 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
29/03/08, 00:44:58
|  |
| ||||
| Problemas con virus Svchost.exe.vir Desde hace varios días he tenido problemas, pues al usar el NOD32 y el Spyware Terminator, me aparece la ubicación del virus Svchost.exe.vir, pero cuando intento eliminarlo, la computadora se "Paraliza" y ni siquiera puedo apagarla. Dejo el escaneo del HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:40:51, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARCHIV~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [TrojanScanner] C:\Archivos de programa\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\ARCHIV~1\SPYWAR~1\SpywareTerminatorShield. exe" O4 - HKLM\..\Run: [PSPVideo9] C:\Archivos de programa\pspvideo9\pspVideo9.exe -t O4 - HKLM\..\RunServices: [ioroxxo microsoft s0x] system32i1.exe O4 - HKLM\..\RunServices: [Microsoft Update] localhlp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ioroxxo microsoft s0x] system32i1.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [NAV Scan Service] NAVscan32.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Win USB 2.0 Service] usb.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARCHIV~1\Crawler\Toolbar\ctbr.dll O18 - Filter hijack: text/html - {EC58E32E-3C1D-402E-A0FC-3D506C89E672} - (no file) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\ARCHIV~1\SPYWAR~1\sp_rsser.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\PC-cillin 9\Tmntsrv.exe -- End of file - 5648 bytes Espero me puedan ayudar GodMojo69      |
|
29/03/08, 23:38:43
| |
| ||||
| Re: Problemas con virus Svchost.exe.vir Hola GodMojo69 te doy la bienvenida  Realiza esto: Ve a windowsupdate.com para actualizar tu sistema. Desinstala la barra Crawler , instala adware. Paso 1- Apaga el "Restaurar Sistema" Paso 2- Descarga estas herramientas pero no las ejecutes aun: Paso 3- Reinicia e inicia en "Modo a prueba de fallos" (modo seguro) Paso 4- Con todos los programas cerrados ejecuta HijackThis y dale "FIX Checked" a estas entradas: O4 - HKLM\..\RunServices: [ioroxxo microsoft s0x] system32i1.exe O4 - HKLM\..\RunServices: [Microsoft Update] localhlp.exe O4 - HKUS\S-1-5-18\..\Run: [ioroxxo microsoft s0x] system32i1.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [NAV Scan Service] NAVscan32.exe (User 'SYSTEM') O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O18 - Filter hijack: text/html - {EC58E32E-3C1D-402E-A0FC-3D506C89E672} - (no file) Paso 5- Ejecuta las herramientas de a una:
Paso 6-Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Paso 7-Reinicia y realiza un scan online con "Kaspersky" Paso 8- Sube este archivo a virustotal.com y pega su reporte en tu proxima respuesta usb.exe--> Para saber su ubicacion ve a inicio/buscar Pega aquí tus reportes de FixWareout (se encuentra en C:\fixwareout\report.txt) , Kaspersky y un nuevo log y tu reporte de VirusTotal. Salu2  ...`·.¸¸.·´´¯`··._.·En exámenes ·.¸¸.·´´¯`··._.· Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
05/04/08, 00:38:24
| |
| ||||
| Re: Problemas con virus Svchost.exe.vir  SaludosPues ya hize los scans y mando los reportes en el siguiente orden: -FixWareout -Kaspersky -Virus Total -HijackThis Username "José Villajuana" - 30/03/2008 22:49:21 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check System was rebooted successfully. ~~~~~ Postrun check .... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\Urls "0mdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\Urls "1mdm" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "}13853C17ECAC-BDBA-1014-BF1B-32F4B5AB{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "}937C59902A62-A1E9-5714-4C09-E6EB9FBD{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "tidmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "syfmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "mdfmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "}B47E8C234014-4EA8-5C44-6897-05C83847{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "ffkmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "tknmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "huqmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "shwmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "xacmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "oudmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "mvjmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "xdgmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "zbcmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "pdxmd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "rgemd" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n\_r "}70B625C30B92-1429-19D4-605D-29E3BB4C{" Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersio n "qtosc" Value deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersio n "dmdit.exe" Value deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersio n "dmfdm.exe" Value deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersio n "dmnkt.exe" Value deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersio n "dmwhs.exe" Value deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersio n "dmduo.exe" Value deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersio n "dmxdp.exe" Value deleted HKCR\CLSID\{E2E2DA18-B087-41F8-A647-37B356 C076F9}\_h\4 Deleted. .... ~~~~~ Misc files. C:\WINDOWS\System32\kernel32.exe Deleted .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run] "LXSUPMON"="C:\\WINDOWS\\system32\\LXSUPMO N.EXE RUN" "egui"="\"C:\\Archivos de programa\\ESET\\ESET Smart Security\\egui.exe\" /hide /waitservice" "TrojanScanner"="C:\\Archivos de programa\\Trojan Remover\\Trjscan.exe" "SpywareTerminator"="\"C:\\Archivos de programa\\Spyware Terminator\\SpywareTerminatorShield.exe\"" "PSPVideo9"="C:\\Archivos de programa\\pspvideo9\\pspVideo9.exe -t" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e" "msnmsgr"="\"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ KASPERSKY ONLINE SCANNER REPORT Tuesday, April 01, 2008 11:13:32 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/04/2008 Kaspersky Anti-Virus database records: 677021 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Folders C:\ Scan Statistics Total number of scanned objects 45896 Number of viruses found 13 Number of infected objects 21 Number of suspicious objects 1 Duration of the scan process 01:39:15 Infected Object Name Virus Name Last Action C:\974\activ.htm Object is locked skipped C:\974\activsvc.htm Object is locked skipped C:\974\actlan.htm Object is locked skipped C:\974\actshell.htm Object is locked skipped C:\974\acverfyr.dll Object is locked skipped C:\974\acxtrnal.dll Object is locked skipped C:\974\adeskerr.htm Object is locked skipped C:\974\admin.dll Object is locked skipped C:\974\admin.exe Object is locked skipped C:\974\admjoy.sys Object is locked skipped C:\974\adsldp.dll Object is locked skipped C:\974\adsldpc.dll Object is locked skipped C:\974\adsmsext.dll Object is locked skipped C:\974\adsnt.dll Object is locked skipped C:\974\advapi32.dll Object is locked skipped C:\974\advpack.dll Object is locked skipped C:\974\aec.sys Object is locked skipped C:\974\afd.sys Object is locked skipped C:\974\ahui.exe Object is locked skipped C:\974\alg.exe Object is locked skipped C:\974\amdk6.sys Object is locked skipped C:\974\amdk7.sys Object is locked skipped C:\974\an983.sys Object is locked skipped C:\974\apphelp.dll Object is locked skipped C:\974\apphelp.sdb Object is locked skipped C:\974\apps.chm Object is locked skipped C:\974\appwiz.cpl Object is locked skipped C:\974\arial.ttf Object is locked skipped C:\974\arp1394.sys Object is locked skipped C:\974\asctrls.ocx Object is locked skipped C:\974\asferror.dll Object is locked skipped C:\974\asfsipc.dll Object is locked skipped C:\974\at.exe Object is locked skipped C:\974\atapi.sys Object is locked skipped C:\974\ati2dvaa.dll Object is locked skipped C:\974\ati2dvag.dll Object is locked skipped C:\974\ati2mtaa.sys Object is locked skipped C:\974\ati2mtag.sys Object is locked skipped C:\974\ati3d1ag.dll Object is locked skipped C:\974\ati3d2ag.dll Object is locked skipped C:\974\atinbtxx.sys Object is locked skipped C:\974\atinmdxx.sys Object is locked skipped C:\974\atinpdxx.sys Object is locked skipped C:\974\atinraxx.sys Object is locked skipped C:\974\atinrvxx.sys Object is locked skipped C:\974\atinsnxx.sys Object is locked skipped C:\974\atinttxx.sys Object is locked skipped C:\974\atintuxx.sys Object is locked skipped C:\974\atinxbxx.sys Object is locked skipped C:\974\atinxsxx.sys Object is locked skipped C:\974\atiradn1.inf Object is locked skipped C:\974\ativdaxx.ax Object is locked skipped C:\974\ativmvxx.ax Object is locked skipped C:\974\atl.dll Object is locked skipped C:\974\atmlane.sys Object is locked skipped C:\974\audiosrv.dll Object is locked skipped C:\974\author.dll Object is locked skipped C:\974\author.exe Object is locked skipped C:\974\autochk.exe Object is locked skipped C:\974\autolfn.exe Object is locked skipped C:\974\avc.sys Object is locked skipped C:\974\avifil32.dll Object is locked skipped C:\974\basesrv.dll Object is locked skipped C:\974\batt.dll Object is locked skipped C:\974\bridge.sys Object is locked skipped C:\974\browselc.dll Object is locked skipped C:\974\browser.dll Object is locked skipped C:\974\browseui.dll Object is locked skipped C:\974\browsewm.dll Object is locked skipped C:\974\cabinet.dll Object is locked skipped C:\974\callcont.dll Object is locked skipped C:\974\catsrvut.dll Object is locked skipped C:\974\ccdecode.sys Object is locked skipped C:\974\cdfs.sys Object is locked skipped C:\974\cdm.dll Object is locked skipped C:\974\cdrom.sys Object is locked skipped C:\974\certcli.dll Object is locked skipped C:\974\cewmdm.dll Object is locked skipped C:\974\cfgbkend.dll Object is locked skipped C:\974\cfgwiz.exe Object is locked skipped C:\974\cimwin32.dll Object is locked skipped C:\974\ciodm.dll Object is locked skipped C:\974\classpnp.sys Object is locked skipped C:\974\clipbrd.exe Object is locked skipped C:\974\clusapi.dll Object is locked skipped C:\974\cmbatt.sys Object is locked skipped C:\974\cmdial32.dll Object is locked skipped C:\974\cmdl32.exe Object is locked skipped C:\974\comadmin.dll Object is locked skipped C:\974\comctl32.dll Object is locked skipped C:\974\comdlg32.dll Object is locked skipped C:\974\compatui.dll Object is locked skipped C:\974\comsvcs.dll Object is locked skipped C:\974\conf.exe Object is locked skipped C:\974\conime.exe Object is locked skipped C:\974\courtney.acs Object is locked skipped C:\974\credui.dll Object is locked skipped C:\974\crusoe.sys Object is locked skipped C:\974\crypt32.dll Object is locked skipped C:\974\cryptdlg.dll Object is locked skipped C:\974\cryptsvc.dll Object is locked skipped C:\974\cryptui.dll Object is locked skipped C:\974\cscui.dll Object is locked skipped C:\974\csrsrv.dll Object is locked skipped C:\974\ctfmon.exe Object is locked skipped C:\974\d3d8.dll Object is locked skipped C:\974\danim.dll Object is locked skipped C:\974\dbghelp.dll Object is locked skipped C:\974\dbmsadsn.dll Object is locked skipped C:\974\dbmsrpcn.dll Object is locked skipped C:\974\dbmsvinn.dll Object is locked skipped C:\974\dbnetlib.dll Object is locked skipped C:\974\dbnmpntw.dll Object is locked skipped C:\974\dcache.bin Object is locked skipped C:\974\dcap32.dll Object is locked skipped C:\974\ddraw.dll Object is locked skipped C:\974\defrag.exe Object is locked skipped C:\974\desk.cpl Object is locked skipped C:\974\devmgr.dll Object is locked skipped C:\974\dfrgfat.exe Object is locked skipped C:\974\dfrgntfs.exe Object is locked skipped C:\974\dfrgsnap.dll Object is locked skipped C:\974\dfrgui.dll Object is locked skipped C:\974\dfsshlex.dll Object is locked skipped C:\974\dgnet.dll Object is locked skipped C:\974\dhcpcsvc.dll Object is locked skipped C:\974\dhtmled.ocx Object is locked skipped C:\974\digest.dll Object is locked skipped C:\974\dinput.dll Object is locked skipped C:\974\dinput8.dll Object is locked skipped C:\974\disk.sys Object is locked skipped C:\974\diskdump.sys Object is locked skipped C:\974\dlimport.exe Object is locked skipped C:\974\dmband.dll Object is locked skipped C:\974\dmcompos.dll Object is locked skipped C:\974\dmime.dll Object is locked skipped C:\974\dmloader.dll Object is locked skipped C:\974\dmscript.dll Object is locked skipped C:\974\dmstyle.dll Object is locked skipped C:\974\dmusic.dll Object is locked skipped C:\974\dnsapi.dll Object is locked skipped C:\974\docprop2.dll Object is locked skipped C:\974\dpnet.dll Object is locked skipped C:\974\dpnhpast.dll Object is locked skipped C:\974\dpnhupnp.dll Object is locked skipped C:\974\dpvoice.dll Object is locked skipped C:\974\dpvsetup.exe Object is locked skipped C:\974\dpwsockx.dll Object is locked skipped C:\974\drmclien.dll Object is locked skipped C:\974\drmk.sys Object is locked skipped C:\974\drmkaud.sys Object is locked skipped C:\974\drmstor.dll Object is locked skipped C:\974\drmv2clt.dll Object is locked skipped C:\974\drvmain.sdb Object is locked skipped C:\974\ds32gt.dll Object is locked skipped C:\974\dshowext.ax Object is locked skipped C:\974\dsprop.dll Object is locked skipped C:\974\dsquery.dll Object is locked skipped C:\974\dssenh.dll Object is locked skipped C:\974\dumprep.exe Object is locked skipped C:\974\duser.dll Object is locked skipped C:\974\dwwin.exe Object is locked skipped C:\974\dxdiag.exe Object is locked skipped C:\974\dxg.sys Object is locked skipped C:\974\dxmasf.dll Object is locked skipped C:\974\dxmrtp.dll Object is locked skipped C:\974\dxtmsft.dll Object is locked skipped C:\974\dxtrans.dll Object is locked skipped C:\974\earl.acs Object is locked skipped C:\974\els.dll Object is locked skipped C:\974\ersvc.dll Object is locked skipped C:\974\es.dll Object is locked skipped C:\974\esscli.dll Object is locked skipped C:\974\essm2e.sys Object is locked skipped C:\974\eudcedit.exe Object is locked skipped C:\974\eventlog.dll Object is locked skipped C:\974\evntrprv.dll Object is locked skipped C:\974\explorer.exe Object is locked skipped C:\974\expsrv.dll Object is locked skipped C:\974\fastfat.sys Object is locked skipped C:\974\fastprox.dll Object is locked skipped C:\974\faultrep.dll Object is locked skipped C:\974\filelist.xml Object is locked skipped C:\974\fldrclnr.dll Object is locked skipped C:\974\flpydisk.sys Object is locked skipped C:\974\fontview.exe Object is locked skipped C:\974\fp4.cat Object is locked skipped C:\974\fp40ext.cab Object is locked skipped C:\974\fp40ext.dll Object is locked skipped C:\974\fp40ext.inf Object is locked skipped C:\974\fp4amsft.dll Object is locked skipped C:\974\fp4anscp.dll Object is locked skipped C:\974\fp4apws.dll Object is locked skipped C:\974\fp4areg.dll Object is locked skipped C:\974\fp4atxt.dll Object is locked skipped C:\974\fp4autl.dll Object is locked skipped C:\974\fp4avnb.dll Object is locked skipped C:\974\fp4avss.dll Object is locked skipped C:\974\fp4awebs.dll Object is locked skipped C:\974\fp4awel.dll Object is locked skipped C:\974\fp98sadm.exe Object is locked skipped C:\974\fp98swin.exe Object is locked skipped C:\974\fpadmcgi.exe Object is locked skipped C:\974\fpadmdll.dll Object is locked skipped C:\974\fpcount.exe Object is locked skipped C:\974\fpencode.dll Object is locked skipped C:\974\fpexedll.dll Object is locked skipped C:\974\fpmmc.dll Object is locked skipped C:\974\fpmmcsat.dll Object is locked skipped C:\974\fpremadm.exe Object is locked skipped C:\974\fpsrvadm.exe Object is locked skipped C:\974\framebuf.dll Object is locked skipped C:\974\ftp.exe Object is locked skipped C:\974\fxsapi.dll Object is locked skipped C:\974\fxsclnt.exe Object is locked skipped C:\974\fxscomex.dll Object is locked skipped C:\974\fxscover.exe Object is locked skipped C:\974\fxsdrv.dll Object is locked skipped C:\974\fxsext32.dll Object is locked skipped C:\974\fxsocm.dll Object is locked skipped C:\974\fxsocm.inf Object is locked skipped C:\974\fxsperf.dll Object is locked skipped C:\974\fxsres.dll Object is locked skipped C:\974\fxsst.dll Object is locked skipped C:\974\fxssvc.exe Object is locked skipped C:\974\fxst30.dll Object is locked skipped C:\974\fxstiff.dll Object is locked skipped C:\974\fxsui.dll Object is locked skipped C:\974\fxswzrd.dll Object is locked skipped C:\974\fxsxp32.dll Object is locked skipped C:\974\g400.inf Object is locked skipped C:\974\gameenum.sys Object is locked skipped C:\974\gckernel.sys Object is locked skipped C:\974\gdi32.dll Object is locked skipped C:\974\georgia.ttf Object is locked skipped C:\974\guitrn.dll Object is locked skipped C:\974\guitrn_a.dll Object is locked skipped C:\974\h323cc.dll Object is locked skipped C:\974\hal.dll Object is locked skipped C:\974\halaacpi.dll Object is locked skipped C:\974\halacpi.dll Object is locked skipped C:\974\halapic.dll Object is locked skipped C:\974\halmacpi.dll Object is locked skipped C:\974\halmps.dll Object is locked skipped C:\974\hccoin.dll Object is locked skipped C:\974\helpctr.exe Object is locked skipped C:\974\helpsvc.exe Object is locked skipped C:\974\hh.exe Object is locked skipped C:\974\hhctrl.ocx Object is locked skipped C:\974\hhsetup.dll Object is locked skipped C:\974\hidclass.sys Object is locked skipped C:\974\hidir.sys Object is locked skipped C:\974\hidserv.dll Object is locked skipped C:\974\hmmapi.dll Object is locked skipped C:\974\hnetcfg.dll Object is locked skipped C:\974\homepage.inf Object is locked skipped C:\974\i8042prt.sys Object is locked skipped C:\974\ic\acpi.inf Object is locked skipped C:\974\ic\au.inf Object is locked skipped C:\974\ic\battery.inf Object is locked skipped C:\974\ic\bda.inf Object is locked skipped C:\974\ic\cdrom.inf Object is locked skipped C:\974\ic\cpu.inf Object is locked skipped C:\974\ic\disk.inf Object is locked skipped C:\974\ic\dpcdll.dll Object is locked skipped C:\974\ic\dpup.inf Object is locked skipped C:\974\ic\drvindex.inf Object is locked skipped C:\974\ic\hiddigi.inf Object is locked skipped C:\974\ic\hidserv.inf Object is locked skipped C:\974\ic\ie.inf Object is locked skipped C:\974\ic\ieaccess.inf Object is locked skipped C:\974\ic\input.inf Object is locked skipped C:\974\ic\intl.inf Object is locked skipped C:\974\ic\keyboard.inf Object is locked skipped C:\974\ic\kscaptur.inf Object is locked skipped C:\974\ic\layout.inf Object is locked skipped C:\974\ic\mshdc.inf Object is locked skipped C:\974\ic\msoe50.inf Object is locked skipped C:\974\ic\netip6.inf Object is locked skipped C:\974\ic\netoc.inf Object is locked skipped C:\974\ic\netrass.inf Object is locked skipped C:\974\ic\nt5inf.cat Object is locked skipped C:\974\ic\ntprint.inf Object is locked skipped C:\974\ic\pchealth.inf Object is locked skipped C:\974\ic\pidgen.dll Object is locked skipped C:\974\ic\pnpscsi.inf Object is locked skipped C:\974\ic\scsi.inf Object is locked skipped C:\974\ic\swflash.inf Object is locked skipped C:\974\ic\sysoc.inf Object is locked skipped C:\974\ic\syssetup.inf Object is locked skipped C:\974\ic\tape.inf Object is locked skipped C:\974\ic\tsoc.inf Object is locked skipped C:\974\ic\usbport.inf Object is locked skipped C:\974\icaapi.dll Object is locked skipped C:\974\icm32.dll Object is locked skipped C:\974\icsmgr.js Object is locked skipped C:\974\icwconn1.exe Object is locked skipped C:\974\idq.dll Object is locked skipped C:\974\ie4uinit.exe Object is locked skipped C:\974\ieakeng.dll Object is locked skipped C:\974\ieaksie.dll Object is locked skipped C:\974\iedkcs32.dll Object is locked skipped C:\974\iepeers.dll Object is locked skipped C:\974\iesetup.dll Object is locked skipped C:\974\ieuinit.inf Object is locked skipped C:\974\iexplore.exe Object is locked skipped C:\974\iis.dll Object is locked skipped C:\974\ils.dll Object is locked skipped C:\974\imaadp32.acm Object is locked skipped C:\974\imagehlp.dll Object is locked skipped C:\974\imapi.exe Object is locked skipped C:\974\imapi.sys Object is locked skipped C:\974\imeshare.dll Object is locked skipped C:\974\imgutil.dll Object is locked skipped C:\974\imm32.dll Object is locked skipped C:\974\ims.inf Object is locked skipped C:\974\inetcomm.dll Object is locked skipped C:\974\inetcpl.cpl Object is locked skipped C:\974\input.dll Object is locked skipped C:\974\inseng.dll Object is locked skipped C:\974\instcat.sql Object is locked skipped C:\974\intelide.sys Object is locked skipped C:\974\intl.cpl Object is locked skipped C:\974\ipconfig.exe Object is locked skipped C:\974\iphlpapi.dll Object is locked skipped C:\974\ipnat.sys Object is locked skipped C:\974\ipnathlp.dll Object is locked skipped C:\974\ippromon.dll Object is locked skipped C:\974\ipp_0001.asp Object is locked skipped C:\974\ipp_0002.asp Object is locked skipped C:\974\ipp_0004.asp Object is locked skipped C:\974\ipp_0006.asp Object is locked skipped C:\974\ipp_0013.asp Object is locked skipped C:\974\ipp_0014.asp Object is locked skipped C:\974\ipp_util.inc Object is locked skipped C:\974\ipsec.sys Object is locked skipped C:\974\ipsecsvc.dll Object is locked skipped C:\974\ipv6.exe Object is locked skipped C:\974\ipv6mon.dll Object is locked skipped C:\974\irbus.sys Object is locked skipped C:\974\irmon.dll Object is locked skipped C:\974\itircl.dll Object is locked skipped C:\974\itss.dll Object is locked skipped C:\974\iuctl.dll Object is locked skipped C:\974\iuengine.dll Object is locked skipped C:\974\ixsso.dll Object is locked skipped C:\974\joy.cpl Object is locked skipped C:\974\kbdclass.sys Object is locked skipped C:\974\kd1394.dll Object is locked skipped C:\974\kerberos.dll Object is locked skipped C:\974\kernel32.dll Object is locked skipped C:\974\keyboard.sys Object is locked skipped C:\974\kmixer.sys Object is locked skipped C:\974\ks.sys Object is locked skipped C:\974\ksxbar.ax Object is locked skipped C:\974\l3codeca.acm Object is locked skipped C:\974\lang\chajei.ime Object is locked skipped C:\974\lang\chtmbx.dll Object is locked skipped C:\974\lang\chtskdic.dll Object is locked skipped C:\974\lang\chtskf.dll Object is locked skipped C:\974\lang\cintime.dll Object is locked skipped C:\974\lang\cintlgnt.ime Object is locked skipped C:\974\lang\cintsetp.exe Object is locked skipped C:\974\lang\cplexe.exe Object is locked skipped C:\974\lang\dayi.ime Object is locked skipped C:\974\lang\imekr61.ime Object is locked skipped C:\974\lang\imekrcic.dll Object is locked skipped C:\974\lang\imjp81.ime Object is locked skipped C:\974\lang\imjp81k.dll Object is locked skipped C:\974\lang\imjpcd.dic Object is locked skipped C:\974\lang\imjpcic.dll Object is locked skipped C:\974\lang\imjpcus.dll Object is locked skipped C:\974\lang\imjpdct.dll Object is locked skipped C:\974\lang\imjpdct.exe Object is locked skipped C:\974\lang\imjpdsvr.exe Object is locked skipped C:\974\lang\imjpinst.exe Object is locked skipped C:\974\lang\imjpinst.ini Object is locked skipped C:\974\lang\imjpmig.exe Object is locked skipped C:\974\lang\imjprw.exe Object is locked skipped C:\974\lang\imjputy.exe Object is locked skipped C:\974\lang\imjputyc.dll Object is locked skipped C:\974\lang\imlang.dll Object is locked skipped C:\974\lang\imscinst.exe Object is locked skipped C:\974\lang\miniime.tpl Object is locked skipped C:\974\lang\padrs404.dll Object is locked skipped C:\974\lang\padrs804.dll Object is locked skipped C:\974\lang\phon.ime Object is locked skipped C:\974\lang\pintlcsa.dll Object is locked skipped C:\974\lang\pintlcsd.dic Object is locked skipped C:\974\lang\pintlcsd.dll Object is locked skipped C:\974\lang\pintlcsk.dic Object is locked skipped C:\974\lang\pintlgc.imd Object is locked skipped C:\974\lang\pintlgd.imd Object is locked skipped C:\974\lang\pintlgdx.imd Object is locked skipped C:\974\lang\pintlgi.imd Object is locked skipped C:\974\lang\pintlgix.imd Object is locked skipped C:\974\lang\pintlgl.imd Object is locked skipped C:\974\lang\pintlgne.chm Object is locked skipped C:\974\lang\pintlgnt.chm Object is locked skipped C:\974\lang\pintlgnt.ime Object is locked skipped C:\974\lang\pintlgr.imd Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\symbols\dll\xactsrv.pd b Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\update\eula.txt Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\update\q326830.cat Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\update\spcustom.dll Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\update\update.exe Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\update\update.inf Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\update\update.ver Object is locked skipped C:\abd7e8c06cf4f4a57bf361b4\xactsrv.dll Object is locked skipped C:\Archivos de programa\Trend Micro\HijackThis\backups\backup-20080327-160817 -723.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bv skipped C:\Archivos de programa\Trend Micro\PC-cillin 9\QUARANTINE\18.tmp Infected: Exploit.Java.ByteVerify skipped C:\Archivos de programa\Trend Micro\PC-cillin 9\QUARANTINE\19.tmp Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Archivos de programa\Trend Micro\PC-cillin 9\QUARANTINE\1A.tmp Infected: Exploit.Java.ByteVerify skipped C:\autorun.inf Infected: Trojan.Win32.VB.ccv skipped C:\Documents and Settings\Administrador.FAMILIA\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37283 Infected: Trojan.Win32.VB.ccv skipped C:\Documents and Settings\Administrador.FAMILIA\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.50300 Infected: Trojan.Win32.VB.ccv skipped C:\Documents and Settings\Administrador.FAMILIA\Datos de programa\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.74072 Infected: Trojan.Win32.VB.ccv skipped C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\svchost.exe Infected: Trojan.Win32.VB.ccv skipped C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\CJ6T6DUB\dll_8_b3[1].enc Infected: Trojan.Win32.Agent.cl skipped C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\cat_9d_4000_ex[1].e nc Infected: Backdoor.Win32.Webdor.p skipped C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\cpp4000_up[1].enc Infected: Trojan-Downloader.Win32.Agent.is skipped C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\dll_8_b3[1].enc Infected: Trojan.Win32.Agent.cl skipped C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\STO3AP4Z\dll4000_ex[1].enc Infected: Trojan.Win32.Agent.cl skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A 5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Historial\History.IE5\MSHist0120080401200804 02\index.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\Configuración local\Temp\svchost.exe Infected: Trojan.Win32.VB.ccv skipped C:\Documents and Settings\Isaac Villajuana\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\ntuser.dat Object is locked skipped C:\Documents and Settings\Isaac Villajuana\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Rebeca\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\mexico[1].enc Infected: Trojan.Win32.Delf.bj skipped C:\Documents and Settings\Rebeca\Configuración local\Archivos temporales de Internet\Content.IE5\STO3AP4Z\a670a074[1].js Infected: Trojan-Downloader.JS.Agent.nt skipped C:\e79639ca15ee8643518c292e9bc0d0df\download\ lang\pintlgs.imd._p0 Object is locked skipped C:\svchost.exe Infected: Trojan.Win32.VB.ccv skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.cq skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\ftsrcw.dat Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\hnetccg.dat Object is locked skipped C:\WINDOWS\system32\microsoft.exe Infected: Backdoor.Win32.IRCBot.bsy skipped C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.c skipped C:\WINDOWS\system32\rtipxkib.dat Object is locked skipped C:\WINDOWS\system32\sti_cvun.dat Object is locked skipped C:\WINDOWS\system32\TFTP3612 Suspicious: Backdoor.Win32.Rbot.ar skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX. BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX. MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPI NG.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPI NG1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPI NG2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJEC TS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJEC TS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped Scan process completed. _______________________________________ Análisis del archivo report_kaspersky.html recibido el 02.04.2008 07:17:36 (CET)Motor antivirus Versión Última actualización Resultado AhnLab-V3 2008.4.1.2 2008.04.01 - AntiVir 7.6.0.78 2008.04.01 - Authentium 4.93.8 2008.04.02 - Avast 4.7.1098.0 2008.04.01 - AVG 7.5.0.516 2008.04.01 - BitDefender 7.2 2008.04.02 - CAT-QuickHeal 9.50 2008.04.02 - ClamAV 0.92.1 2008.04.02 - DrWeb 4.44.0.09170 2008.04.01 - eSafe 7.0.15.0 2008.04.01 - eTrust-Vet 31.3.5663 2008.04.02 - Ewido 4.0 2008.04.01 - F-Prot 4.4.2.54 2008.04.01 - F-Secure 6.70.13260.0 2008.04.02 - FileAdvisor 1 2008.04.02 - Fortinet 3.14.0.0 2008.04.02 - Ikarus T3.1.1.20 2008.04.02 - Kaspersky 7.0.0.125 2008.04.02 - McAfee 5264 2008.04.01 - Microsoft 1.3301 2008.04.01 - NOD32v2 2993 2008.04.01 - Norman 5.80.02 2008.04.01 - Panda 9.0.0.4 2008.04.01 - Prevx1 V2 2008.04.02 - Rising 20.38.12.00 2008.04.01 - Sophos 4.28.0 2008.04.02 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.04.02 - TheHacker 6.2.92.262 2008.04.02 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.04.01 - Webwasher-Gateway 6.6.2 2008.04.01 - Información adicional Tamano archivo: 223852 bytes MD5: 29956e885d7933629340aa45974d0446 SHA1: 4d0840e7c511903e938e921cc84ec05dce8e79a1 PEiD: - packers: Unicode packers: Unicode _________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:27, on 02/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Trend Micro\PC-cillin 9\Tmntsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\NOTEPAD.EXE C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Win USB 2.0 Service] usb.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: svchost.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE /3000 O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kav webscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader10 06.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asi nst.cab O18 - Filter hijack: text/html - {EC58E32E-3C1D-402E-A0FC-3D506C89E672} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET Smart Security\ekrn.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\PC-cillin 9\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\PC-cillin 9\Tmntsrv.exe -- End of file - 4948 bytes |
|
05/04/08, 23:54:05
| |
| ||||
| Re: Problemas con virus Svchost.exe.vir Hola , Por favor no vuelvas a agregar espacios a los reportes que pegas  , , es casi imposible revisarlos cuando tienen espacios extra , así que pegalos tal y como salen.Tu reporte de FixWareout esta limpio El reporte de virus total muestra que subiste un archivo que no era. Cita:
Cita:
Paso 1- Apaga el "Restaurar Sistema" Paso 2- Descarga estas herramientas pero no las ejecutes aun: Paso 3- Reinicia e inicia en "Modo a prueba de fallos" (modo seguro) Paso 4- Con el programa "FileASSASSIN" elimina estos archivos: C:\Archivos de programa\Trend Micro\HijackThis\backups<-- Elimina solo el contenido de la carpeta C:\Archivos de programa\Trend Micro\PC-cillin 9\QUARANTINE<-- Elimina solo el contenido de la carpeta C:\autorun.inf C:\Documents and Settings\Administrador.FAMILIA\Datos de programa\Malwarebytes\Malwarebytes'Anti-Malware\Quarantine<-- Elimina solo el contenido de la carpeta C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\svchost.exe <--  no confundir con el svchost.exe que se encuentra en system32C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\CJ6T6DUB\dll_8_b3[1].enc C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\cat_9d_4000_ex[1].enc C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\cpp4000_up[1].enc C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\dll_8_b3[1].enc C:\Documents and Settings\Guibaldo\Configuración local\Archivos temporales de Internet\Content.IE5\STO3AP4Z\dll4000_ex[1].enc C:\Documents and Settings\Isaac Villajuana\Configuración local\Temp\svchost.exe <-- no confundir con el svchost.exe que se encuentra en system32C:\Documents and Settings\Rebeca\Configuración local\Archivos temporales de Internet\Content.IE5\ELS721M9\mexico[1].enc C:\Documents and Settings\Rebeca\Configuración local\Archivos temporales de Internet\Content.IE5\STO3AP4Z\a670a074[1].js C:\svchost.exe <-- no confundir con el svchost.exe que se encuentra en system32C:\WINDOWS\system32\cmd.ftp C:\WINDOWS\system32\microsoft.exe C:\WINDOWS\system32\o Paso 5-Ejecuta : DrWeb-Cureit.exe Flash_Disinfector.exe en el PC y luego coloca el Pendrive en el puerto USB y ejecutalo nuevamente. Paso 6- Ejecuta CCleaner usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Paso 7- Reinicia y realiza un scan onliine con Kaspersky Pega aquí tu reporte de Kaspersky y un nuevo log de HijackThis Salu2  `·.¸¸.·´´¯`··._.·En exámenes ·.¸¸.·´´¯`··._.· Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| mi maquina esta lenta (Terminado) | gianpierre89 | Temas Solucionados | 16 | 05/06/07 01:03:26 |
| P2P-Worm.Win32.VB.dw | tav | Foro de Virus y Spywares | 5 | 20/01/07 13:01:29 |
| Ayuda con....edlm y edlm2 | anmanadu | Foro de Virus y Spywares | 1 | 23/05/06 21:40:01 |
| no me deja conectarme IE6 | Oliverastro | Foro Oficial de HijackThis en español | 9 | 23/02/06 12:19:07 |
| Problemas varios derivados de Spyware: creo que tengo un virus (Solucionado) | xaneme | Temas Solucionados | 10 | 07/01/06 19:48:34 |
Todas las horas son GMT -4. La hora es 06:06:06.
 |  |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 1