Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Muy buenas. Gracias y enhorabuena por vustro foro.
Os dejo el reporte del Panda Online para ver si me podéis echar una mano a limpiarlo. Todo empezó porque me apareció el virus del doble acento y un mensaje de windows que me ponía lo de los permisos de CryptoA, al iniciar algunos programas.
Desactivé restaurar sistema, reinicié en modo seguro, pasé el ccleaner, pasé una versión actualizada del malwarebytes (que me eliminó algunas cosas), y le pasé el Panda Online. A continuación os pego el reporte.
Gracias por adelantado.

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-10-30 14:30:41
PROTECTIONS: 0
MALWARE: 16
SUSPECTS: 3
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@tradedoubler[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@tribalfusion[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@xiti[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@adtech[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@advertising[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@overture[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\centro\cookies\centro@smartadserver[1].txt
00366244 Application/NirCmd.A HackTools No 0 No No c:\documents and settings\centro\mis documentos\soft\limpieza virus\flash_disinfector.exe[c:\documents and settings\centro\mis documentos\soft\limpieza virus\flash_disinfector.exe][nircmd.exe]
00370098 Application/Kichwas HackTools No 0 No No c:\documents and settings\centro\mis documentos\soft\contaplus\contaplus elite-factura-nominas-v2004+claves+actualizaciones.rar[veoveo34.zip][veoveodll.dll]
00370098 Application/Kichwas HackTools No 0 No No c:\documents and settings\centro\mis documentos\soft\contaplus\contaplus elite-factura-nominas-v2004+claves+actualizaciones.rar[veoveo34.zip][ganchodll/veoveodll.dll]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No c:\archivos de programa\dvdfab platinum 3\dvdfabplatinum.exe
No c:\documents and settings\centro\mis documentos\downloads\dvd\avi2dvd_setup_05.exe[avisplitter.ax]
No c:\windows\installer\15a8b.msi[unk_0077][²èç]
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
205735 HIGH MS09-002
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194861 HIGH MS08-031
194860 HIGH MS08-030
191618 HIGH MS08-025
191617 HIGH MS08-024
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187735 HIGH MS08-010
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
176382 HIGH MS07-057
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
145501 HIGH MS07-004
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93454 MEDIUM MS05-049
;================================================= ================================================== ================================================== ==============================

Hola que tal, solo son la mayoria cookies que puedes borrar con el limpiador del CCleaner, un falso positivo y un archivo comprimido que si no te es muy necesario lo puedes eliminar:

c:\documents and settings\centro\mis documentos\soft\contaplus\contaplus elite-factura-nominas-v2004+claves+actualizaciones.rar

Este otro lo eliminas:

c:\windows\installer\15a8b.msi

Por las vulnerabilidades que muestra, visita windows Update para que descargues las actualizaciones de seguridad que le faltan al sistema.

Nota: Si tu Sistema Operativo no es original usa WinUp

Y bueno por lo que veo el problema del doble acento te lo solucionó Malwarebytes..

Despues de eso nos comentas si está todo bien


Saludos

Hola, he hecho lo que me has dicho.
Le pasaré el panda online para ver qué me dice, pero yo creo que todo está ok.
En caso de que salga algo raro, te comento.

Ok, pues entonces o bien nos dejas el nuevo reporte o si no recuerda volver para comentarnos si das el tema como solucionado


Saludos