Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Administrador\Cookies\administrador@ssl-hints.netflame[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.16:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.17:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.18:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.19:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.20:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.21:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.22:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.23:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.59:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.60:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.61:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.78:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.79:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.97:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.146:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.147:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.148:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.149:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.150:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.151:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.179:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.180:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.182:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.207:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.208:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.209:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.219:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.245:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.246:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.247:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.248:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.249:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.250:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.255:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.283:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.284:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.285:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.286:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.287:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.292:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.293:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.294:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.298:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.299:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.300:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.301:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.302:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.303:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.304:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.305:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.306:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.307:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.308:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.310:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.311:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.312:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.313:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.314:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.331:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.343:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.383:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.384:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.385:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.402:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\z40ju847.default \cookies-1.txt
Risk: Medium

Name: Downloader.Delf.ain
Path: C:\WINDOWS\system32\cmdow.exe
Risk: High



ahi esta el log, supuestamente los borro pero el nod me sigue diciendo que tengo un troyano :(

ya no me responden

Ten pasiencia ya el warrior tomo tu tema y el debe continuarlo quizas esta ocupado.

Hola Miwako,

Perdon por el retrazo, pero debes de entender que es finde y para muchos de nosotros es tiempo para estar con la famila y lejos del pc. Por Favor sea Paciente

Es necesario que me pegues, de forma correcta el reporte que genera SDFix, de lo contrario, poco y nada, puedo saber que infeccion tienes en tu pc, por favor Ejecute de nuevo el SDFix, tal y como lo indica su manual..

Salu2!
No olvides volver.

jajaj si esta bn q tengan q estra con la familia y amigos lo entiendo ^^
mas q nada lo puse para q el tema subiera xD poq ya estaba muy atras ;B
el SDFix lo habia extraido en el escritorio y por eso no salia completo xD
bueno aca va:


SDFix: Version 1.219
Run by Administrador on 24/08/2008 at 23:52

Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 23:56:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ff,ff,8e,fa,ad,1f,a6,b4,70,8f,7a,39,4f ,e4,73,c8,8e,58,2e,53,a7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ff,ff,8e,fa,ad,1f,a6,b4,70,8f,7a,39,4f ,e4,73,c8,8e,58,2e,53,a7,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe"
Sat 7 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 8 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e 78b88fd8276fd7d29cb7e4eb\BIT18.tmp"

Finished!



lo revisé pero no veo algo malo :S incluso dice q no hay troyanos....pero el nod sigue diciendo q tengo el win32/mebroot. :(

Hola ,

El SDFix, no encontro infeccion de MBR Rootkit, lo cual me parece muy raro, pero realiza lo siguiente para descartar cualquier cosa.

-Apaga el "Restaurar Sistema" (solo en Win Me, XP y Vista) y activa ver archivos ocultos.

-Descarga la herramienta MbrFix.exe y guardala en el directorio raiz C:\

• Quedando de la siguiente manera: C:\MbrFix.exe

-Reinicia en Modo Seguro (a prueba de fallos)

-Ve a Inicio > Todos los programas > Accesorios > Simbolo del sistema

• Una vez en la ventana MS-DOS escribes el siguiente comando:

C:/mbrfix /drive 0 listpartitions
Te devolvera el listado de las particiones de esta forma:

A continuaciòn escribes: C:/mbrfix /drive 0 fixmbr <-- esto para reparar el MBR de la particiòn 1.

Te devolvera lo siguiente:

Escoges Y para reparar y N para salir de la aplicaciòn.

Si tienes mas de una particion entonces debes ejecutar

C:/mbrfix /drive 0 fixmbr
C:/mbrfix /drive 1 fixmbr
.
.
.
Dependiendo del listado que te devolvio el comando C:/mbrfix /drive 0 listpartitions

-Reinicias en modo normal y realizas un nuevo escaneo con ESET Online Scanner para comprobar los resultados.

NOTA:
-Antes de reparar el MBR asegurese da hacer una copia de sus archivos más importantes.
-Para mayor comodidad imprime los pasos.
-Al terminar los pasos esconde los archivos ocultos y activa restaurar sistema.
-Recuerda volver y contarnos los resultados.

graciiiaaaasss!!!

con el mbrfix se soluciono :) y ya no sale la alerta en el nod

gracias por tu tiempo y ayuda ^^

Muy bien, pues cualquier duda ya sabes donde encontrarnos aqui siempre estamos para ayudar.
Daremos tú tema por solucionado, pero si llegase a surgir el problema le das clic al botón del simbolito arriba del post: o también puedes mandarle un MP (Mensaje privado) a cualquier Miembro del Staff para qué re-abran el tema y seguir con el mismo