• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Virus "msmviode.exe" "cfdrive32.exe" " Hp1.exe "(Solucionado)

    Resumen del tema: Virus "msmviode.exe" "cfdrive32.exe" " Hp1.exe "(Solucionado) - Hola! Buen dia a todo el Staff ultimamente he estado presentando problemas con mi PC, tengo los programas msviode.exe y cfdrive32.exe los cuales abren a su vez programas de archivos temporales que tienen de nombre ...

      
    1. #1
      Usuario Avatar de ricardoMoncada
      Registrado
      mar 2010
      Ubicación
      Venezuela
      Mensajes
      35

      Virus "msmviode.exe" "cfdrive32.exe" " Hp1.exe "(Solucionado)

      Hola! Buen dia a todo el Staff

      ultimamente he estado presentando problemas con mi PC, tengo los programas msviode.exe y cfdrive32.exe los cuales abren a su vez programas de archivos temporales que tienen de nombre números... porfavor solicito su mas pronta ayuda...
      Última edición por ricardoMoncada fecha: 13/11/10 a las 20:35:09

    2. #2
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.669

      Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      Te doy la Bienvenida ricardoMoncada a Foro Spyware.

      _____________________________

      Reza y :


      Realiza el siguiente procedimiento y lee con anteción los manuales :

      *Nota* Recomiendo la impresión de esta Hoja.
      Paso.- 1







      Paso .-2

      Ejecuta en orden:


      • Ccleaner como lo indica su manual.
      • Malwarebytes’ Anti-Malware En su opción de examen completo , al finalizar presionas Mostrar Resultados y luego
        Quitar lo Seleccionado . si pide reiniciar lo haces.







      • Desactiva temporalmente el Antivirus y/o Antispyware.
        • Cierra todas las ventanas abiertas.
        • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
        • Cuando termine, generará un registro en C:\ComboFix.txt.
          • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
          • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.










      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.





      __________________________


      Nos traes los reporte de:

      ° Malwarebytes.
      ° ComboFix.
      ° Nos comentas como funciona tu sistema.
      Saludos.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de ricardoMoncada
      Registrado
      mar 2010
      Ubicación
      Venezuela
      Mensajes
      35

      Sonrisa Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      Rezar? xD.... asi de grave sera el virus..

      Bueno procedere a hacer todo lo que me indicaste.. de todas formas si quiere4s te paso el log de HihackThis...

      Saludos y gracias

    4. #4
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.669

      Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      Todos juntos después che.. que es fin de semana
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de ricardoMoncada
      Registrado
      mar 2010
      Ubicación
      Venezuela
      Mensajes
      35

      Bien Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      nop, mejor aprovecho para salir de eso de una vez por todas... ah el analisis va por 28 infecciones y analiza dos discos duros (el de la PC y el portatil).. lleva 13 minutos...

      entonces... ¿te paso el log de HihckThis o no?

    6. #6
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.669

      Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      cuando esten los otros dos ahi lo traes; ahora no va a servir de nada; es mas cuando terminas de ejecutar las herramientas sacas un nuevo log de HJT y ese traes.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de ricardoMoncada
      Registrado
      mar 2010
      Ubicación
      Venezuela
      Mensajes
      35

      Articulo Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      ME TIRE A ESPERAR 5 HORAS... pero aqui esta el Log de Malwarebytes':

      Código HTML:
      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org
      
      Versión de la Base de Datos: 5109
      
      Windows 5.1.2600 Service Pack 2
      Internet Explorer 6.0.2900.2180
      
      13/11/2010 19:55:48
      mbam-log-2010-11-13 (19-55-48).txt
      
      Tipos de Análisis: Análisis Completo (C:\|F:\|)
      Objetos examinados: 237910
      Tiempo transcurrido: 5 hora(s), 2 minuto(s), 48 segundo(s)
      
      Procesos en Memoria Infectados: 0
      Módulos de Memoria Infectados: 1
      Claves del Registro Infectadas: 7
      Valores del Registro Infectados: 15
      Elementos de Datos del Registro Infectados: 3
      Carpetas Infectadas: 1
      Archivos Infectados: 141
      
      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)
      
      Módulos de Memoria Infectados:
      c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot.
      
      Claves del Registro Infectadas:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FraudPack) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\65MWRMP54G (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away 4.0.x_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.
      
      Valores del Registro Infectados:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psysnew2 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msodesnv7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psuu4 (Worm.Hamweq) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tjpp2 (Trojan.Inject) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psysjo32 (Worm.Hamweq) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psysjo3 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\puda4 (Worm.Hamweq) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tjii321 (Worm.Hamweq) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FraudPack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced dhtml enable (Trojan.Dropper) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced ddtml enable (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Delete on reboot.
      
      Elementos de Datos del Registro Infectados:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,C:\Documents and Settings\Ricardo Moncada\Datos de programa\ltzqai.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.isonico.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.isonico.com/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
      
      Carpetas Infectadas:
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455 (Worm.AutoRun) -> Quarantined and deleted successfully.
      
      Archivos Infectados:
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew2.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msvmiode.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe (Worm.Hamweq) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe (Trojan.Inject) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe (Worm.Hamweq) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe (Worm.Hamweq) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe (Worm.Hamweq) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\Hp1.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
      C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\0561.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\53523.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Archivos de programa\Webteh\BSplayerPro\bsplayer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
      C:\Archivos de programa\MSN\messenger9.exe (Trojan.Pasta) -> Quarantined and deleted successfully.
      C:\Archivos de programa\MSN\winp.exe (Trojan.Pasta) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\0VZGVUBA\game2[1]._ (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\0VZGVUBA\serv[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\5Z0GYJ3N\game2[2]._ (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\IN2NKR8H\game2[2]._ (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\IN2NKR8H\serv5[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\IN2NKR8H\so8[2].exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\IN2NKR8H\isvs[1]._ (Trojan.Qhost) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\N3AV9OE3\isvs[1]._ (Trojan.Qhost) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Archivos temporales de Internet\Content.IE5\N3AV9OE3\game2[2]._ (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\8792.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\911208.exe (Trojan.Qhost) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\9426884.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\943097.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\964333.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\9852462.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\542.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\6240.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\657484.exe (Trojan.Qhost) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\6786326.exe (Trojan.Qhost) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\686.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\7829623.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\789.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\8104.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\835227.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\84669.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\018136.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\0306018.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\0908034.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\1343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\182770.exe (Worm.Email) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\22839.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\322638.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\3237.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\3285.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\343880.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\3827968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\42265.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Configuración local\Temp\4459.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\4718011..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\058016..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\0742..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\076754..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\090508..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\182770..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\1971664..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\21664..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\26444..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\35053..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\440187..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\4459..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\718..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\7322..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\79672..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\79795..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\84669..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\8815580..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\91355..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\920..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\93281..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\983142..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\4957154..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\54482..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\5807981..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\604..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\6112495..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\657484..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\6786326..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\679..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\6928278..exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Mis documentos\Mis imágenes\Descargas\Medicina\guitarpro6-patch-Fixed.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Mis documentos\Mis imágenes\Descargas\UDOBot\msvcp100d.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Mis documentos\Descargas\Keygen.Adware.Away.4.0.45057.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Rikardo Monkada\Escritorio\pc games - microsoft - age of empires ii - the age of the kings(2)\Data\PatternMasks.dat (Spyware.Onlinegames) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP83\A0092498.exe (Trojan.IRCBrute) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP83\A0092499.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP84\A0092511.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP85\A0092525.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP85\A0092526.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP85\A0092539.exe (Trojan.Inject) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP85\A0092540.exe (Worm.Autorun) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP86\A0092547.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP86\A0092548.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP87\A0092699.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP87\A0092700.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP88\A0093751.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP88\A0093752.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP89\A0093827.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP89\A0093828.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP90\A0093900.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP90\A0093901.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP91\A0095934.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP91\A0096937.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP91\A0096943.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP91\A0096945.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP91\A0097942.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP91\A0097947.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP92\A0097955.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP92\A0097956.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP93\A0098965.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP93\A0098988.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP93\A0098990.exe (Worm.Spambot) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP94\A0098994.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP94\A0098995.exe (Worm.Spambot) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP94\A0099988.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP94\A0101080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP94\A0101082.exe (Worm.Spambot) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP95\A0101996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP96\A0102016.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP96\A0104028.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP98\A0105092.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP98\A0105093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{A1687FBE-B3E9-4267-AFBE-DBA48EA79880}\RP99\A0105111.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\Hqufua.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
      C:\WINDOWS\winp.exe (Trojan.Pasta) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\olhrwef.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      C:\_OTM\MovedFiles\10272010_183543\C_WINDOWS\cfdrive32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\_OTM\MovedFiles\10272010_183543\C_WINDOWS\system32\msvmiode.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
      C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ricardo Moncada\Datos de programa\ltzqai.exe (Worm.Palevo) -> Delete on reboot.
      C:\Archivos de programa\Microsoft Office\OFFICE11\services.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
      C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    8. #8
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.669

      Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      Buenas.

      Que lastima.... Faltaria el reporte de ComboFix.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de ricardoMoncada
      Registrado
      mar 2010
      Ubicación
      Venezuela
      Mensajes
      35

      Articulo Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      Log de Combofix

      ComboFix 10-11-12.06 - Ricardo Moncada 13/11/2010 20:29:45.1.1 - x86
      Running from: c:\documents and settings\Ricardo Moncada\Mis documentos\Descargas\ComboFix.exe
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\archivos de programa\AA Antimalware\AA Antimalware.exe
      c:\archivos de programa\AA Antimalware\aa_global.dll
      c:\archivos de programa\AA Antimalware\en-US\Res.dll
      c:\archivos de programa\Microsoft Office\OFFICE11\*WINWORD.EXE
      c:\documents and settings\Ricardo Moncada\Datos de programa\dach100.dll
      c:\windows\system32\driVERs\DiagnosticScan.sys
      c:\windows\system32\drivers\Start1Driver.SYS

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_SSHNAS
      -------\Legacy_DiagnosticScan
      -------\Legacy_Start1Driver
      -------\Service_DiagnosticScan
      -------\Service_Start1Driver


      ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
      .

      2010-11-13 18:42 . 2010-11-13 18:42 -------- d-----w- c:\documents and settings\Ricardo Moncada\Datos de programa\Malwarebytes
      2010-11-13 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-11-13 18:41 . 2010-11-13 18:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Malwarebytes
      2010-11-13 18:41 . 2010-11-13 18:41 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
      2010-11-13 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-11-13 04:03 . 2010-11-13 04:03 -------- d-----w- c:\archivos de programa\QCP Converter
      2010-11-13 03:58 . 2010-11-13 03:58 -------- d-----w- c:\archivos de programa\HooTech WAV MP3 Converter
      2010-11-12 13:41 . 2010-11-14 00:09 256 ----a-w- c:\windows\system32\pool.bin
      2010-11-12 13:41 . 2010-11-12 13:41 -------- d-----w- c:\documents and settings\Ricardo Moncada\Datos de programa\Research In Motion
      2010-11-12 03:05 . 2010-11-12 03:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\InstallShield
      2010-11-12 03:04 . 2010-11-12 03:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Sonic
      2010-11-12 02:59 . 2010-11-12 02:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\Roxio
      2010-11-12 02:59 . 2010-11-12 02:59 -------- d-----w- c:\archivos de programa\Archivos comunes\Sonic Shared
      2010-11-12 02:59 . 2010-11-12 03:00 -------- d-----w- c:\archivos de programa\Roxio
      2010-11-12 02:59 . 2010-11-12 03:01 -------- d-----w- c:\archivos de programa\Archivos comunes\Roxio Shared
      2010-11-12 02:20 . 2005-01-28 17:44 47616 ----a-w- c:\archivos de programa\Windows Media Player\msoobci.dll
      2010-11-12 02:20 . 2005-01-28 17:44 819200 ----a-w- c:\archivos de programa\Windows Media Player\wmsetsdk.exe
      2010-11-12 02:10 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
      2010-11-12 02:07 . 2010-11-12 02:08 -------- d-----w- c:\archivos de programa\Archivos comunes\Research In Motion
      2010-11-12 02:06 . 2010-11-12 02:06 -------- d-----w- c:\archivos de programa\Research In Motion
      2010-11-12 01:48 . 2010-11-12 01:48 -------- d-sh--w- c:\windows\ftpcache
      2010-11-08 01:38 . 2001-08-23 01:44 3456 -c--a-w- c:\windows\system32\dllcache\pciide.sys
      2010-11-08 01:38 . 2001-08-23 01:44 3456 ----a-w- c:\windows\system32\drivers\pciide.sys
      2010-11-08 01:38 . 2001-08-18 01:52 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
      2010-11-08 01:38 . 2001-08-18 01:52 14720 ----a-w- c:\windows\system32\drivers\dac960nt.sys
      2010-11-08 01:38 . 2004-08-04 02:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
      2010-11-08 01:38 . 2004-08-04 02:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
      2010-11-08 01:38 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
      2010-11-08 01:38 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
      2010-11-08 01:14 . 2010-11-14 00:41 -------- d-----w- c:\archivos de programa\AA Antimalware
      2010-10-31 17:13 . 2010-10-31 17:13 -------- d-----w- c:\archivos de programa\PowerISO
      2010-10-31 17:07 . 2010-10-31 17:07 -------- d-----w- c:\archivos de programa\PyroMu Season 5 Episode 4
      2010-10-27 22:35 . 2010-10-27 22:35 -------- d-----w- C:\_OTM
      2010-10-24 18:45 . 2010-10-24 18:45 -------- d-----w- c:\documents and settings\Ricardo Moncada\Configuración local\Datos de programa\accman
      2010-10-23 19:49 . 2010-10-23 19:49 -------- d-----w- c:\archivos de programa\Profibot

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-10-03 01:54 . 2010-10-02 00:14 2323456 ----a-w- c:\windows\system32\TUKernel.exe
      2010-10-01 17:29 . 2010-10-01 17:29 4608 ----a-w- c:\windows\system32\w95inf32.dll
      2010-10-01 17:29 . 2010-10-01 17:29 2272 ----a-w- c:\windows\system32\w95inf16.dll
      2010-09-11 16:47 . 2010-09-11 16:47 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

      c:\documents and settings\Ricardo Moncada\Men£ Inicio\Programas\Inicio\
      AntiCrash.lnk - c:\archivos de programa\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
      Hare.lnk - c:\archivos de programa\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381]
      Zoom.lnk - c:\archivos de programa\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "EditLevel"= 0 (0x0)
      "NoCommonGroups"= 0 (0x0)
      "GreyMSIAds"= 1 (0x1)

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menú Inicio^Programas^Inicio^BlueSoleil.lnk]
      path=c:\documents and settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\BlueSoleil.lnk
      backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menú Inicio^Programas^Inicio^Desktop Manager.lnk]
      path=c:\documents and settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\Desktop Manager.lnk
      backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
      2009-08-28 03:58 3231744 ----a-w- c:\archivos de programa\Ares\Ares.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      2004-08-19 19:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      2004-10-13 16:24 1694208 ------w- c:\archivos de programa\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      2010-04-17 02:12 3872080 ----a-w- c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
      2010-01-28 22:57 40960 ----a-w- c:\windows\NCLAUNCH.EXe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
      2007-08-07 00:05 200704 ----a-w- c:\archivos de programa\PowerISO\PWRISOVM.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
      2008-06-26 16:22 236016 ----a-w- c:\archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "RoxWatch9"=2 (0x2)
      "RoxMediaDB9"=3 (0x3)
      "RoxLiveShare9"=2 (0x2)
      "Roxio Upnp Server 9"=2 (0x2)
      "Roxio UPnP Renderer 9"=3 (0x3)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
      "ctfmon.exe"=c:\windows\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
      "system"=c:\windows\winp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
      "c:\\Archivos de programa\\Ares\\Ares.exe"=
      "c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
      "c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
      "c:\\Archivos de programa\\Opera\\opera.exe"=
      "c:\\Archivos de programa\\Hamachi\\hamachi.exe"=
      "c:\\Documents and Settings\\Ricardo Moncada\\Escritorio\\Carpetas\\Halo\\savegames\\ricardo\\pc games - microsoft - age of empires ii - the age of the kings(2)\\age2_x1.exe"=
      "c:\\Documents and Settings\\Ricardo Moncada\\Mis documentos\\Descargas\\????? Antistealth\\antistealth.exe"=
      "c:\\WINDOWS\\system32\\dplaysvr.exe"=
      "c:\\Archivos de programa\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
      "c:\\Archivos de programa\\Zuxxez\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
      "c:\\Documents and Settings\\Ricardo Moncada\\Escritorio\\gunman\\Hlds.exe"=
      "c:\\Documents and Settings\\Ricardo Moncada\\Escritorio\\Carpetas\\Counter-Strike 1.6\\hl.exe"=

      R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [08/04/2005 10:46 162176]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp
      .
      Contents of the 'Scheduled Tasks' folder

      2010-11-12 c:\windows\Tasks\Mantenimiento con 1 clic.job
      - c:\archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-22 18:26]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Ricardo Moncada\Menú Inicio\Programas\IMVU\Run IMVU.lnk
      .
      - - - - ORPHANS REMOVED - - - -

      MSConfigStartUp-cdoosoft - c:\windows\system32\olhrwef.exe
      MSConfigStartUp-WinampAgent - c:\archivos de programa\Winamp\winampa.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-11-13 20:48
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
      "A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'explorer.exe'(2228)
      c:\windows\system32\browselc.dll
      c:\archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      c:\archivos de programa\Microsoft Office\OFFICE11\msohev.dll
      c:\archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
      c:\archivos de programa\Java\jre6\bin\jqs.exe
      c:\windows\system32\pctspk.exe
      c:\windows\Integrator.exe
      c:\windows\System32\PAStiSvc.exe
      c:\windows\system32\wdfmgr.exe
      c:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2010-11-13 20:50:40 - machine was rebooted
      ComboFix-quarantined-files.txt 2010-11-14 00:50

      Pre-Run: 3.894.763.520 bytes libres
      Post-Run: 3.918.254.080 bytes libres

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=Z8NW2X /Kernel=TUKernel.exe
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=Z8NW2X-BAK

      - - End Of File - - 6E68471F01727D1F30897F52F532D42F
      [/HTML]y el HijackThis

      Código HTML:
      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 20:54:31, on 13/11/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal
      
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\Archivos de programa\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\pctspk.exe
      C:\WINDOWS\Integrator.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Archivos de programa\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Ricardo Moncada\Mis documentos\Descargas\HijackThis.exe
      
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: AntiCrash.lnk = C:\Archivos de programa\Dachshund Software\AntiCrash\AntiCrash.exe
      O4 - Startup: Hare.lnk = C:\Archivos de programa\Dachshund Software\Hare\Hare.exe
      O4 - Startup: Zoom.lnk = C:\Archivos de programa\Dachshund Software\Zoom\Zoom.exe
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ricardo Moncada\Menú Inicio\Programas\IMVU\Run IMVU.lnk (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
      O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
      O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
      O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
      O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
      
      --
      End of file - 5240 bytes
      Última edición por Tyny's fecha: 14/11/10 a las 02:29:06

    10. #10
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.669

      Re: msviode.exe + cfdrive32.exe + Hp1.exe (virus molestos)

      Buenas.

      Es muy importante que nos comentes como funciona tu Pc ...
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo