 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
04/10/08, 12:30:32
|  |
| |||
 Pop-Up emergentes y limitación de las funciones. Muy buenas, antes de nada muchas gracias por la ayuda que se me pueda prestar, empiezo a estresarme al no encontrar la forma de poder acabar con estos Spyware. Para que puedas entenderme mejor me explicaré por partes. Sobre mi ordenador: Uso XP SP3, antivirus NOD32 actualizado y he pasado varias veces Ad-Aware Pro 2008. Nota: Al pasar Ad-Aware encuentra unos 74 infecciones, de las cuales "borra" todas salvo una Coockie de la que es imposible eliminar. Me dice que reinicie el PC para que surjan los efectos, pero al reiniciar siguen intactas las infecciones. Sintomas del ordenador: Aparecion de Pop-up de internet explorer cada 2 minutos, desaparición del icono Ejecutar e inhabilitación del Administrador de Tareas (solucionado con Winrecover), imposibilidad de iniciar el ordenador en modo Seguro ya que se reinicia cuando carga los archivos de Windows. Te adjunto el log de HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:03, on 10/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Twain\Twain.exe C:\Program Files\GetPack\GetPack21.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mitele.telecinco.es/series/aida/index.shtml?p=1 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe" O4 - HKCU\..\Run: [iwwkg] "c:\documents and settings\casto\local settings\datos de programa\iwwkg.exe" iwwkg O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{414EB874-132D-481E-8CA4-23D714ADD0F0}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A535E9A0-E10F-4A49-83D9-839D58A89FD1}: NameServer = 62.81.0.1,62.42.63.52 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5397 bytes      |
|
05/10/08, 05:29:55
| |
| ||||
| Re: Pop-Up emergentes y limitación de las funciones. Hola y bienvenido al foro...  Descarga las siguientes herramientas pero no las ejecutes aún: Descarga el Ccleaner y lo usas en las opciones limpiador y luego en registro haciendo una copia del registro... Ejecuta las herramientas de la manera que te indico y en el orden que te lo indico:
Ubuntu User #20783 Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
Antes de usar ComboFix.... |
07/10/08, 08:16:11
| |
| |||
 Re: Pop-Up emergentes y limitación de las funciones. Buenas axl456, he seguido los pasos tal cual me has mencionado. Aquí te dejo ambos reportes. ----------------------------------------------------------------------------- ComboFix 08-10-06.05 - Casto 2008-10-07 12:40:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.1595 [GMT 2:00] Running from: C:\Documents and Settings\Casto\Escritorio\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menú Inicio\Programas\InternetGameBox C:\Documents and Settings\All Users\Menú Inicio\Programas\InternetGameBox\Confidencialidad. url C:\Documents and Settings\All Users\Menú Inicio\Programas\InternetGameBox\Desinstalar.lnk C:\Documents and Settings\All Users\Menú Inicio\Programas\InternetGameBox\InternetGameBox.l nk C:\Documents and Settings\All Users\Menú Inicio\Programas\InternetGameBox\Términos y condiciones.url C:\Documents and Settings\All Users\Menú Inicio\Programas\InternetGameBox\Website.url C:\Documents and Settings\Casto\Local Settings\Datos de programa\iwwkg.dat C:\Documents and Settings\Casto\Local Settings\Datos de programa\iwwkg.exe C:\Documents and Settings\Casto\Local Settings\Datos de programa\iwwkg_nav.dat C:\Documents and Settings\Casto\Local Settings\Datos de programa\iwwkg_navps.dat C:\WINDOWS\system\oeminfo.ini . ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 ))))))))))))))))))))))))))))))) . 2008-10-07 11:41 . 2008-10-07 11:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-07 11:41 . 2008-10-07 11:41 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Malwarebytes 2008-10-07 11:41 . 2008-10-07 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-10-07 11:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-07 11:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-04 17:39 . 2008-10-04 17:39 <DIR> d-------- C:\Program Files\CCleaner 2008-10-04 17:13 . 2008-10-04 17:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-04 15:54 . 2008-10-04 15:54 222 --a------ C:\WINDOWS\MyDrivers.ini 2008-10-03 21:56 . 2008-10-03 22:03 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Hamachi 2008-10-03 21:55 . 2008-10-03 21:56 <DIR> d-------- C:\Program Files\Hamachi 2008-10-03 21:55 . 2008-10-03 21:55 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-10-03 21:21 . 2008-10-03 21:21 <DIR> d-------- C:\Program Files\Valve 2008-10-02 21:16 . 2008-10-02 21:17 <DIR> d-------- C:\Program Files\Unlocker 2008-10-02 21:16 . 2008-10-07 12:36 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Desktopicon 2008-09-30 18:50 . 2008-09-30 18:50 <DIR> d-------- C:\Logs 2008-09-30 15:24 . 2008-10-04 21:41 <DIR> d-------- C:\Program Files\World of Warcraft 2008-09-29 00:58 . 2008-09-29 00:56 332 --a------ C:\Nuevo Documento de Wordpad.doc 2008-09-28 21:03 . 2008-09-30 16:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-09-24 21:32 . 2008-09-24 21:32 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-09-24 20:36 . 2008-09-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-24 20:36 . 2008-09-24 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft 2008-09-24 20:10 . 2008-09-24 20:10 33,280 --a------ C:\Documents and Settings\Casto\dbiddc.exe 2008-09-24 20:01 . 2008-09-24 20:01 33,280 --a------ C:\Documents and Settings\Casto\igygr.exe 2008-09-20 13:45 . 2008-09-20 13:46 <DIR> d-------- C:\Program Files\Lopxp 2008-09-15 23:26 . 2008-09-15 23:26 44,288 --a------ C:\WINDOWS\system32\drivers\mpupjjrg.sys 2008-09-15 22:39 . 2008-09-24 20:10 104,352 --a------ C:\WINDOWS\system32\drivers\ndisio.sys 2008-09-14 16:19 . 2008-09-14 16:19 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-09-14 16:19 . 2008-09-14 16:19 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Media Player Classic 2008-09-14 16:19 . 2008-09-14 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Apple Computer 2008-09-14 16:19 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-14 16:19 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-14 15:08 . 2008-09-14 15:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-09-14 12:15 . 2008-09-14 12:13 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-09-14 12:12 . 2008-09-14 12:12 <DIR> d-------- C:\Program Files\eRightSoft 2008-09-12 11:49 . 2008-09-12 11:49 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\AntsSoft 2008-09-12 01:53 . 2008-09-12 01:54 <DIR> d-------- C:\Program Files\SWFBanner 2008-09-12 00:53 . 2008-09-12 00:53 244 --ah----- C:\sqmnoopt12.sqm 2008-09-12 00:53 . 2008-09-12 00:53 232 --ah----- C:\sqmdata12.sqm 2008-09-12 00:44 . 2008-09-12 00:44 244 --ah----- C:\sqmnoopt11.sqm 2008-09-12 00:44 . 2008-09-12 00:44 232 --ah----- C:\sqmdata11.sqm 2008-09-10 21:51 . 2008-09-10 21:51 118 --a------ C:\WINDOWS\system32\MRT.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-10-07 09:37 --------- d-----w C:\Program Files\cFosSpeed 2008-10-05 15:56 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\teamspeak2 2008-10-03 14:45 --------- d-----w C:\Program Files\Gate2Gaia 2008-10-02 19:41 --------- d-----w C:\Program Files\Nokia 2008-09-24 18:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-20 18:40 --------- d-----w C:\Program Files\AIMP2 2008-09-20 11:28 --------- d-----w C:\Program Files\Java 2008-09-12 09:50 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-11 17:02 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\PC Suite 2008-09-10 19:49 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 17:10 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\FileZilla 2008-08-19 22:05 0 ----a-w C:\Documents and Settings\Casto\Datos de programa\wklnhst.dat 2008-08-19 22:05 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\Template 2008-08-17 20:27 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\CoSoSys 2008-08-11 20:51 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\Folder Guard 2008-08-10 19:23 --------- d-----w C:\Program Files\ESET 2008-08-10 19:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\ESET 2008-08-10 18:58 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2006-12-17 20:32 0 ----a-w C:\Documents and Settings\HERMINIO\Application Data\wklnhst.dat 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 1658592] "Steam"="c:\program files\valve\steam\steam.exe" [2008-10-04 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 7585792] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248] "fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-09-18 995328] "FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [2006-09-05 139264] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1418496] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "nwiz"="nwiz.exe" [2006-08-16 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360] C:\Documents and Settings\Casto\Men£ Inicio\Programas\Inicio\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.divxa32"= msaud32_divx.acm "vidc.yv12"= yv12vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\Msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3274:TCP"= 3274:TCP:Blizzard downloader "6112:TCP"= 6112:TCP:Blizzard downloader R0 mpupjjrg;mpupjjrg;C:\WINDOWS\system32\Drivers\mpup jjrg.sys [2008-09-15 44288] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-11-08 30728] R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe [2006-08-23 520704] R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-10 14336] R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys [2006-09-18 22912] S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-GetPack21 - C:\Program Files\GetPack\GetPack21.exe MSConfigStartUp-iwwkg - c:\documents and settings\casto\local settings\datos de programa\iwwkg.exe MSConfigStartUp-Twain - C:\Program Files\Twain\Twain.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Casto\Datos de programa\Mozilla\Firefox\Profiles\bxvm47n6.default \ FF -: plugin - C:\Documents and Settings\Casto\Datos de programa\Mozilla\Firefox\Profiles\bxvm47n6.default \extensions\LogMeInClient@logmein.com\plugins\npRA Ctrl.dll . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-07 12:43:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-10-07 12:48:47 ComboFix-quarantined-files.txt 2008-10-07 10:48:44 Pre-Run: 69.868.310.528 bytes free Post-Run: 70,530,514,944 bytes libres 183 --- E O F --- 2008-10-02 17:53:48 -------------------------------------------------------------------------------------------------------- Reporte del Malwarebytes' Anti-Malware. Malwarebytes' Anti-Malware 1.28 Versión de la Base de Datos: 1239 Windows 5.1.2600 Service Pack 2 10/7/2008 12:36:56 mbam-log-2008-10-07 (12-36-56).txt Tipo de examen : Examen Completo (C:\|) Objetos examinados: 152973 Tiempo transcurrido: 52 minute(s), 55 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 11 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 10 Ficheros Infectados: 26 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\bchanger (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully. Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\BChanger (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. Ficheros Infectados: C:\Documents and Settings\Casto\Datos de programa\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\GetPack\GetPack21.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3F582E25-CBFE-4DB7-9D06-0A5EAC482FE1}\RP93\A0017942.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3F582E25-CBFE-4DB7-9D06-0A5EAC482FE1}\RP93\A0017943.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3F582E25-CBFE-4DB7-9D06-0A5EAC482FE1}\RP93\A0017944.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\b148.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\ressources\favoris\defaultv2 .swf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\BChanger\data.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\BChanger\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\BChanger\_bchanger.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Un saludo y gracias de antemano por la ayuda. |
|
08/10/08, 00:30:01
| |
| ||||
| Re: Pop-Up emergentes y limitación de las funciones. Para comenzar ingresa a Virustotal y sube estos archivos para que sean analizados:
luego realiza lo siguiente: 1.- abre un bloc de notas. 2.- Ahora copia y pega estos archivos dentro del bloc de notas Código: File:: C:\Documents and Settings\Casto\dbiddc.exe C:\Documents and Settings\Casto\igygr.exe C:\WINDOWS\system32\drivers\mpupjjrg.sys C:\WINDOWS\system32\drivers\ndisio.sys Driver:: mpupjjrg ndisio 4.- Arrastra y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.  Reinicia y nos contas los resultados. junto con un nuevo reporte de ComboFix y los reportes de virustotal.. Ubuntu User #20783 Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
10/10/08, 07:11:34
| |
| |||
| Re: Pop-Up emergentes y limitación de las funciones. - Perdón por el retraso, he tenido algunos problemas al hacer estos ultimos pasos. Entre ellos al pasar ComboFix.exe me ha desconfigurado la configuración de internet, por lo que tengo que subir los reportes desde otro ordenador. He intentado hacer una Restauración del Sistema al punto que realizó ComboFix.exe, pero no se soluciona, así que mejor me centraré en terminar de limpiar el PC de Malware y cuando lo tenga terminado intentaré volver a configurar la conexión. Te dejo los reportes: VirusTotal: Análisis del archivo wuauclt.exe recibido el 08.10.2008 23:36:14 (CET) Motor antivirus Versión Última actualización Resultado AhnLab-V3 2008.10.3.2 2008.10.08 - AntiVir 7.8.1.34 2008.10.08 - Authentium 5.1.0.4 2008.10.08 - Avast 4.8.1248.0 2008.10.08 - AVG 8.0.0.161 2008.10.08 - BitDefender 7.2 2008.10.08 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.08 - DrWeb 4.44.0.09170 2008.10.08 - eSafe 7.0.17.0 2008.10.08 - eTrust-Vet 31.6.6134 2008.10.07 - Ewido 4.0 2008.10.08 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.08 Suspicious:W32/SCKeyLog!Gemini Fortinet 3.113.0.0 2008.10.08 - GData 19 2008.10.08 - Ikarus T3.1.1.34.0 2008.10.08 - K7AntiVirus 7.10.488 2008.10.08 - Kaspersky 7.0.0.125 2008.10.08 - McAfee 5400 2008.10.07 - Microsoft 1.4005 2008.10.08 - NOD32 3504 2008.10.08 - Norman 5.80.02 2008.10.07 - Panda 9.0.0.4 2008.10.07 - PCTools 4.4.2.0 2008.10.08 - Prevx1 V2 2008.10.08 - Rising 20.65.22.00 2008.10.08 - SecureWeb-Gateway 6.7.6 2008.10.08 - Sophos 4.34.0 2008.10.08 - Sunbelt 3.1.1708.1 2008.10.08 - Symantec 10 2008.10.08 - TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.08 - VBA32 3.12.8.6 2008.10.07 - ViRobot 2008.10.8.1412 2008.10.08 - VirusBuster 4.5.11.0 2008.10.08 - Información adicional Tamano archivo: 53448 bytes MD5...: d316e28958873859b88d72cf47ad1ea5 SHA1..: 36a54a85121770e68f836bf32a0bf422a0c4e172 SHA256: afef34f482f5fb1f5768bdc63bc1dd8e787df5391b2fa0fa1e 97041ecb72cae4 SHA512: c18b5124342b9a304da504b98674b289a307576056245d8b7c dcd27a32b8772b<br>0f679baa13838bcd981e8817c27f1644 d2f4c265cbba43344e3f8f083be94af4 PEiD..: - TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4042dd<br>timedatestamp.....: 0x48816313 (Sat Jul 19 03:44:19 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8c84 0x8e00 6.00 9079e1cf62cf93298b09b9c3840b6239<br>.data 0xa000 0xd54 0x400 5.81 aea75c550ab527cbfba56bc33d16ea93<br>.rsrc 0xb000 0x7b8 0x800 4.55 8dc19cba0c732cf17cca6e6eddcdc010<br>.reloc 0xc000 0xc8a 0xe00 3.10 56fa4b399c6d09575836259c52cf6c40<br><br>( 6 imports ) <br>> KERNEL32.dll: CreateFileW, CreateDirectoryW, GetFileAttributesW, ExpandEnvironmentStringsW, lstrlenW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, LoadLibraryW, OutputDebugStringW, WriteFile, FlushFileBuffers, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetSystemTime, GetLastError, SetLastError, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReleaseMutex, WaitForSingleObject, CreateMutexW, CloseHandle, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, GetTimeZoneInformation, SystemTimeToTzSpecificLocalTime, GetSystemDirectoryW, LoadLibraryExW, GetDriveTypeW, GetVolumePathNameW, GetFileType, GetSystemInfo, GetModuleHandleW, CompareStringW, GetProcessHeap, HeapFree, HeapAlloc, GetCommandLineW, FreeLibrary, OpenEventW, GetProcAddress, WideCharToMultiByte, InterlockedExchange, Sleep, InterlockedCompareExchange<br>> msvcrt.dll: __dllonexit, _unlock, _controlfp, _terminate@@YAXXZ, free, malloc, memmove, memcpy, memset, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _lock, _cexit, __wgetmainargs, _vsnwprintf, _onexit, _exit<br>> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoInitializeEx<br>> ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, GetTokenInformation, DuplicateTokenEx, CheckTokenMembership, IsValidSid, CopySid, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetUserNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegCloseKey<br>> OLEAUT32.dll: -, -<br>> SHLWAPI.dll: StrRChrW, -, PathStripToRootW, PathIsRelativeW, StrChrW, PathIsRootW, PathIsUNCW<br><br>( 0 exports ) <br> Motor antivirus;Versión;Última actualización;Resultado AhnLab-V3;2008.10.3.2;2008.10.08;- AntiVir;7.8.1.34;2008.10.08;- Authentium;5.1.0.4;2008.10.08;- Avast;4.8.1248.0;2008.10.08;- AVG;8.0.0.161;2008.10.08;- BitDefender;7.2;2008.10.08;- CAT-QuickHeal;9.50;2008.10.08;- ClamAV;0.93.1;2008.10.08;- DrWeb;4.44.0.09170;2008.10.08;- eSafe;7.0.17.0;2008.10.08;- eTrust-Vet;31.6.6134;2008.10.07;- Ewido;4.0;2008.10.08;- F-Prot;4.4.4.56;2008.10.08;- F-Secure;8.0.14332.0;2008.10.08;Suspicious:W32/SCKeyLog!Gemini Fortinet;3.113.0.0;2008.10.08;- GData;19;2008.10.08;- Ikarus;T3.1.1.34.0;2008.10.08;- K7AntiVirus;7.10.488;2008.10.08;- Kaspersky;7.0.0.125;2008.10.08;- McAfee;5400;2008.10.07;- Microsoft;1.4005;2008.10.08;- NOD32;3504;2008.10.08;- Norman;5.80.02;2008.10.07;- Panda;9.0.0.4;2008.10.07;- PCTools;4.4.2.0;2008.10.08;- Prevx1;V2;2008.10.08;- Rising;20.65.22.00;2008.10.08;- SecureWeb-Gateway;6.7.6;2008.10.08;- Sophos;4.34.0;2008.10.08;- Sunbelt;3.1.1708.1;2008.10.08;- Symantec;10;2008.10.08;- TheHacker;6.3.1.0.103;2008.10.07;- TrendMicro;8.700.0.1004;2008.10.08;- VBA32;3.12.8.6;2008.10.07;- ViRobot;2008.10.8.1412;2008.10.08;- VirusBuster;4.5.11.0;2008.10.08;- Información adicional Tamano archivo: 53448 bytes MD5...: d316e28958873859b88d72cf47ad1ea5 SHA1..: 36a54a85121770e68f836bf32a0bf422a0c4e172 SHA256: afef34f482f5fb1f5768bdc63bc1dd8e787df5391b2fa0fa1e 97041ecb72cae4 -------------------------------------------------------------------------------------------------- Análisis del archivo Smab0.dll recibido el 08.10.2008 23:41:20 (CET) Motor antivirus Versión Última actualización Resultado AhnLab-V3 2008.10.3.2 2008.10.08 - AntiVir 7.8.1.34 2008.10.08 - Authentium 5.1.0.4 2008.10.08 - Avast 4.8.1248.0 2008.10.08 - AVG 8.0.0.161 2008.10.08 - BitDefender 7.2 2008.10.08 - CAT-QuickHeal 9.50 2008.10.08 - ClamAV 0.93.1 2008.10.08 - DrWeb 4.44.0.09170 2008.10.08 - eSafe 7.0.17.0 2008.10.08 Suspicious File eTrust-Vet 31.6.6134 2008.10.07 - Ewido 4.0 2008.10.08 - F-Prot 4.4.4.56 2008.10.08 - F-Secure 8.0.14332.0 2008.10.08 - Fortinet 3.113.0.0 2008.10.08 - GData 19 2008.10.08 - Ikarus T3.1.1.34.0 2008.10.08 - K7AntiVirus 7.10.488 2008.10.08 - Kaspersky 7.0.0.125 2008.10.08 - McAfee 5400 2008.10.07 - Microsoft 1.4005 2008.10.08 - NOD32 3504 2008.10.08 - Norman 5.80.02 2008.10.07 - Panda 9.0.0.4 2008.10.07 - PCTools 4.4.2.0 2008.10.08 - Prevx1 V2 2008.10.08 - Rising 20.65.22.00 2008.10.08 - SecureWeb-Gateway 6.7.6 2008.10.08 - Sophos 4.34.0 2008.10.08 - Sunbelt 3.1.1708.1 2008.10.08 - Symantec 10 2008.10.08 - TheHacker 6.3.1.0.103 2008.10.07 - TrendMicro 8.700.0.1004 2008.10.08 - VBA32 3.12.8.6 2008.10.07 - ViRobot 2008.10.8.1412 2008.10.08 - VirusBuster 4.5.11.0 2008.10.08 - Información adicional Tamano archivo: 27648 bytes MD5...: 2cdfdd3019e885d32c0d7c47ec33f8b3 SHA1..: fa2c7ec1478056ba921c10b433359ef302b3eddd SHA256: d4ceed9eeecab9ec14b0bbe3bff53285719295d2c6ba235496 c7526890b0a6d2 SHA512: 5f4c9b451d8f2329465e61bbdb9b51fa7ac7207174595cbd16 af6709cd36ea92<br>65270b58249b1cf1060c70c04ac8fb53 4580fbb28e5a38a61d0e3402e73dce5a PEiD..: PECompact 2.xx --> BitSum Technologies TrID..: File type identification<br>Win32 EXE PECompact compressed (v2.x) (52.1%)<br>Win32 EXE PECompact compressed (generic) (36.7%)<br>Win32 Executable Generic (7.5%)<br>Generic Win/DOS Executable (1.7%)<br>DOS Executable Generic (1.7%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001000<br>timedatestamp.....: 0x46495058 (Tue May 15 06:16:56 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x14000 0x4800 7.98 1ff33590ef20d67a1b10a5ce2fc53d96<br>.rsrc 0x15000 0x2000 0x2000 6.70 341f7944f03a8a170e0549e0cf9e9f9e<br>.reloc 0x17000 0x200 0x200 0.21 8f5b39eaff78f4364554d021fa93976c<br><br>( 3 imports ) <br>> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree<br>> msvcrt.dll: __dllonexit<br>> WSOCK32.DLL: WSAGetLastError<br><br>( 115 exports ) <br>pthreadCancelableTimedWait, pthreadCancelableWait, pthread_attr_destroy, pthread_attr_getdetachstate, pthread_attr_getinheritsched, pthread_attr_getschedparam, pthread_attr_getschedpolicy, pthread_attr_getscope, pthread_attr_getstackaddr, pthread_attr_getstacksize, pthread_attr_init, pthread_attr_setdetachstate, pthread_attr_setinheritsched, pthread_attr_setschedparam, pthread_attr_setschedpolicy, pthread_attr_setscope, pthread_attr_setstackaddr, pthread_attr_setstacksize, pthread_barrier_destroy, pthread_barrier_init, pthread_barrier_wait, pthread_barrierattr_destroy, pthread_barrierattr_getpshared, pthread_barrierattr_init, pthread_barrierattr_setpshared, pthread_cancel, pthread_cond_broadcast, pthread_cond_destroy, pthread_cond_init, pthread_cond_signal, pthread_cond_timedwait, pthread_cond_wait, pthread_condattr_destroy, pthread_condattr_getpshared, pthread_condattr_init, pthread_condattr_setpshared, pthread_create, pthread_delay_np, pthread_detach, pthread_equal, pthread_exit, pthread_getconcurrency, pthread_getschedparam, pthread_getspecific, pthread_getw32threadhandle_np, pthread_join, pthread_key_create, pthread_key_delete, pthread_kill, pthread_mutex_destroy, pthread_mutex_init, pthread_mutex_lock, pthread_mutex_timedlock, pthread_mutex_trylock, pthread_mutex_unlock, pthread_mutexattr_destroy, pthread_mutexattr_getkind_np, pthread_mutexattr_getpshared, pthread_mutexattr_gettype, pthread_mutexattr_init, pthread_mutexattr_setkind_np, pthread_mutexattr_setpshared, pthread_mutexattr_settype, pthread_num_processors_np, pthread_once, pthread_rwlock_destroy, pthread_rwlock_init, pthread_rwlock_rdlock, pthread_rwlock_timedrdlock, pthread_rwlock_timedwrlock, pthread_rwlock_tryrdlock, pthread_rwlock_trywrlock, pthread_rwlock_unlock, pthread_rwlock_wrlock, pthread_rwlockattr_destroy, pthread_rwlockattr_getpshared, pthread_rwlockattr_init, pthread_rwlockattr_setpshared, pthread_self, pthread_setcancelstate, pthread_setcanceltype, pthread_setconcurrency, pthread_setschedparam, pthread_setspecific, pthread_spin_destroy, pthread_spin_init, pthread_spin_lock, pthread_spin_trylock, pthread_spin_unlock, pthread_testcancel, pthread_timechange_handler_np, pthread_win32_process_attach_np, pthread_win32_process_detach_np, pthread_win32_test_features_np, pthread_win32_thread_attach_np, pthread_win32_thread_detach_np, ptw32_get_exception_services_code, ptw32_pop_cleanup, ptw32_push_cleanup, sched_get_priority_max, sched_get_priority_min, sched_getscheduler, sched_setscheduler, sched_yield, sem_close, sem_destroy, sem_getvalue, sem_init, sem_open, sem_post, sem_post_multiple, sem_timedwait, sem_trywait, sem_unlink, sem_wait<br> packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact packers (F-Prot): PecBundle, PECompact Motor antivirus;Versión;Última actualización;Resultado AhnLab-V3;2008.10.3.2;2008.10.08;- AntiVir;7.8.1.34;2008.10.08;- Authentium;5.1.0.4;2008.10.08;- Avast;4.8.1248.0;2008.10.08;- AVG;8.0.0.161;2008.10.08;- BitDefender;7.2;2008.10.08;- CAT-QuickHeal;9.50;2008.10.08;- ClamAV;0.93.1;2008.10.08;- DrWeb;4.44.0.09170;2008.10.08;- eSafe;7.0.17.0;2008.10.08;Suspicious File eTrust-Vet;31.6.6134;2008.10.07;- Ewido;4.0;2008.10.08;- F-Prot;4.4.4.56;2008.10.08;- F-Secure;8.0.14332.0;2008.10.08;- Fortinet;3.113.0.0;2008.10.08;- GData;19;2008.10.08;- Ikarus;T3.1.1.34.0;2008.10.08;- K7AntiVirus;7.10.488;2008.10.08;- Kaspersky;7.0.0.125;2008.10.08;- McAfee;5400;2008.10.07;- Microsoft;1.4005;2008.10.08;- NOD32;3504;2008.10.08;- Norman;5.80.02;2008.10.07;- Panda;9.0.0.4;2008.10.07;- PCTools;4.4.2.0;2008.10.08;- Prevx1;V2;2008.10.08;- Rising;20.65.22.00;2008.10.08;- SecureWeb-Gateway;6.7.6;2008.10.08;- Sophos;4.34.0;2008.10.08;- Sunbelt;3.1.1708.1;2008.10.08;- Symantec;10;2008.10.08;- TheHacker;6.3.1.0.103;2008.10.07;- TrendMicro;8.700.0.1004;2008.10.08;- VBA32;3.12.8.6;2008.10.07;- ViRobot;2008.10.8.1412;2008.10.08;- VirusBuster;4.5.11.0;2008.10.08;- Información adicional Tamano archivo: 27648 bytes MD5...: 2cdfdd3019e885d32c0d7c47ec33f8b3 SHA1..: fa2c7ec1478056ba921c10b433359ef302b3eddd SHA256: d4ceed9eeecab9ec14b0bbe3bff53285719295d2c6ba235496 c7526890b0a6d2 SHA512: 5f4c9b451d8f2329465e61bbdb9b51fa7ac7207174595cbd16 af6709cd36ea92<br>65270b58249b1cf1060c70c04ac8fb53 4580fbb28e5a38a61d0e3402e73dce5a PEiD..: PECompact 2.xx --> BitSum Technologies TrID..: File type identification<br>Win32 EXE PECompact compressed (v2.x) (52.1%)<br>Win32 EXE PECompact compressed (generic) (36.7%)<br>Win32 Executable Generic (7.5%)<br>Generic Win/DOS Executable (1.7%)<br>DOS Executable Generic (1.7%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001000<br>timedatestamp.....: 0x46495058 (Tue May 15 06:16:56 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x14000 0x4800 7.98 1ff33590ef20d67a1b10a5ce2fc53d96<br>.rsrc 0x15000 0x2000 0x2000 6.70 341f7944f03a8a170e0549e0cf9e9f9e<br>.reloc 0x17000 0x200 0x200 0.21 8f5b39eaff78f4364554d021fa93976c<br><br>( 3 imports ) <br>> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree<br>> msvcrt.dll: __dllonexit<br>> WSOCK32.DLL: WSAGetLastError<br><br>( 115 exports ) <br>pthreadCancelableTimedWait, pthreadCancelableWait, pthread_attr_destroy, pthread_attr_getdetachstate, pthread_attr_getinheritsched, pthread_attr_getschedparam, pthread_attr_getschedpolicy, pthread_attr_getscope, pthread_attr_getstackaddr, pthread_attr_getstacksize, pthread_attr_init, pthread_attr_setdetachstate, pthread_attr_setinheritsched, pthread_attr_setschedparam, pthread_attr_setschedpolicy, pthread_attr_setscope, pthread_attr_setstackaddr, pthread_attr_setstacksize, pthread_barrier_destroy, pthread_barrier_init, pthread_barrier_wait, pthread_barrierattr_destroy, pthread_barrierattr_getpshared, pthread_barrierattr_init, pthread_barrierattr_setpshared, pthread_cancel, pthread_cond_broadcast, pthread_cond_destroy, pthread_cond_init, pthread_cond_signal, pthread_cond_timedwait, pthread_cond_wait, pthread_condattr_destroy, pthread_condattr_getpshared, pthread_condattr_init, pthread_condattr_setpshared, pthread_create, pthread_delay_np, pthread_detach, pthread_equal, pthread_exit, pthread_getconcurrency, pthread_getschedparam, pthread_getspecific, pthread_getw32threadhandle_np, pthread_join, pthread_key_create, pthread_key_delete, pthread_kill, pthread_mutex_destroy, pthread_mutex_init, pthread_mutex_lock, pthread_mutex_timedlock, pthread_mutex_trylock, pthread_mutex_unlock, pthread_mutexattr_destroy, pthread_mutexattr_getkind_np, pthread_mutexattr_getpshared, pthread_mutexattr_gettype, pthread_mutexattr_init, pthread_mutexattr_setkind_np, pthread_mutexattr_setpshared, pthread_mutexattr_settype, pthread_num_processors_np, pthread_once, pthread_rwlock_destroy, pthread_rwlock_init, pthread_rwlock_rdlock, pthread_rwlock_timedrdlock, pthread_rwlock_timedwrlock, pthread_rwlock_tryrdlock, pthread_rwlock_trywrlock, pthread_rwlock_unlock, pthread_rwlock_wrlock, pthread_rwlockattr_destroy, pthread_rwlockattr_getpshared, pthread_rwlockattr_init, pthread_rwlockattr_setpshared, pthread_self, pthread_setcancelstate, pthread_setcanceltype, pthread_setconcurrency, pthread_setschedparam, pthread_setspecific, pthread_spin_destroy, pthread_spin_init, pthread_spin_lock, pthread_spin_trylock, pthread_spin_unlock, pthread_testcancel, pthread_timechange_handler_np, pthread_win32_process_attach_np, pthread_win32_process_detach_np, pthread_win32_test_features_np, pthread_win32_thread_attach_np, pthread_win32_thread_detach_np, ptw32_get_exception_services_code, ptw32_pop_cleanup, ptw32_push_cleanup, sched_get_priority_max, sched_get_priority_min, sched_getscheduler, sched_setscheduler, sched_yield, sem_close, sem_destroy, sem_getvalue, sem_init, sem_open, sem_post, sem_post_multiple, sem_timedwait, sem_trywait, sem_unlink, sem_wait<br> packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact packers (F-Prot): PecBundle, PECompact ------------------------------------------------------------------------------------------------------- ComboFix 08-10-08.02 - Casto 2008-10-10 11:49:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.1638 [GMT 2:00] Running from: C:\Documents and Settings\Casto\Escritorio\ComboFix.exe Command switches used :: C:\Documents and Settings\Casto\Escritorio\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\Casto\dbiddc.exe C:\Documents and Settings\Casto\igygr.exe C:\WINDOWS\system32\drivers\mpupjjrg.sys C:\WINDOWS\system32\drivers\ndisio.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Casto\dbiddc.exe C:\Documents and Settings\Casto\igygr.exe C:\WINDOWS\system32\drivers\mpupjjrg.sys C:\WINDOWS\system32\drivers\ndisio.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MPUPJJRG -------\Service_mpupjjrg ((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))) . 2008-10-08 09:41 . 2008-10-08 09:41 22 --a------ C:\WINDOWS\Progs_.ini 2008-10-08 09:40 . 2008-10-08 09:40 <DIR> d-------- C:\Program Files\Calc3d 2008-10-07 11:41 . 2008-10-07 11:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-07 11:41 . 2008-10-07 11:41 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Malwarebytes 2008-10-07 11:41 . 2008-10-07 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-10-07 11:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-07 11:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-04 17:39 . 2008-10-04 17:39 <DIR> d-------- C:\Program Files\CCleaner 2008-10-04 17:13 . 2008-10-04 17:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-04 15:54 . 2008-10-04 15:54 222 --a------ C:\WINDOWS\MyDrivers.ini 2008-10-03 21:56 . 2008-10-03 22:03 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Hamachi 2008-10-03 21:55 . 2008-10-03 21:56 <DIR> d-------- C:\Program Files\Hamachi 2008-10-03 21:55 . 2008-10-03 21:55 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-10-03 21:21 . 2008-10-03 21:21 <DIR> d-------- C:\Program Files\Valve 2008-10-02 21:16 . 2008-10-02 21:17 <DIR> d-------- C:\Program Files\Unlocker 2008-10-02 21:16 . 2008-10-07 12:36 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Desktopicon 2008-09-30 18:50 . 2008-09-30 18:50 <DIR> d-------- C:\Logs 2008-09-30 15:24 . 2008-10-04 21:41 <DIR> d-------- C:\Program Files\World of Warcraft 2008-09-29 00:58 . 2008-09-29 00:56 332 --a------ C:\Nuevo Documento de Wordpad.doc 2008-09-28 21:03 . 2008-09-30 16:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-09-24 21:32 . 2008-09-24 21:32 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-09-24 20:36 . 2008-09-24 20:36 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-24 20:36 . 2008-09-24 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft 2008-09-20 13:45 . 2008-09-20 13:46 <DIR> d-------- C:\Program Files\Lopxp 2008-09-14 16:19 . 2008-09-14 16:19 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-09-14 16:19 . 2008-09-14 16:19 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\Media Player Classic 2008-09-14 16:19 . 2008-09-14 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Apple Computer 2008-09-14 16:19 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-14 16:19 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-14 15:08 . 2008-09-14 15:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-09-14 12:15 . 2008-09-14 12:13 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-09-14 12:12 . 2008-09-14 12:12 <DIR> d-------- C:\Program Files\eRightSoft 2008-09-12 11:49 . 2008-09-12 11:49 <DIR> d-------- C:\Documents and Settings\Casto\Datos de programa\AntsSoft 2008-09-12 01:53 . 2008-09-12 01:54 <DIR> d-------- C:\Program Files\SWFBanner 2008-09-12 00:53 . 2008-09-12 00:53 244 --ah----- C:\sqmnoopt12.sqm 2008-09-12 00:53 . 2008-09-12 00:53 232 --ah----- C:\sqmdata12.sqm 2008-09-12 00:44 . 2008-09-12 00:44 244 --ah----- C:\sqmnoopt11.sqm 2008-09-12 00:44 . 2008-09-12 00:44 232 --ah----- C:\sqmdata11.sqm 2008-09-10 21:51 . 2008-09-10 21:51 118 --a------ C:\WINDOWS\system32\MRT.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-10-10 09:39 --------- d-----w C:\Program Files\cFosSpeed 2008-10-05 15:56 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\teamspeak2 2008-10-03 14:45 --------- d-----w C:\Program Files\Gate2Gaia 2008-10-02 19:41 --------- d-----w C:\Program Files\Nokia 2008-09-24 18:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-20 18:40 --------- d-----w C:\Program Files\AIMP2 2008-09-20 11:28 --------- d-----w C:\Program Files\Java 2008-09-12 09:50 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-11 17:02 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\PC Suite 2008-09-10 19:49 --------- d-----w C:\Program Files\Microsoft Works 2008-08-27 17:10 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\FileZilla 2008-08-19 22:05 0 ----a-w C:\Documents and Settings\Casto\Datos de programa\wklnhst.dat 2008-08-19 22:05 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\Template 2008-08-17 20:27 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\CoSoSys 2008-08-11 20:51 --------- d-----w C:\Documents and Settings\Casto\Datos de programa\Folder Guard 2008-08-10 19:23 --------- d-----w C:\Program Files\ESET 2008-08-10 19:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\ESET 2008-08-10 18:58 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab 2006-12-17 20:32 0 ----a-w C:\Documents and Settings\HERMINIO\Application Data\wklnhst.dat 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((( snapshot@2008-10-07_12.48.29.17 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-10-08 22:23:37 204,876 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-08-31 1658592] "Steam"="c:\program files\valve\steam\steam.exe" [2008-10-04 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 7585792] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248] "fscp"="C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe" [2006-09-18 995328] "FuncKey"="C:\Program Files\Hotkey Management\FuncKey.exe" [2006-09-05 139264] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1418496] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "nwiz"="nwiz.exe" [2006-08-16 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360] C:\Documents and Settings\Casto\Men£ Inicio\Programas\Inicio\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.divxa32"= msaud32_divx.acm "vidc.yv12"= yv12vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\Msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3274:TCP"= 3274:TCP:Blizzard downloader "6112:TCP"= 6112:TCP:Blizzard downloader R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-11-08 30728] R2 FspadSvc;FspadSvc;C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe [2006-08-23 520704] R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-10 14336] R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;C:\WINDOWS\system32\DRIVERS\fspad.sys [2006-09-18 22912] S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-10 11:56:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe . ************************************************** ************************ . Completion time: 2008-10-10 12:03:19 - machine was rebooted [Casto] ComboFix-quarantined-files.txt 2008-10-10 10:03:13 ComboFix2.txt 2008-10-08 22:08:43 ComboFix3.txt 2008-10-07 10:48:48 Pre-Run: 70,290,309,120 bytes free Post-Run: 70,270,373,888 bytes libres 180 --- E O F --- 2008-10-02 17:53:48 |
|
10/10/08, 13:10:39
| |
| ||||
| Re: Pop-Up emergentes y limitación de las funciones. El reporte esta limpio, realiza lo siguiente:
Si no tienes algun otro problema indicame para dar el tema por solucionado.. Ubuntu User #20783 Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| no puedo eliminar las pantallas emergentes | ZAPIRON | Foro Oficial de HijackThis en español | 1 | 19/08/08 04:24:53 |
| Ayuda, con las dichosas ventanitas emergentes (Solucionado) | neofr | Temas Solucionados | 5 | 05/07/08 14:02:31 |
| Auxilio!!!! las Ventanas emergentes me atacan de nuevo | faba34 | Foro de Virus y Spywares | 6 | 05/03/08 23:36:00 |
| No puedo kitar las ventanas emergentes del CID | spygear | Foro de Virus y Spywares | 13 | 16/05/07 20:37:10 |
| Necesito ayuda con las ventanas emergentes | jaba_ruben | Foro Oficial de HijackThis en español | 1 | 16/11/05 16:37:11 |
Todas las horas son GMT -4. La hora es 03:13:57.
