 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
27/02/08, 20:41:17
|  |
| |||
| Trojanos que siempre vuelven Les cuento un poco la situacion. Todo comenzo hace unos dias cuando el avast me detecto el "Win32_Adware_gen" y el "Win32_Tids_ADO [Trj]" Mande a cuarentena, borre, probe todo. Cada vez q reiniciba la maquina volvia a detectar lo mismo. Cuando me fije, el problema lo tenia con un archivito molesto "udefender_setup [1]" y "user32.dat". Le pase antivirus avast, el panda, S&D, Super antispyware, me baje el spyblaster, ccleaner. Pase varias veces hasta que no detecto nada. Al rato volvio el udefender_setup (el Ultimate defender) y el Braviax me pudri y ademas de pasarle todo lo anterior, busque el archivo y lo borre con el combofix. El otro dia encontre en el registro restos del Ultimate Defender. Lo borre y colapso todo, volvio a aparecer el ultimate defender. Pero ahora no podia ejecutar ningun anti algo, salvo el antivirus avast. Despues de pasar el avast logre ejecutar los anti algo y pase todos. Hoy, me volvieron a aparecer todos los virus, trojanos adwares ya mencionados pero todos juntos. Logro limpiarla por un rato, pero al dia o a los 2 dias vuelven. Pido ayuda....ya no se que hacer Mi log del HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:24:49 p.m., on 27/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\braviax.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - C:\WINDOWS\TEMP\ieobj.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - O20 - AppInit_DLLs: cru629.dat O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 5806 bytes      |
|
27/02/08, 22:59:44
| |
| ||||
| Re: Trojanos que siempre vuelven Hola Totto, te doy la bienvenida al Foro de InfoSpyware. Paso 1- Descarga estas herramientas pero no las ejecutes aun: Paso 2- Con todos los programas cerrados ejecuta el HijackThis y dale  a estas entradas:O2 - BHO: WindowsUpdate Class - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - C:\WINDOWS\TEMP\ieobj.dll O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O20 - AppInit_DLLs: cru629.dat Paso 3- Ejecuta estas herramientas, de a una:
Cita:
Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Reinicia y nos contas los resultados. junto con el reporte de Paso 5- Reinicia en modo normal y nos dejas los reportes de:
**Nota** - Para mayor comodidad imprime los pasos. - Recuerda regresar y contarnos los resultados. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
Malwarebytes' Anti-Malware
Antes de usar ComboFix.... |
28/02/08, 13:28:31
| |
| |||
| Re: Trojanos que siempre vuelven Bueno aca van los logs, reinicie y la maquina no detecto nada por ahora. Malwarebytes' Anti-Malware 1.05 Database version: 421 Scan type: Full Scan (C:\|D:\|) Objects scanned: 88324 Time elapsed: 18 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 9 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\basevrkq32.dll (Trojan.Downloader) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{3e6201fa-02dd-4a0b-8699-1328e0602314} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{df16c60e-f85b-4459-86ae-4977656339ec} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\windowsupdate.windowsupdate (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\windowsupdate.windowsupdate.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\UninstallSXS (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\ssnipe (Rogue.SpySnipe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WindowsUpdate. WindowsUpdate (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WindowsUpdate. WindowsUpdate.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080228-145001-154.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\NT7732.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\NT7E32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\baseskpsb32.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\basevrkq32.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bns.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully. ComboFix 08-02-21 - Totto 2008-02-28 15:16:26.8 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1776 [GMT -3:00] Running from: C:\Documents and Settings\Totto\Desktop\Proteccion\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dllcache\beep.sys . ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))) . 2008-02-28 14:42 . 2008-02-28 14:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-28 14:42 . 2008-02-28 14:42 <DIR> d-------- C:\Documents and Settings\Totto\Application Data\Malwarebytes 2008-02-28 14:42 . 2008-02-28 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-02-27 18:00 . 2008-02-27 18:00 49,184 --a------ C:\Documents and Settings\Totto\Application Data\GDIPFONTCACHEV1.DAT 2008-02-23 15:15 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-02-23 15:07 . 2008-02-23 15:07 <DIR> d-------- C:\Program Files\Sierra OnLine 2008-02-23 15:07 . 2008-02-23 15:07 <DIR> d-------- C:\Documents and Settings\Totto\WINDOWS 2008-02-23 15:07 . 1999-05-20 11:27 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll 2008-02-23 15:07 . 1999-05-20 11:27 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll 2008-02-23 15:07 . 2008-02-23 15:09 352 --a------ C:\WINDOWS\SIERRA.INI 2008-02-23 12:34 . 2008-02-23 12:34 23,207 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-02-23 12:02 . 2008-02-23 12:02 <DIR> d-------- C:\WINDOWS\nview 2008-02-23 12:02 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-02-23 12:02 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-02-23 12:02 . 2008-02-23 12:04 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-02-23 12:02 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-02-23 10:41 . 2008-02-23 10:44 1,731,047,424 --a------ C:\2A.tmp 2008-02-23 10:02 . 2008-02-23 10:04 1,534,050,816 --a------ C:\1C.tmp 2008-02-23 09:54 . 2008-02-23 09:58 2,143,289,856 --a------ C:\E.tmp 2008-02-22 15:29 . 2008-02-26 15:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-22 15:29 . 2008-02-26 15:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-22 15:29 . 2008-02-26 15:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-22 15:29 . 2008-02-26 15:32 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-18 00:49 . 2008-02-18 00:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-17 21:16 . 2008-02-26 14:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-17 21:16 . 2008-02-17 21:16 <DIR> d-------- C:\Program Files\CCleaner 2008-02-17 21:16 . 2008-02-17 21:16 <DIR> d-------- C:\Documents and Settings\Totto\Application Data\SUPERAntiSpyware.com 2008-02-17 21:16 . 2008-02-17 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-17 21:10 . 2008-02-17 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-17 21:07 . 2008-02-23 11:40 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-17 21:07 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-17 09:20 . 2008-02-17 09:18 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-17 09:20 . 2008-02-17 09:20 3,442 --a------ C:\WINDOWS\unins000.dat 2008-02-03 14:23 . 2003-07-22 00:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-02-03 14:23 . 2005-01-05 15:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-02-03 03:31 . 2008-02-03 03:31 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-02-03 03:30 . 2008-02-03 03:30 <DIR> d-------- C:\WINDOWS\ShellNew . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-26 21:26 --------- d-----w C:\Program Files\FlashGet 2008-02-26 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-17 13:03 --------- d-----w C:\Program Files\DAEMON Tools 2008-02-17 12:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 16:13 --------- d-----w C:\Program Files\eMule 2008-02-03 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 10:00 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-12-05 01:41 81920] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\M SCONFIG.exe" [2004-08-03 22:07 158208] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-02-21 19:50 605904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-04 17:41:37 110592] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lineage II Elwyn.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lineage II Elwyn.lnk backup=C:\WINDOWS\pss\Lineage II Elwyn.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 07:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2006-04-10 09:19 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] -ra------ 2006-04-30 23:07 843776 C:\Program Files\Analog Devices\Core\smax4pnp.exe S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-02-21 19:50] S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys [] S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys [] S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys [] . Contents of the 'Scheduled Tasks' folder "2007-10-27 09:02:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-05-05 17:25:11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1170177911.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-28 15:19:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-02-28 15:20:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-28 18:20:00 ComboFix2.txt 2008-02-21 00:19:12 Última edición por Totto fecha: 28/02/08 a las 13:30:41. |
|
03/03/08, 11:36:50
| |
| ||||
| Re: Trojanos que siempre vuelven Hola, Te pido disculpa por la demora pero eh estado unos días en conferencias de trabajo y no eh tenido mucho tiempo para conectarme al foro. Si tu equipo todavía presenta problemas que no hayas podido resolver, si quieres podemos continuar el tema a partir del día lunes, por lo que solo me tienes que confirmar, ok. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
04/03/08, 06:55:57
| |
| |||
| Re: Trojanos que siempre vuelven Ok Ahora estoy en el trabajo, pero mas tarde posteare los nuevos logs. Porque me volvió a aparecer un trojano y realizé nuevamente los puntos que me planteaste anteriormente. Muchas Gracias |
|
05/03/08, 19:16:57
| |
| |||
| Re: Trojanos que siempre vuelven Ahi van los recientes logs Malwarebytes' Anti-Malware 1.05 Database version: 446 Scan type: Full Scan (C:\|D:\|) Objects scanned: 110647 Time elapsed: 52 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\basenpt32.dll (Trojan.Downloader) -> Unloaded module successfully. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Totto\Local Settings\Temp\1aa2032hp2032b.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Totto\Local Settings\Temp\1aa2032hp2032c.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Totto\Local Settings\Temporary Internet Files\Content.IE5\G76PPCGG\loader[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Totto\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\ex001[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Totto\Local Settings\Temporary Internet Files\Content.IE5\SE684KL7\bns[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Totto\Local Settings\Temporary Internet Files\Content.IE5\SE684KL7\cert[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\baselqrl32.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\basenpt32.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\bns.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully. ComboFix 08-03-03.15 - Totto 2008-03-03 16:50:27.9 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1778 [GMT -3:00] Running from: C:\Documents and Settings\Totto\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-02-28 14:42 . 2008-02-28 14:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-28 14:42 . 2008-02-28 14:42 <DIR> d-------- C:\Documents and Settings\Totto\Application Data\Malwarebytes 2008-02-28 14:42 . 2008-02-28 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-02-27 18:00 . 2008-02-27 18:00 49,184 --a------ C:\Documents and Settings\Totto\Application Data\GDIPFONTCACHEV1.DAT 2008-02-23 15:15 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-02-23 15:07 . 2008-02-23 15:07 <DIR> d-------- C:\Program Files\Sierra OnLine 2008-02-23 15:07 . 2008-02-23 15:07 <DIR> d-------- C:\Documents and Settings\Totto\WINDOWS 2008-02-23 15:07 . 1999-05-20 11:27 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll 2008-02-23 15:07 . 1999-05-20 11:27 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll 2008-02-23 15:07 . 2008-02-23 15:09 352 --a------ C:\WINDOWS\SIERRA.INI 2008-02-23 12:34 . 2008-02-23 12:34 23,207 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-02-23 12:02 . 2008-02-23 12:02 <DIR> d-------- C:\WINDOWS\nview 2008-02-23 12:02 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-02-23 12:02 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-02-23 12:02 . 2008-02-23 12:04 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-02-23 12:02 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-02-23 10:41 . 2008-02-23 10:44 1,731,047,424 --a------ C:\2A.tmp 2008-02-23 10:02 . 2008-02-23 10:04 1,534,050,816 --a------ C:\1C.tmp 2008-02-23 09:54 . 2008-02-23 09:58 2,143,289,856 --a------ C:\E.tmp 2008-02-22 15:29 . 2008-02-26 15:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-22 15:29 . 2008-02-26 15:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-22 15:29 . 2008-02-26 15:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-22 15:29 . 2008-02-26 15:32 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-18 00:49 . 2008-02-18 00:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-17 21:16 . 2008-03-03 15:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-17 21:16 . 2008-02-17 21:16 <DIR> d-------- C:\Program Files\CCleaner 2008-02-17 21:16 . 2008-02-17 21:16 <DIR> d-------- C:\Documents and Settings\Totto\Application Data\SUPERAntiSpyware.com 2008-02-17 21:16 . 2008-02-17 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-17 21:10 . 2008-02-17 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-17 21:07 . 2008-02-23 11:40 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-17 21:07 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-17 09:20 . 2008-02-17 09:18 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-17 09:20 . 2008-02-17 09:20 3,442 --a------ C:\WINDOWS\unins000.dat 2008-02-03 14:23 . 2003-07-22 00:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-02-03 14:23 . 2005-01-05 15:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-02-03 03:31 . 2008-02-03 03:31 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-02-03 03:30 . 2008-02-03 03:30 <DIR> d-------- C:\WINDOWS\ShellNew . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-03-03 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-02 13:53 --------- d-----w C:\Program Files\FlashGet 2008-03-01 15:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-17 13:03 --------- d-----w C:\Program Files\DAEMON Tools 2008-02-17 12:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 16:13 --------- d-----w C:\Program Files\eMule 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 10:00 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-12-05 01:41 81920] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\M SCONFIG.exe" [2004-08-03 22:07 158208] "Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-02-21 19:50 605904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:07 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-04 17:41:37 110592] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lineage II Elwyn.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lineage II Elwyn.lnk backup=C:\WINDOWS\pss\Lineage II Elwyn.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 07:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] --a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2006-04-10 09:19 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] -ra------ 2006-04-30 23:07 843776 C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-02-21 19:50] S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys [] S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys [] S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys [] S3 XDva068;XDva068;C:\WINDOWS\system32\XDva068.sys [] . Contents of the 'Scheduled Tasks' folder "2007-10-27 09:02:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-05-05 17:25:11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1170177911.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 16:51:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-03-03 16:51:47 ComboFix-quarantined-files.txt 2008-03-03 19:51:39 ComboFix2.txt 2008-02-21 00:19:12 Aca el log del Hijack que tire recien por las dudas q lo necesites Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:16:15 p.m., on 05/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 5552 bytes |
|
06/03/08, 19:38:28
| |
| ||||
| Re: Trojanos que siempre vuelven Hola, MBAM ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ? Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
07/03/08, 06:52:01
| |
| |||
| Re: Trojanos que siempre vuelven Funciona perfecto. Ahora esta fue la 2da vez que lo elimine. Que pasa si vuelve a aparecer el mismo por 3era vez? Significa que tengo algun archivito escondido que me lo reactiva? o simplemente me entra por internet porque no estoy correctamente protegido? (tengo muchos residentes protegiendo la entrada de los mismos, por eso me llama la atencion) Si te fijas en el log anterior, estos 2 ya es la 2da vez q los elimino con el MBAM en 6 dias: C:\WINDOWS\system32\bns.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully. Desde ya muchas gracias. |
|
07/03/08, 22:33:19
| |
| ||||
| Re: Trojanos que siempre vuelven Hacele un escaneo completo con: Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Una vez que este termine de limpiar todo, actualiza "Java", hace una Desfragmentación del disco con la opción de Windows y pasa por www.windowsupdate.com para descargar todos los parches disponibles (si tu sistema lo permite)
Reinicia y nos contas los resultados. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| spyware y virus siempre..(Solucionado por usuario) | bequito | Temas Solucionados | 3 | 12/08/07 00:16:20 |
| este prog. no responde ZCfgSvc.exe al apagar el pc siempre | oriori | Foro de Windows | 3 | 22/06/07 09:32:14 |
| siempre me sale "restaurar active desktop" (Solucionado) | Nata_R | Temas Solucionados | 6 | 15/06/07 20:03:12 |
| corro el spybot y aparece siempre Microsoft win security ........ | margus | Foro de Virus y Spywares | 1 | 18/05/07 09:39:28 |
| Muchisimos trojanos. (Solucionado) | mamaosa-48 | Temas Solucionados | 2 | 07/03/07 18:58:31 |
Todas las horas son GMT -4. La hora es 17:26:22.
 |  |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140