79,74,dc,23,35,20,bb,f9,26 ,e9,2b,28,20,0a,26,e6,ef,..
"p0"="C:\Archivos de programa\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:66,fe,8c,ec,0a,e8,c8,94,41,e5,e3,fd,13 ,04,2c,3d,a6,80,8e,cd,87,..
"a0"=hex:20,01,00,00,63,17,4c,06,a8,ef,6f,d3,9f,0e ,7b,82,95,30,99,49,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:67,8a,a3,88,cc,41,8e,84,d7,e7,61,76,87 ,e1,3e,eb,b9,e7,0f,15,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42]
"khjeh"=hex:10,ea,8d,48,7e,00,5d,e5,35,b7,6c,2e,b8 ,a1,8f,ee,78,a6,e6,18,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43]
"khjeh"=hex:66,44,85,23,13,03,14,2c,19,98,60,f1,9b ,9c,89,f5,78,1d,bf,10,ad,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\BitTorrent_DNA\\dna.exe"="C:\\Archivos de programa\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTor rent DNA"
"D:\\Documentos de joni\\Descargas ares\\Torrent\\BitTorrent\\bittorrent.exe"="D:\\Do cumentos de joni\\Descargas ares\\Torrent\\BitTorrent\\bittorrent.exe:*:Enable d:BitTorrent"
"C:\\Archivos de programa\\BitTorrent\\bittorrent.exe"="C:\\Archivo s de programa\\BitTorrent\\bittorrent.exe:*:Enabled:Bit Torrent"
"D:\\Juegos Joni\\ultimo pro\\PES2008.exe"="D:\\Juegos Joni\\ultimo pro\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"D:\\Juegos Joni\\Crysis\\juego\\Bin32\\Crysis.exe"="D:\\Juego s Joni\\Crysis\\juego\\Bin32\\Crysis.exe:*:Enabled:C rysis_32"
"D:\\Juegos Joni\\Crysis\\juego\\Bin32\\CrysisDedicatedServer. exe"="D:\\Juegos Joni\\Crysis\\juego\\Bin32\\CrysisDedicatedServer. exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\JONATAN\ESCRIT~1\SDFix\backups\backups .zip

Files with Hidden Attributes :

Tue 12 Jun 2007 213,293 A.SH. --- "C:\Documents and Settings\JONATAN\Datos de programa\7z.dll"
Tue 12 Jun 2007 59,418 A.SHR --- "C:\Documents and Settings\JONATAN\Datos de programa\7z.exe"
Fri 9 Feb 2007 386,630 A.SHR --- "C:\Documents and Settings\JONATAN\Datos de programa\wunauclt.zip"
Thu 27 Jun 1996 83,520 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PCDLIB.DLL"
Thu 27 Jun 1996 2,336 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PCDXBMP.DLL"
Thu 27 Jun 1996 36,976 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\PHOTO.DLL"
Thu 27 Jun 1996 1,038,112 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50BAS.DLL"
Thu 27 Jun 1996 120,192 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50BMP.DLL"
Thu 27 Jun 1996 48,320 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50CBT.DLL"
Thu 27 Jun 1996 328,288 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50CMP.DLL"
Thu 27 Jun 1996 83,296 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50DLG.DLL"
Thu 27 Jun 1996 18,880 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50DOS.DLL"
Thu 27 Jun 1996 171,136 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50FLT.DLL"
Thu 27 Jun 1996 65,472 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50JPG.DLL"
Thu 13 Dec 2001 188,224 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50LNL.DLL"
Thu 27 Jun 1996 43,616 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50MM.DLL"
Thu 27 Jun 1996 47,520 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50NET.EXE"
Thu 27 Jun 1996 176,088 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50RCR.DLL"
Thu 27 Jun 1996 713,696 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50RUN.EXE"
Thu 27 Jun 1996 119,008 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50UTL.DLL"
Thu 27 Jun 1996 57,728 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TB50WIN.DLL"
Thu 27 Jun 1996 12,352 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\TBLOAD.EXE"
Wed 11 Feb 1998 55,808 A..H. --- "C:\Documents and Settings\All Users\Documentos\ingles\voice32.dll"
Thu 9 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 17 Jul 2007 1,824,648 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0430282f 2bf1ec57c42b1f57f6d61a29\BIT34C.tmp"
Mon 16 Jul 2007 2,303,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0f371b32 3f6d6a7a2edf7796ad531854\BIT47C.tmp"
Mon 16 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\302e0d5b 85d3f962e1987493dc5d679a\BIT275.tmp"
Tue 17 Jul 2007 1,271,688 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3fa9cf83 149bfaaf6b5cc816631a3987\BIT11C.tmp"
Tue 17 Jul 2007 640,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5816d9cc 046a67540201dd8fb4b4b279\BIT6.tmp"
Mon 16 Jul 2007 518,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6a480698 0940e8f88638af5558753593\BITF.tmp"
Tue 17 Jul 2007 544,056 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f665087 142eabdac6e73a101b60e654\BIT7.tmp"
Tue 17 Jul 2007 4,692,872 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb 5483991b3e0ca9650ffff5c3\BITE.tmp"
Thu 28 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9b57123f 34b36d78301160a5473d6135\BIT3.tmp"
Mon 16 Jul 2007 568,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac2e0a45 223141a46f81bedd3b9f192a\BIT16C.tmp"
Tue 17 Jul 2007 1,607,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b3958dae 49728da026def65195c3aa84\BIT8.tmp"
Tue 17 Jul 2007 792,888 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b9b86da3 572751e60098fe1626d3a89a\BIT521.tmp"
Tue 17 Jul 2007 902,456 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6062a2b 7ad73a3b90ab048fdb80f48f\BIT4.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT10.tmp"
Tue 17 Jul 2007 582,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e62973c0 21403938dc26bb4b31008e0d\BIT5.tmp"
Mon 16 Jul 2007 3,147,576 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1a57820 c5945cd21c25ee55f39f3d90\BIT481.tmp"
Tue 17 Jul 2007 1,830,280 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f4a915cf fb8101d320f17a94bff8fa38\BIT9.tmp"

Finished!

Espero q ahora este todo bien,y sino espero q me sigan ayudando.Una pregunta ahora activo el restaurar sistema no?otra vez muchas gracias

post #7 (permalink)

27/02/08, 14:33:33

Kirigi

Warrior

Registrado: jun 2007

Ubicación: Venezuela

Mensajes: 4.190

Re: virus por msn

Hola alexis_ve

Aun no terminamos ya que aun veo archivos que hay que eliminar:

Descargate OTMoveIt lo guardas en el Escritorio.

Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
Asegurate que este marcado "Unregister Dll's and Ocx's".
Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste List of Filas / Folders to be moved.

Cita:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\SoftwareDistribution\Download\0430282f 2bf1ec57c42b1f57f6d61a29\BIT34C.tmp
C:\WINDOWS\SoftwareDistribution\Download\f4a915cf fb8101d320f17a94bff8fa38\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\f1a57820 c5945cd21c25ee55f39f3d90\BIT481.tmp
C:\WINDOWS\SoftwareDistribution\Download\e62973c0 21403938dc26bb4b31008e0d\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT10.tmp
C:\WINDOWS\SoftwareDistribution\Download\d6062a2b 7ad73a3b90ab048fdb80f48f\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\b9b86da3 572751e60098fe1626d3a89a\BIT521.tmp
C:\WINDOWS\SoftwareDistribution\Download\b3958dae 49728da026def65195c3aa84\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\ac2e0a45 223141a46f81bedd3b9f192a\BIT16C.tmp
C:\WINDOWS\SoftwareDistribution\Download\9b57123f 34b36d78301160a5473d6135\BIT3.tmp
C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb 5483991b3e0ca9650ffff5c3\BITE.tmp
C:\WINDOWS\SoftwareDistribution\Download\6f665087 142eabdac6e73a101b60e654\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\6a480698 0940e8f88638af5558753593\BITF.tmp
C:\WINDOWS\SoftwareDistribution\Download\5816d9cc 046a67540201dd8fb4b4b279\BIT6.tmp
C:\WINDOWS\SoftwareDistribution\Download\3fa9cf83 149bfaaf6b5cc816631a3987\BIT11C.tmp
C:\WINDOWS\SoftwareDistribution\Download\302e0d5b 85d3f962e1987493dc5d679a\BIT275.tmp
C:\WINDOWS\SoftwareDistribution\Download\0f371b32 3f6d6a7a2edf7796ad531854\BIT47C.tmp

Haz clic en MoveIt! Para lanzar la supresión.
Cuando el resultado aparece en el marco Results, hace clic en Exit.
Reinicia el PC (Este paso es muy importante).

Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles.

Vuelves con el reporte del OTmoveit y con uno del panda

Salu2

post #8 (permalink)

27/02/08, 17:16:34

alexis_ve

Usuario

Registrado: feb 2008

Ubicación: argentina

Mensajes: 6

Re: virus por msn

bueno aca esta mi reporte del OTMoveIt :

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp moved successfully.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\0430282f 2bf1ec57c42b1f57f6d61a29\BIT34C.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\f4a915cf fb8101d320f17a94bff8fa38\BIT9.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\f1a57820 c5945cd21c25ee55f39f3d90\BIT481.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\e62973c0 21403938dc26bb4b31008e0d\BIT5.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT10.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\d6062a2b 7ad73a3b90ab048fdb80f48f\BIT4.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\b9b86da3 572751e60098fe1626d3a89a\BIT521.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\b3958dae 49728da026def65195c3aa84\BIT8.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\ac2e0a45 223141a46f81bedd3b9f192a\BIT16C.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\9b57123f 34b36d78301160a5473d6135\BIT3.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\7b5d43cb 5483991b3e0ca9650ffff5c3\BITE.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\6f665087 142eabdac6e73a101b60e654\BIT7.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\6a480698 0940e8f88638af5558753593\BITF.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\5816d9cc 046a67540201dd8fb4b4b279\BIT6.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\3fa9cf83 149bfaaf6b5cc816631a3987\BIT11C.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\302e0d5b 85d3f962e1987493dc5d679a\BIT275.tmp not found.
File/Folder C:\WINDOWS\SoftwareDistribution\Download\0f371b32 3f6d6a7a2edf7796ad531854\BIT47C.tmp not found.

OTMoveIt2 v1.0.20 log created on 02272008_173714

Y este es el del panda:

Incidencia Estado Elemento

Adware:adware/whenusearch No desinfectado Registro de Windows
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Administrador\7zS4DA.tmp\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Administrador\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta]
Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@terra .com[1].txt
Spyware:Cookie/Overture No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.overture.com/]
Spyware:Cookie/Advertising No desinfectado C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\t7uway68.default \cookies.txt[.advertising.com/]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Default User\7zS4DA.tmp\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\Default User\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\Familia\7zS4DA.tmp\SPTD138.exe
Spyware:Cookie/888 No desinfectado C:\Documents and Settings\Familia\Cookies\familia@888[1].txt
Spyware:Cookie/Casinotropez No desinfectado C:\Documents and Settings\Familia\Cookies\familia@casinotropez[2].txt
Spyware:Cookie/fe.lea.lycos No desinfectado C:\Documents and Settings\Familia\Cookies\familia@fe.lea.lycos[1].txt
Spyware:Cookie/Searchportal No desinfectado C:\Documents and Settings\Familia\Cookies\familia@searchportal.info rmation[1].txt
Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Cookies\familia@terra.com[3].txt
Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.terra.com.br/]
Spyware:Cookie/Weborama No desinfectado C:\Documents and Settings\Familia\Datos de programa\Mozilla\Firefox\Profiles\bc41d61s.default \cookies.txt[.weborama.fr/]
Adware:Adware/Maxifiles No desinfectado C:\Documents and Settings\hector\7zS4DA.tmp\SPTD138.exe
Herramienta potencialmente no deseada:Application/HideWindow.S No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[cmdow.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe]
Hacktool:HackTool/NewPassword.A No desinfectado C:\Documents and Settings\hector\7zS4DC.tmp\WinuEFiles.exe[Pass.exe][Contraseña.hta]
Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@888[2].txt
Spyware:Cookie/888 No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[1].txt
Spyware:Cookie/Cassava No desinfectado C:\Documents and Settings\hector\Cookies\hector@int.sitestat[2].txt
Spyware:Cookie/Lop No desinfectado C:\Documents and Settings\hector\Cookies\hector@www.lop[2].txt
Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\hector\Datos de programa\Mozilla\Firefox\Profiles\yctbw1zk.default \cookies.txt[ad.yieldmanager.com/]