 |
| |||||||
 InfoSpyware sortea una T-Shirts |
| Participa en el sorteo por una
"Camiseta Oficial de InfoSpyware" gracias al amigo
Enjuto Mojamuto |
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Herramientas |
 | 
23/04/08, 02:20:43
|  |
| |||
 Ayuda creo que tengo virus (Solucionado) Hola, espero que me puedan ayudar. Lo que sucede es que desde que metí una memoria usb mi pc me manda un mensaje cuando apenas enciende, el mensaje es el siguiente: c:\winhost.exe The NTVDM CPU has encountered an illegal instruction. CS: 0f76 IP:01af OP: 63 68 65 20 53 Choose 'Close' to terminate the aplication. Espero que me puedan ayudar, de antemano muchas gracias       |
|
23/04/08, 06:25:29
| |
| ||||
| Re: Ayuda creo que tengo virus Hola capy Descarga la herramienta SDFix y guardala y descomprimila en tu escritorio pero no la ejecutes aun. Reinicia el PC a Modo a prueba de fallos (Modo seguro)
Reinicia el PC a "Modo normal" Haz un escaneo online con:
Mis saludos :bien: |
|
30/04/08, 20:17:20
| |
| |||
| Re: Ayuda creo que tengo virus Siento haber tardado en contestar, aquí está lo que me pidieron: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Netflame Path: C:\Documents and Settings\Hiram\Cookies\hiram@ssl-hints.netflame[2].txt Risk: Medium Name: TrackingCookie.Netflame Path: :mozilla.6:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.31:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.53:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.54:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.55:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.67:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.68:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.69:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.70:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.71:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.78:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Connextra Path: :mozilla.82:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Connextra Path: :mozilla.83:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Connextra Path: :mozilla.84:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Connextra Path: :mozilla.97:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.125:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.126:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.128:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.129:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.130:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.131:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.132:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.133:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.134:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.149:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.150:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.151:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.183:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.184:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.185:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.202:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.203:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.204:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.205:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.206:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.207:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.222:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.223:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.224:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.225:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.226:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.227:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.228:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.229:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.235:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.238:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.239:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.272:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.273:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.332:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.346:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.352:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.360:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.361:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.362:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.364:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.365:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.366:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.417:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.449:C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\coo kies.txt Risk: Medium -------------------------------------------------------------------------- SDFix: Version 1.177 Run by Hiram on 30/04/2008 at 09:06 a.m. Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe - Deleted C:\WINDOWS\hosts - Deleted C:\WINDOWS\system32\drivers\hosts - Deleted C:\WINDOWS\system32\spooIsv.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-30 09:13:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg] "s1"=dword:fa60883b "s2"=dword:41330cdf "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:89,66,fb,81,ff,2e,8c,36,93,f7,81,c2,b4 ,c4,a4,b5,e7,c4,d8,d0,cc,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001] "a0"=hex:20,01,00,00,8c,d1,64,1d,3d,02,31,0a,ac,0d ,21,77,90,17,ff,36,82,.. "khjeh"=hex:00,3a,39,61,23,b5,0b,ef,0a,97,06,c8,d3 ,7b,7d,c8,0a,79,85,61,fa,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40] "khjeh"=hex:a3,80,ee,7a,58,4e,f8,ea,02,86,cb,3d,2c ,e4,6e,93,ed,0e,b1,c3,a5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41] "khjeh"=hex:69,12,18,83,77,3e,b1,45,12,82,47,8b,88 ,03,e7,fd,4a,ea,6e,22,e5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf42] "khjeh"=hex:b7,cf,45,8f,94,94,76,26,ea,75,33,3a,63 ,68,62,83,9d,c9,60,3e,6a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf43] "khjeh"=hex:03,98,f6,31,b0,b3,15,cc,a7,86,41,ae,6e ,2d,e3,01,7e,0b,7b,ce,65,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:89,66,fb,81,ff,2e,8c,36,93,f7,81,c2,b4 ,c4,a4,b5,e7,c4,d8,d0,cc,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,8c,d1,64,1d,3d,02,31,0a,ac,0d ,21,77,90,17,ff,36,82,.. "khjeh"=hex:00,3a,39,61,23,b5,0b,ef,0a,97,06,c8,d3 ,7b,7d,c8,0a,79,85,61,fa,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40] "khjeh"=hex:a3,80,ee,7a,58,4e,f8,ea,02,86,cb,3d,2c ,e4,6e,93,ed,0e,b1,c3,a5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41] "khjeh"=hex:69,12,18,83,77,3e,b1,45,12,82,47,8b,88 ,03,e7,fd,4a,ea,6e,22,e5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf42] "khjeh"=hex:b7,cf,45,8f,94,94,76,26,ea,75,33,3a,63 ,68,62,83,9d,c9,60,3e,6a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf43] "khjeh"=hex:03,98,f6,31,b0,b3,15,cc,a7,86,41,ae,6e ,2d,e3,01,7e,0b,7b,ce,65,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 32 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Pro gram Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled :CyberLink PowerCinema Resident Program" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2" "C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Documents and Settings\\Hiram\\Desktop\\SuperScan4.exe"="C:\\Doc uments and Settings\\Hiram\\Desktop\\SuperScan4.exe:*:Enabled :SuperScan 4 Beta 1" "C:\\WINDOWS\\system32\\spooIsv.exe"="C:\\WINDOWS\ \system32\\spooIsv.exe:*:Enabled:Spooler SubSystem App" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 17 Feb 2008 24 ..SH. --- "C:\WINDOWS\SC68EB953.tmp" Tue 5 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT1.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BIT5.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT4.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BIT6.tmp" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT2.tmp" Wed 13 Feb 2008 13,904,959 A..H. --- "C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin g Folders\bliss_cat02@hotmail.com\klcodec375f.exe" Finished! ----------------------------------------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER INFORME miércoles, 30 de abril de 2008 17:56:17 Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.1 Ultima actualización: 30/04/2008 Registros en la base antivirus: 733558 Configuración del análisis Analizar usando las siguientes bases estendidas Analizar archivos verdadero Analizar bases de correo verdadero Objetivo a analizar Mi PC C:\ D:\ E:\ F:\ Estadísticas Número de objeros analizados 99435 Virus encontrados 2 Objetos infectados 12 / 0 Objetos sospechosos 0 Duración del análisis 01:32:47 Bombre del objeto infectado Nombre del virus Última acción C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado C:\Documents and Settings\Hiram\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Logs\Dfsr00005.log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\pending.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\dfs r.db Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\fsr .log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\fsr tmp.log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\tmp .edb Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows Live Contacts\capy86@hotmail.com\real\members.stg Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows Live Contacts\capy86@hotmail.com\shadow\members.stg Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\MSHist012008043020080 501\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DF9AA4.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DF9B86.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFC0E5.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFC112.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\NTUSER.DAT Object is locked saltado C:\Documents and Settings\Hiram\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked saltado C:\SDFix\backups\backups.zip/backups/hosts Infectados: Trojan.Win32.Qhost.aei saltado C:\SDFix\backups\backups.zip/backups/isi32.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\SDFix\backups\backups.zip ZIP: infectado - 2 saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\SC68EB953.tmp Object is locked saltado C:\WINDOWS\SchedLgU.Txt Object is locked saltado C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado C:\WINDOWS\system32\aajlse.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\aljc.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\brtdj.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked saltado C:\WINDOWS\system32\config\Internet.evt Object is locked saltado C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado C:\WINDOWS\system32\config\OSession.evt Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked saltado C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado C:\WINDOWS\system32\h323log.txt Object is locked saltado C:\WINDOWS\system32\ivtzv.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\izfe.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\oxsegkf.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\qdhglq.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\udls.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado C:\WINDOWS\system32\yfjzypev.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_634.dat Object is locked saltado C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado C:\WINDOWS\WindowsUpdate.log Object is locked saltado D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado Análisis completado. De antemano muchas gracias^^ |
|
08/05/08, 19:59:50
| |
| ||||
| Re: Ayuda creo que tengo virus hola capy disculpa la demora es que estaba un poco full con las clases descarga el OTMoveit
Cita:
Descarga el CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Realiza Varios Analisis Realiza un nuevo scan con el Kaspersky Online y nos pegas su reporte aqui. Mis saludos  |
|
15/05/08, 16:14:09
| |
| |||
| Re: Ayuda creo que tengo virus Hola de nuevo  , disculpa la tardanza, esque también he andado ocupado con los exámenes.Aquí está lo que me pediste: KASPERSKY ONLINE SCANNER INFORME jueves, 15 de mayo de 2008 13:36:50 Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.1 Ultima actualización: 15/05/2008 Registros en la base antivirus: 775447 Configuración del análisis Analizar usando las siguientes bases estendidas Analizar archivos verdadero Analizar bases de correo verdadero Objetivo a analizar Mi PC C:\ D:\ E:\ F:\ Estadísticas Número de objeros analizados 98723 Virus encontrados 4 Objetos infectados 16 / 0 Objetos sospechosos 0 Duración del análisis 01:35:07 Bombre del objeto infectado Nombre del virus Última acción C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\cer t8.db Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\his tory.dat Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\key 3.db Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\par ent.lock Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\sea rch.sqlite Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\url classifier2.sqlite Object is locked saltado C:\Documents and Settings\Hiram\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Logs\Dfsr00005.log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\pending.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\dfs r.db Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\fsr .log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\fsr tmp.log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\tmp .edb Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows Live Contacts\capy86@hotmail.com\real\members.stg Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows Live Contacts\capy86@hotmail.com\shadow\members.stg Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_001_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_002_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_003_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_MAP_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\MSHist012008051520080 516\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\fla390.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DF4A15.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DF4C03.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFCA24.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFCA30.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\My Documents\Mis historiales de conversación\Mayo 2008\freddyandnelly@hotmail.com.ple Object is locked saltado C:\Documents and Settings\Hiram\NTUSER.DAT Object is locked saltado C:\Documents and Settings\Hiram\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\SC68EB953.tmp Object is locked saltado C:\WINDOWS\SchedLgU.Txt Object is locked saltado C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked saltado C:\WINDOWS\system32\config\Internet.evt Object is locked saltado C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado C:\WINDOWS\system32\config\OSession.evt Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked saltado C:\WINDOWS\system32\dkjbtbzb.exe Infectados: Worm.Win32.AutoRun.dsf saltado C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado C:\WINDOWS\system32\h323log.txt Object is locked saltado C:\WINDOWS\system32\iwtayckc.exe Infectados: Worm.Win32.AutoRun.dsf saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado C:\WINDOWS\system32\yetgpndo.exe Infectados: Worm.Win32.AutoRun.dqq saltado C:\WINDOWS\system32\yfjzypev.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\WINDOWS\system32\zghnt.exe Infectados: Worm.Win32.AutoRun.dsf saltado C:\WINDOWS\Temp\Perflib_Perfdata_144.dat Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_378.dat Object is locked saltado C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado C:\WINDOWS\WindowsUpdate.log Object is locked saltado C:\_OTMoveIt\MovedFiles\05152008_110531\SDFix\back ups\backups.zip/backups/hosts Infectados: Trojan.Win32.Qhost.aei saltado C:\_OTMoveIt\MovedFiles\05152008_110531\SDFix\back ups\backups.zip/backups/isi32.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\SDFix\back ups\backups.zip ZIP: infectado - 2 saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\aajlse.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\aljc.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\brtdj.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\ivtzv.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\izfe.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\oxsegkf.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\qdhglq.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\udls.exe Infectados: Worm.Win32.AutoRun.dmh saltado D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado Análisis completado. Informe del OTMovedIt: C:\SDFix\backups\backups.zip moved successfully. C:\WINDOWS\system32\aajlse.exe moved successfully. C:\WINDOWS\system32\aljc.exe moved successfully. C:\WINDOWS\system32\brtdj.exe moved successfully. C:\WINDOWS\system32\ivtzv.exe moved successfully. C:\WINDOWS\system32\izfe.exe moved successfully. C:\WINDOWS\system32\oxsegkf.exe moved successfully. C:\WINDOWS\system32\qdhglq.exe moved successfully. C:\WINDOWS\system32\udls.exe moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_110531 Gracias, saludos  |
|
16/05/08, 11:31:25
| |
| ||||
| Re: Ayuda creo que tengo virus Hola capy
Cita:
Pasa el Ccleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Realiza Varios Analisis Realiza un nuevo scan con el Kaspersky Online y nos pegas su reporte aqui. Mis saludos |
|
23/05/08, 17:21:46
| |
| |||
| Re: Ayuda creo que tengo virus HOLA, hice lo que me pediste , aquí está el reporte:viernes, 23 de mayo de 2008 15:18:18 Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.1 Ultima actualización: 23/05/2008 Registros en la base antivirus: 799296 Configuración del análisis Analizar usando las siguientes bases estendidas Analizar archivos verdadero Analizar bases de correo verdadero Objetivo a analizar Mi PC C:\ D:\ E:\ F:\ Estadísticas Número de objeros analizados 117361 Virus encontrados 5 Objetos infectados 10 / 0 Objetos sospechosos 0 Duración del análisis 01:49:59 Bombre del objeto infectado Nombre del virus Última acción C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\cer t8.db Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\his tory.dat Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\key 3.db Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\par ent.lock Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\sea rch.sqlite Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\url classifier2.sqlite Object is locked saltado C:\Documents and Settings\Hiram\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Logs\Dfsr00005.log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\pending.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\dfs r.db Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\fsr .log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\fsr tmp.log Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Messenger\capy86@hotmail.com\Sharin gMetadata\Working\database_BA4C_802D_4C7F_E295\tmp .edb Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows Live Contacts\capy86@hotmail.com\real\members.stg Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows Live Contacts\capy86@hotmail.com\shadow\members.stg Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_001_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_002_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_003_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_MAP_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\MSHist012008052320080 524\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\Sin título-1.swf Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFAD.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFBF.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFCEC.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFD38.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFD670.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFD743.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFF9BB.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temp\~DFF9F8.tmp Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\My Documents\Mis historiales de conversación\Mayo 2008\bliss_cat02@hotmail.com.ple Object is locked saltado C:\Documents and Settings\Hiram\NTUSER.DAT Object is locked saltado C:\Documents and Settings\Hiram\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked saltado C:\Program Files\Internet Explorer\IEXPLORE.EXE.log Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\SC68EB953.tmp Object is locked saltado C:\WINDOWS\SchedLgU.Txt Object is locked saltado C:\WINDOWS\SoftwareDistribution\EventCache\{CD08F5 6F-8FA5-4C73-9899-E763FA5238C3}.bin Object is locked saltado C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked saltado C:\WINDOWS\system32\config\Internet.evt Object is locked saltado C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado C:\WINDOWS\system32\config\OSession.evt Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked saltado C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado C:\WINDOWS\system32\h323log.txt Object is locked saltado C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_15c.dat Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_394.dat Object is locked saltado C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado C:\WINDOWS\WindowsUpdate.log Object is locked saltado C:\winhost.exe Infectados: Trojan.Win32.Pakes.cwk saltado C:\_OTMoveIt\MovedFiles\05152008_110531\SDFix\back ups\backups.zip/backups/hosts Infectados: Trojan.Win32.Qhost.aei saltado C:\_OTMoveIt\MovedFiles\05152008_110531\SDFix\back ups\backups.zip/backups/isi32.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05152008_110531\SDFix\back ups\backups.zip ZIP: infectado - 2 saltado C:\_OTMoveIt\MovedFiles\05152008_110531\WINDOWS\sy stem32\udls.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05232008_122028\WINDOWS\sy stem32\dkjbtbzb.exe Infectados: Worm.Win32.AutoRun.dsf saltado C:\_OTMoveIt\MovedFiles\05232008_122028\WINDOWS\sy stem32\iwtayckc.exe Infectados: Worm.Win32.AutoRun.dsf saltado C:\_OTMoveIt\MovedFiles\05232008_122028\WINDOWS\sy stem32\yetgpndo.exe Infectados: Worm.Win32.AutoRun.dqq saltado C:\_OTMoveIt\MovedFiles\05232008_122028\WINDOWS\sy stem32\yfjzypev.exe Infectados: Worm.Win32.AutoRun.dmh saltado C:\_OTMoveIt\MovedFiles\05232008_122028\WINDOWS\sy stem32\zghnt.exe Infectados: Worm.Win32.AutoRun.dsf saltado D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado Análisis completado. MUCHAS GRACIAS  |
|
23/05/08, 18:33:05
| |
| ||||
| Re: Ayuda creo que tengo virus Hola capy Perdon por la intromisión francisco157  Bien capy realiza lo siguiente: Elimina la siguiente carpeta con todo su contenido: C:\_OTMoveIt\ Luego de eso: Busca y elimina este archivo, Para archivos que no se dejen eliminar usa FileASSASSIN,con la opción "Use la función de borrado normal". C:\winhost.exe Luego de eso realiza un nuevo scan con Kaspersky y pegas nuevamente el reporte. Cualquier duda nos comentas  Andresmix <<Nunca pierdas la esperanza de tus sueños>> |
|
25/05/08, 16:11:32
| |
| |||
| Re: Ayuda creo que tengo virus Hola, grcias Andresmix y Francisco157 aquí esta el nuevo informe: sábado, 24 de mayo de 2008 14:52:11 Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner versión: 5.0.84.1 Ultima actualización: 24/05/2008 Registros en la base antivirus: 799624 Configuración del análisis Analizar usando las siguientes bases estendidas Analizar archivos verdadero Analizar bases de correo verdadero Objetivo a analizar Mi PC C:\ D:\ E:\ F:\ Estadísticas Número de objeros analizados 117561 Virus encontrados 0 Objetos infectados 0 / 0 Objetos sospechosos 0 Duración del análisis 01:42:12 Bombre del objeto infectado Nombre del virus Última acción C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\cer t8.db Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\his tory.dat Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\key 3.db Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\par ent.lock Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\sea rch.sqlite Object is locked saltado C:\Documents and Settings\Hiram\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\url classifier2.sqlite Object is locked saltado C:\Documents and Settings\Hiram\Cookies\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_001_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_002_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_003_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Application Data\Mozilla\Firefox\Profiles\l46si0ls.default\Cac he\_CACHE_MAP_ Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\History\History.IE5\MSHist012008052420080 525\index.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado C:\Documents and Settings\Hiram\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\Hiram\NTUSER.DAT Object is locked saltado C:\Documents and Settings\Hiram\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado C:\Program Files\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked saltado C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado C:\WINDOWS\SC68EB953.tmp Object is locked saltado C:\WINDOWS\SchedLgU.Txt Object is locked saltado C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\default Object is locked saltado C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked saltado C:\WINDOWS\system32\config\Internet.evt Object is locked saltado C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado C:\WINDOWS\system32\config\OSession.evt Object is locked saltado C:\WINDOWS\system32\config\SAM Object is locked saltado C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\SECURITY Object is locked saltado C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado C:\WINDOWS\system32\config\software Object is locked saltado C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked saltado C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado C:\WINDOWS\system32\config\system Object is locked saltado C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked saltado C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado C:\WINDOWS\system32\h323log.txt Object is locked saltado C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_280.dat Object is locked saltado C:\WINDOWS\Temp\Perflib_Perfdata_640.dat Object is locked saltado C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado C:\WINDOWS\WindowsUpdate.log Object is locked saltado D:\System Volume Information\MountPointManagerRemoteDa |