• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 14

    Run-time error 7 malwarebytes

    Resumen del tema: Run-time error 7 malwarebytes - buenas gente , Abro el tema para mostrarle lo que le pasó a malwarebytes , mientras escaneaba un equipo. miren que cantidad de virus, estoy estupefacto!!! apenas pueda paso otravez el MBAM, ya pasé el ...

      
    1. #1
      Usuario Avatar de luisk60309
      Registrado
      feb 2011
      Ubicación
      Colombia
      Mensajes
      34

      Malware Run-time error 7 malwarebytes

      buenas gente,



      Abro el tema para mostrarle lo que le pasó a malwarebytes, mientras escaneaba un equipo.

      miren que cantidad de virus, estoy estupefacto!!!






      apenas pueda paso otravez el MBAM, ya pasé el ccleaner y el pc tiene el nod desactualizado desde marzo de este año, cuando tenga todo actualizado volvere a hacer la lrutina de limpieza,
      solo quería mostrar esto q nunca había visto.
      y si me pueden explicar a q se debe esto

    2. #2
      Ex-Colaborador Avatar de Dariosil
      Registrado
      jun 2009
      Ubicación
      Argentina.
      Mensajes
      5.651

      Re: Run-time error 7 malwarebytes

      Hola luisk60309

      A lo que se debe, es que son archivos de gran tamaño.

      Que problemas tienes en el ordenador?

      No tengas Antivirus desactualizados, es mejor tener un Antivirus Free.

      Esperare los próximos reportes.
      “Software privativo significa que priva a los usuarios de su libertad“

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de luisk60309
      Registrado
      feb 2011
      Ubicación
      Colombia
      Mensajes
      34

      Re: Run-time error 7 malwarebytes

      hola Dario1978, gracias por responder

      el pc, es usado por varios usuarios, y estaba o esá lleno de virus, me dicen q siempre q conectan sus memorias se les infecta y como no según vimos con el escan de MBAM.
      Después del mensaje q puse en la imagen (el run-time error), el pc se quedó bloqueadoy tocó reiniciarlo a la fuerza...

      ydespués pasé otra vez MBAM y cuando terminó de escanear las unidades y comenzó con: analizando elementos adicionales en su sistema (que desde ahí comienza a detectar virus desde 17 q van hasta los q ves en la imagen del primer post) lo aborté y le di eliminar elementos seleccionados y eliminó y reinició, pero olvidé copiar el reporte y desinstalé el MBAM.


      alcazé a ver q muchos elementos estaban en los temporales o algo así, y eliminé el contenido de TEMP y %temp%.

      igual mañana cuando haga todo bien, te pego los reportes.


      revisando otros equipos con MBAM me salió ente error y al actualizar el chico en cuestión también




      a que se debe?
      Última edición por luisk60309 fecha: 17/06/11 a las 16:49:57 Razón: Nueva inquietud respecto a MBAM

    4. #4
      Usuario Avatar de luisk60309
      Registrado
      feb 2011
      Ubicación
      Colombia
      Mensajes
      34

      Re: Run-time error 7 malwarebytes

      buenas, en la respuesta anterior te comenté que ese día pase de nuevo el MBAM y aborté el analisis en un punto, bueno aqui está el reporte:

      Código:
      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org
      
      Versión de la Base de Datos: 6872
      
      Windows 5.1.2600 Service Pack 2
      Internet Explorer 7.0.5730.11
      
      15/06/2011 15:04:06
      mbam-log-2011-06-15 (15-04-06).txt
      
      Tipos de Análisis: Análisis Rápido
      Objetos examinados: 214820
      Tiempo transcurrido: 9 minuto(s), 34 segundo(s)
      
      Procesos en Memoria Infectados: 0
      Módulos de Memoria Infectados: 0
      Claves del Registro Infectadas: 2
      Valores del Registro Infectados: 3
      Elementos de Datos del Registro Infectados: 0
      Carpetas Infectadas: 3
      Archivos Infectados: 157
      
      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)
      
      Módulos de Memoria Infectados:
      (No se han detectado elementos maliciosos)
      
      Claves del Registro Infectadas:
      HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      
      Valores del Registro Infectados:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
      
      Elementos de Datos del Registro Infectados:
      (No se han detectado elementos maliciosos)
      
      Carpetas Infectadas:
      c:\WINDOWS\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\e_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
      
      Archivos Infectados:
      c:\WINDOWS\system32\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\internet.fne (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\internet.fne (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\documents and settings\administrador\menú inicio\programas\Inicio\¡¡¡¡¡¡.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\og.edt (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\\E_4\dp1.fne (Spyware.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\15a.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\6a.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\dsc03757.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\dsc03762.jpg (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\dw.log (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\fla699.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\flaf8.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\glb1a2b.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\h2r192.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\h2r23e.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\h2r2aa.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\h2r2c7.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\hojas de vida . hilda prias - actualizada  diciembre 2009-.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt10.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt11.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfd4da.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfdbb9.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfdc9a.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfde4.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfe029.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfe030.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfe3e.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfe47c.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfe491.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfe6be.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfeae8.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfed94.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfef9c.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfefaf.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dff5cf.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dff722.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dff86f.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dff882.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dffc12.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrc0000.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrc0001.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrc0003.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrc1275.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrd0000.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrd0001.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrd0292.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrd0862.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrd2172.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrd3561.doc (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0000.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\powerpnt.log (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df2779.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df290a.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df34b6.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df3617.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df3f7f.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df5b80.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df623e.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df6f40.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df7064.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df7528.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df7e78.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df88c9.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df89bd.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df8f0d.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0002.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0003.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0004.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0005.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0006.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0007.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0424.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf1185.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf3038.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf3410.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf3428.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf4010.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0000.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0001.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0002.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0003.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0004.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0005.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0006.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs0484.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs1701.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs2483.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs2761.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs3181.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrs3920.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df959e.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df9a6c.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df9c14.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df9c29.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfa3ea.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfa6bf.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfaad2.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfb368.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfb59b.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfc245.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfcc2f.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfcdbc.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfcf9d.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt14.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\ppt5d8.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df1c9d.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df9112.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~dfd019.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~wrf0001.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\u8f6it4y.emf (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\vgxd0.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\vgxd2.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\wecerr.txt (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\who.txt (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\_iu14d2n.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df1059.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df106c.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df10bd.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df10c4.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df156c.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\~df1c88.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt16.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt17.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt19.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt1a.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt1b.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt1e.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt1f.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt20.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt23.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt24.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imt25.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imtc.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imtd.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imte.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\imtf.xml (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\java_install_reg.log (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\mpca.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\mpcb.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.
      c:\windows\temp\\e_4\e_4\15a.tmp (Worm.AutoRun) -> Quarantined and deleted successfully.

    5. #5
      Usuario Avatar de luisk60309
      Registrado
      feb 2011
      Ubicación
      Colombia
      Mensajes
      34

      Bien Re: Run-time error 7 malwarebytes

      y hoy, de nuevo pasé el ccleaner y el MBAM
      y aqui está el reporte de MBAM:



      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org

      Versión de la Base de Datos: 6880

      Windows 5.1.2600 Service Pack 2
      Internet Explorer 7.0.5730.11

      17/06/2011 14:50:04
      mbam-log-2011-06-17 (14-50-04).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|)
      Objetos examinados: 148356
      Tiempo transcurrido: 10 minuto(s), 20 segundo(s)

      Procesos en Memoria Infectados: 0
      Módulos de Memoria Infectados: 0
      Claves del Registro Infectadas: 0
      Valores del Registro Infectados: 0
      Elementos de Datos del Registro Infectados: 6
      Carpetas Infectadas: 0
      Archivos Infectados: 2

      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Claves del Registro Infectadas:
      (No se han detectado elementos maliciosos)

      Valores del Registro Infectados:
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Infectados:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Carpetas Infectadas:
      (No se han detectado elementos maliciosos)

      Archivos Infectados:
      c:\documents and settings\networkservice\configuración local\archivos temporales de internet\Content.IE5\G2C0NQD6\gqvgcrvu[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
      c:\documents and settings\networkservice\configuración local\archivos temporales de internet\Content.IE5\JTXMHHA4\ggsy[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.

      Ah, te comento, iba a hacer todo en modo seguro pero no pude iniciar el pc en modo seguro, ya que cuando cargaba sptd.sys de nuevo volvia al menu donde se escoge si se inicia normalmente o en modo seguro

      despues del analisis con MBAM pasé el TDSkiller y aqui está el reporte, con la opción skip, no quise escoger otra hasta no tener una opinión suya acerca del informe, ya que el objeto sospechoso involucra sptd.sys

      aqui el informe de TDSkiller

      Código:
      2011/06/17 14:58:31.0406 1096	TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
      2011/06/17 14:58:32.0453 1096	================================================================================
      2011/06/17 14:58:32.0453 1096	SystemInfo:
      2011/06/17 14:58:32.0453 1096	
      2011/06/17 14:58:32.0453 1096	OS Version: 5.1.2600 ServicePack: 2.0
      2011/06/17 14:58:32.0453 1096	Product type: Workstation
      2011/06/17 14:58:32.0453 1096	ComputerName: DESKTOP
      2011/06/17 14:58:32.0453 1096	UserName: Administrador
      2011/06/17 14:58:32.0453 1096	Windows directory: C:\windows
      2011/06/17 14:58:32.0453 1096	System windows directory: C:\windows
      2011/06/17 14:58:32.0453 1096	Processor architecture: Intel x86
      2011/06/17 14:58:32.0453 1096	Number of processors: 1
      2011/06/17 14:58:32.0453 1096	Page size: 0x1000
      2011/06/17 14:58:32.0453 1096	Boot type: Normal boot
      2011/06/17 14:58:32.0453 1096	================================================================================
      2011/06/17 14:58:33.0875 1096	Initialize success
      2011/06/17 14:58:35.0906 1244	================================================================================
      2011/06/17 14:58:35.0906 1244	Scan started
      2011/06/17 14:58:35.0906 1244	Mode: Manual; 
      2011/06/17 14:58:35.0906 1244	================================================================================
      2011/06/17 14:58:38.0187 1244	ACPI            (33d1373ee875ce8b063777f7e77815b7) C:\windows\system32\DRIVERS\ACPI.sys
      2011/06/17 14:58:39.0140 1244	ACPIEC          (1c905333c0b9f3d7c68ddf25e54b00f9) C:\windows\system32\drivers\ACPIEC.sys
      2011/06/17 14:58:39.0921 1244	aeaudio         (b2886807ac2543da273765cef4d82d68) C:\windows\system32\drivers\aeaudio.sys
      2011/06/17 14:58:40.0656 1244	aec             (1ee7b434ba961ef845de136224c30fec) C:\windows\system32\drivers\aec.sys
      2011/06/17 14:58:41.0390 1244	AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\windows\System32\drivers\afd.sys
      2011/06/17 14:58:42.0781 1244	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\windows\system32\DRIVERS\asyncmac.sys
      2011/06/17 14:58:43.0515 1244	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\windows\system32\DRIVERS\atapi.sys
      2011/06/17 14:58:44.0968 1244	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\windows\system32\DRIVERS\atmarpc.sys
      2011/06/17 14:58:45.0718 1244	audstub         (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
      2011/06/17 14:58:46.0484 1244	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
      2011/06/17 14:58:47.0234 1244	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
      2011/06/17 14:58:47.0937 1244	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\windows\system32\drivers\Cdfs.sys
      2011/06/17 14:58:48.0703 1244	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\windows\system32\DRIVERS\cdrom.sys
      2011/06/17 14:58:50.0859 1244	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\windows\system32\DRIVERS\disk.sys
      2011/06/17 14:58:51.0625 1244	dmboot          (9fb634a0ed429aa64de57c53dd10ccf9) C:\windows\system32\drivers\dmboot.sys
      2011/06/17 14:58:52.0375 1244	dmio            (67decfaf3b6cdb34b3fa77d965281bb5) C:\windows\system32\drivers\dmio.sys
      2011/06/17 14:58:53.0125 1244	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
      2011/06/17 14:58:53.0875 1244	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\windows\system32\drivers\DMusic.sys
      2011/06/17 14:58:54.0625 1244	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\windows\system32\drivers\drmkaud.sys
      2011/06/17 14:58:55.0390 1244	E100B           (afee15c5b16317ebf17f79cc1843465a) C:\windows\system32\DRIVERS\e100b325.sys
      2011/06/17 14:58:56.0140 1244	eamon           (59d9e5dbcfef1e0e3dbac1b55c718f2d) C:\windows\system32\DRIVERS\eamon.sys
      2011/06/17 14:58:56.0906 1244	ehdrv           (3bd67a869964bf57266cbbd1dca38c6a) C:\windows\system32\DRIVERS\ehdrv.sys
      2011/06/17 14:58:57.0765 1244	epfwtdir        (aa0af2830fc14ffd7e80611614ecac74) C:\windows\system32\DRIVERS\epfwtdir.sys
      2011/06/17 14:58:58.0531 1244	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\windows\system32\drivers\Fastfat.sys
      2011/06/17 14:58:59.0234 1244	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\windows\system32\DRIVERS\fdc.sys
      2011/06/17 14:59:00.0000 1244	Fips            (6e9d149cfae2af4783f85dbd6cedf7a1) C:\windows\system32\drivers\Fips.sys
      2011/06/17 14:59:00.0781 1244	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\windows\system32\DRIVERS\flpydisk.sys
      2011/06/17 14:59:01.0578 1244	FltMgr          (5a85cd3d07273e3f6fe72ee9c6431632) C:\windows\system32\DRIVERS\fltMgr.sys
      2011/06/17 14:59:02.0359 1244	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
      2011/06/17 14:59:03.0093 1244	Ftdisk          (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\windows\system32\DRIVERS\ftdisk.sys
      2011/06/17 14:59:03.0875 1244	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\windows\system32\DRIVERS\msgpc.sys
      2011/06/17 14:59:04.0609 1244	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\windows\system32\DRIVERS\hidusb.sys
      2011/06/17 14:59:05.0375 1244	HTTP            (909d110c9634b0f1487eaaea837317d9) C:\windows\system32\Drivers\HTTP.sys
      2011/06/17 14:59:06.0109 1244	i8042prt        (0cab3ee361cfeab260b3906c8b6fb2be) C:\windows\system32\DRIVERS\i8042prt.sys
      2011/06/17 14:59:06.0843 1244	ialm            (c2236528c79953d677e33c4dd7772c86) C:\windows\system32\DRIVERS\ialmnt5.sys
      2011/06/17 14:59:07.0546 1244	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\windows\system32\DRIVERS\imapi.sys
      2011/06/17 14:59:08.0265 1244	IntelIde        (161b54c8200663ada2c145d87e8d4340) C:\windows\system32\DRIVERS\intelide.sys
      2011/06/17 14:59:09.0000 1244	intelppm        (98bbc0e8efa90fff1ec9456ee7b0b1f1) C:\windows\system32\DRIVERS\intelppm.sys
      2011/06/17 14:59:09.0734 1244	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\windows\system32\DRIVERS\Ip6Fw.sys
      2011/06/17 14:59:10.0500 1244	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
      2011/06/17 14:59:11.0234 1244	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\windows\system32\DRIVERS\ipinip.sys
      2011/06/17 14:59:11.0984 1244	IpNat           (d58ecd3b3969a670e68588f1640920b6) C:\windows\system32\DRIVERS\ipnat.sys
      2011/06/17 14:59:12.0718 1244	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\windows\system32\DRIVERS\ipsec.sys
      2011/06/17 14:59:13.0437 1244	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\windows\system32\DRIVERS\irenum.sys
      2011/06/17 14:59:14.0171 1244	isapnp          (90bc6118193b4e8a76f0fc0d4a3572de) C:\windows\system32\DRIVERS\isapnp.sys
      2011/06/17 14:59:14.0906 1244	Kbdclass        (71bfdda7b3006b45b18d8bac92bc9993) C:\windows\system32\DRIVERS\kbdclass.sys
      2011/06/17 14:59:15.0625 1244	kmixer          (8531438246ce9474e41ee1599904c0c7) C:\windows\system32\drivers\kmixer.sys
      2011/06/17 14:59:16.0359 1244	KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\windows\system32\drivers\KSecDD.sys
      2011/06/17 14:59:17.0812 1244	MBAMSwissArmy   (d68e165c3123aba3b1282eddb4213bd8) C:\windows\system32\drivers\mbamswissarmy.sys
      2011/06/17 14:59:18.0531 1244	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
      2011/06/17 14:59:19.0265 1244	Modem           (b65f57d37e8d43089b701ed16e22d0e9) C:\windows\system32\drivers\Modem.sys
      2011/06/17 14:59:20.0593 1244	Mouclass        (05e9c75c6797145a4983e9d0a4778bc3) C:\windows\system32\DRIVERS\mouclass.sys
      2011/06/17 14:59:21.0578 1244	mouhid          (8ee532e516b2d23d686cfc1cc0a15c25) C:\windows\system32\DRIVERS\mouhid.sys
      2011/06/17 14:59:22.0281 1244	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\windows\system32\drivers\MountMgr.sys
      2011/06/17 14:59:23.0000 1244	MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\windows\system32\DRIVERS\mrxdav.sys
      2011/06/17 14:59:23.0765 1244	MRxSmb          (3ecc5f53a627b28a23aa7cc8c9376db4) C:\windows\system32\DRIVERS\mrxsmb.sys
      2011/06/17 14:59:24.0500 1244	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\windows\system32\drivers\Msfs.sys
      2011/06/17 14:59:25.0265 1244	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\windows\system32\drivers\MSKSSRV.sys
      2011/06/17 14:59:25.0984 1244	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\windows\system32\drivers\MSPCLOCK.sys
      2011/06/17 14:59:26.0734 1244	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\windows\system32\drivers\MSPQM.sys
      2011/06/17 14:59:27.0484 1244	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\windows\system32\DRIVERS\mssmbios.sys
      2011/06/17 14:59:28.0187 1244	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\windows\system32\drivers\Mup.sys
      2011/06/17 14:59:28.0937 1244	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\windows\system32\drivers\NDIS.sys
      2011/06/17 14:59:29.0687 1244	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\windows\system32\DRIVERS\ndistapi.sys
      2011/06/17 14:59:30.0437 1244	Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\windows\system32\DRIVERS\ndisuio.sys
      2011/06/17 14:59:31.0156 1244	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\windows\system32\DRIVERS\ndiswan.sys
      2011/06/17 14:59:31.0906 1244	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\windows\system32\drivers\NDProxy.sys
      2011/06/17 14:59:32.0671 1244	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\windows\system32\DRIVERS\netbios.sys
      2011/06/17 14:59:33.0375 1244	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\windows\system32\DRIVERS\netbt.sys
      2011/06/17 14:59:34.0125 1244	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\windows\system32\drivers\Npfs.sys
      2011/06/17 14:59:34.0859 1244	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\windows\system32\drivers\Ntfs.sys
      2011/06/17 14:59:35.0625 1244	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
      2011/06/17 14:59:36.0375 1244	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
      2011/06/17 14:59:37.0109 1244	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
      2011/06/17 14:59:37.0859 1244	Parport         (0df0b83c90473ccfdc3dc882cbb6e4a9) C:\windows\system32\DRIVERS\parport.sys
      2011/06/17 14:59:38.0578 1244	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\windows\system32\drivers\PartMgr.sys
      2011/06/17 14:59:39.0312 1244	ParVdm          (fad44d704ecd7d39ad01415b8bb34204) C:\windows\system32\drivers\ParVdm.sys
      2011/06/17 14:59:40.0015 1244	PCI             (a566b8da5e70b3237274d418853a87e0) C:\windows\system32\DRIVERS\pci.sys
      2011/06/17 14:59:41.0468 1244	PCIIde          (33d63f0a9021acb4d75d83b646b93a30) C:\windows\system32\drivers\PCIIde.sys
      2011/06/17 14:59:42.0171 1244	Pcmcia          (6374a34b03aea7971c976982a391ad07) C:\windows\system32\drivers\Pcmcia.sys
      2011/06/17 14:59:45.0750 1244	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\windows\system32\DRIVERS\raspptp.sys
      2011/06/17 14:59:46.0453 1244	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
      2011/06/17 14:59:47.0156 1244	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
      2011/06/17 14:59:47.0890 1244	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\windows\system32\DRIVERS\rasl2tp.sys
      2011/06/17 14:59:48.0609 1244	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\windows\system32\DRIVERS\raspppoe.sys
      2011/06/17 14:59:49.0312 1244	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
      2011/06/17 14:59:50.0031 1244	Rdbss           (ed375ce745c42a14f10753f7022ecd6a) C:\windows\system32\DRIVERS\rdbss.sys
      2011/06/17 14:59:50.0781 1244	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
      2011/06/17 14:59:51.0515 1244	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\windows\system32\DRIVERS\rdpdr.sys
      2011/06/17 14:59:52.0265 1244	RDPWD           (047bea21274c8a4a233674a76c958c2c) C:\windows\system32\drivers\RDPWD.sys
      2011/06/17 14:59:52.0984 1244	redbook         (28531a950381da67fc6412dfebcc8c5c) C:\windows\system32\DRIVERS\redbook.sys
      2011/06/17 14:59:53.0765 1244	Secdrv          (d26e26ea516450af9d072635c60387f4) C:\windows\system32\DRIVERS\secdrv.sys
      2011/06/17 14:59:54.0484 1244	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\windows\system32\DRIVERS\serenum.sys
      2011/06/17 14:59:55.0218 1244	Serial          (fa9c4c4ac544301fa13c5c00a270399f) C:\windows\system32\DRIVERS\serial.sys
      2011/06/17 14:59:55.0937 1244	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\windows\system32\drivers\Sfloppy.sys
      2011/06/17 14:59:57.0375 1244	smwdm           (675c3c4d6da71e6be31548150521b561) C:\windows\system32\drivers\smwdm.sys
      2011/06/17 14:59:58.0125 1244	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS
      2011/06/17 14:59:58.0843 1244	splitter        (9bb1dd670cb7505a90fc4e61d4aa8227) C:\windows\system32\drivers\splitter.sys
      2011/06/17 14:59:59.0609 1244	sptd            (3a162b39f0aefdd841c75a46ba94fefc) C:\windows\system32\Drivers\sptd.sys
      2011/06/17 14:59:59.0625 1244	Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 3a162b39f0aefdd841c75a46ba94fefc
      2011/06/17 14:59:59.0640 1244	sptd - detected LockedFile.Multi.Generic (1)
      2011/06/17 15:00:00.0375 1244	Srv             (5230953c21c811b5fc1ff31ae2b48097) C:\windows\system32\DRIVERS\srv.sys
      2011/06/17 15:00:01.0109 1244	swenum          (03c1bae4766e2450219d20b993d6e046) C:\windows\system32\DRIVERS\swenum.sys
      2011/06/17 15:00:01.0828 1244	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\windows\system32\drivers\swmidi.sys
      2011/06/17 15:00:02.0593 1244	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\windows\system32\drivers\sysaudio.sys
      2011/06/17 15:00:03.0296 1244	Tcpip           (64a75ea132e38494525fdb545b75ef81) C:\windows\system32\DRIVERS\tcpip.sys
      2011/06/17 15:00:04.0015 1244	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\windows\system32\drivers\TDPIPE.sys
      2011/06/17 15:00:04.0718 1244	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\windows\system32\drivers\TDTCP.sys
      2011/06/17 15:00:05.0484 1244	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\windows\system32\DRIVERS\termdd.sys
      2011/06/17 15:00:06.0953 1244	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\windows\system32\drivers\Udfs.sys
      2011/06/17 15:00:07.0765 1244	Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\windows\system32\DRIVERS\update.sys
      2011/06/17 15:00:08.0515 1244	usbehci         (b0d7020386c7187ef9c5a9643f289cd3) C:\windows\system32\DRIVERS\usbehci.sys
      2011/06/17 15:00:09.0234 1244	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\windows\system32\DRIVERS\usbhub.sys
      2011/06/17 15:00:09.0953 1244	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\windows\system32\DRIVERS\USBSTOR.SYS
      2011/06/17 15:00:10.0703 1244	usbuhci         (ff6e4fdeb82dc228efa490336409c6bd) C:\windows\system32\DRIVERS\usbuhci.sys
      2011/06/17 15:00:11.0421 1244	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\windows\System32\drivers\vga.sys
      2011/06/17 15:00:12.0828 1244	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\windows\system32\DRIVERS\wanarp.sys
      2011/06/17 15:00:14.0234 1244	wdmaud          (0bfa8203b8148fb4e54bc212c41ce497) C:\windows\system32\drivers\wdmaud.sys
      2011/06/17 15:00:15.0125 1244	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
      2011/06/17 15:00:15.0875 1244	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
      2011/06/17 15:00:16.0640 1244	{6080A529-897E-4629-A488-ABA0C29B635E} (02cea7fc83b48d59732dcaee910334fa) C:\windows\system32\drivers\ialmsbw.sys
      2011/06/17 15:00:17.0343 1244	{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (68547ea3ab2fbdbee8e6aca9640996b6) C:\windows\system32\drivers\ialmkchw.sys
      2011/06/17 15:00:17.0390 1244	MBR (0x1B8)     (792f61657fece3d17a9122b4ee282847) \Device\Harddisk0\DR0
      2011/06/17 15:00:17.0546 1244	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
      2011/06/17 15:00:18.0531 1244	================================================================================
      2011/06/17 15:00:18.0531 1244	Scan finished
      2011/06/17 15:00:18.0531 1244	================================================================================
      2011/06/17 15:00:18.0562 1188	Detected object count: 1
      2011/06/17 15:00:18.0562 1188	Actual detected object count: 1
      2011/06/17 15:00:35.0765 1188	LockedFile.Multi.Generic(sptd) - User select action: Skip

    6. #6
      Ex-Colaborador Avatar de Dariosil
      Registrado
      jun 2009
      Ubicación
      Argentina.
      Mensajes
      5.651

      Re: Run-time error 7 malwarebytes

      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.Importante instalar Recovery Console.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt.



      Descarga:
      Ejecutas el USBFix
      1. Conecte todos sus dispositivos extraibles, Pendrive\Micro SD, etc.
      2. Haga doble Click sobre USBFix
      3. Elija el idioma que desea, si es Castellano pulse C
      4. Seguido teclee la opción 2 - Eliminar \ Deleting
      5. El proceso de desinfección se iniciará, el ordenador se reiniciará.
      6. Cuando Windows inicie, USBFix, arrancará en automático, para complementar el proceso de desinfección y vacunación.
      7. USBFix, genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt
      En tu próximo post pegas el reporte del ComboFix y del UsbFix, Comentando como esta funcionado tu sistema.
      “Software privativo significa que priva a los usuarios de su libertad“

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de luisk60309
      Registrado
      feb 2011
      Ubicación
      Colombia
      Mensajes
      34

      Re: Run-time error 7 malwarebytes

      viejo, las carpetas que crea usbfix, SAS las detecta como virus.

    8. #8
      Ex-Colaborador Avatar de Dariosil
      Registrado
      jun 2009
      Ubicación
      Argentina.
      Mensajes
      5.651

      Re: Run-time error 7 malwarebytes

      viejo, las carpetas que crea usbfix, SAS las detecta como virus.
      Si lo tienes como residente, desactiva esa opción del SAS.
      “Software privativo significa que priva a los usuarios de su libertad“

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de luisk60309
      Registrado
      feb 2011
      Ubicación
      Colombia
      Mensajes
      34

      Re: Run-time error 7 malwarebytes

      hola Dario1978,

      bueno te escribo para decirte q todavía no he podido hacer tus indicaciones en el equipo, ya q no he podido sacar un tiempito, pero apenas pueda lo hago, el equipo quedó bastante bn, solo con el problema q te dije anteriormente de no poder acceder en modo seguro

      mientras tanto, en otra máquina pasé el SAS y tengo una duda, en los equipos está instalado el MXONE y el SAS lo detecta como virus, aqui te pego el reporte y te hago una pregunta, es un falso positivo o realmente es perjudicial el MXONE?


      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 06/20/2011 at 05:58 PM

      Application Version : 4.52.1000

      Core Rules Database Version : 7293
      Trace Rules Database Version: 5105

      Scan type : Complete Scan
      Total Scan Time : 00:08:55

      Memory items scanned : 389
      Memory threats detected : 2
      Registry items scanned : 6650
      Registry threats detected : 4
      File items scanned : 9446
      File threats detected : 40

      Trojan.Agent/Gen-Krpytik
      C:\WINDOWS\SYSTEM32\ESCSRV.EXE
      C:\WINDOWS\SYSTEM32\ESCSRV.EXE

      Trojan.Agent/Gen
      C:\ARCHIVOS DE PROGRAMA\MX ONE\MOGTR.EXE
      C:\ARCHIVOS DE PROGRAMA\MX ONE\MOGTR.EXE
      [Mx_One_Guardian_Tiempo_Real] C:\ARCHIVOS DE PROGRAMA\MX ONE\MOGTR.EXE
      C:\WINDOWS\Prefetch\MOGTR.EXE-0502BCAF.pf

      Trojan.DNSChanger-Codec
      C:\Archivos de programa\videosoft\Shared Files\ViewRep7.dll
      C:\Archivos de programa\videosoft\Shared Files\Vsflex7.ocx
      C:\Archivos de programa\videosoft\Shared Files\VSPRINT7.ocx
      C:\Archivos de programa\videosoft\Shared Files\VSStr7.ocx
      C:\Archivos de programa\videosoft\Shared Files
      C:\Archivos de programa\videosoft

      Disabled.SecurityCenterOption
      HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
      HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
      HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

      Adware.Tracking Cookie
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@statcounter[2].txt
      C:\Documents and Settings\Estudiantes\Cookies\[email protected][2].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@fastclick[2].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@mediaplex[2].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@publicidad[1].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@accounts[2].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@atdmt[1].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@doubleclick[1].txt
      C:\Documents and Settings\Estudiantes\Cookies\[email protected][1].txt
      C:\Documents and Settings\Estudiantes\Cookies\[email protected][1].txt
      C:\Documents and Settings\Estudiantes\Cookies\estudiantes@apmebf[2].txt
      C:\Documents and Settings\Estudiantes\Cookies\[email protected][1].txt
      .ad.yieldmanager.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .ad.yieldmanager.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .ad.yieldmanager.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .apmebf.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .atdmt.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .www3.addfreestats.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .doubleclick.net [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .fastclick.net [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .fastclick.net [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .mediaplex.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .mediaplex.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .msnportal.112.2o7.net [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .publicidad.net [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .statcounter.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]
      .statcounter.com [ C:\Documents and Settings\Estudiantes\Datos de programa\Mozilla\Firefox\Profiles\c1qu3orr.default\cookies.sqlite ]

      Unclassified.Unknown Origin/System
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{C93A7264-03D8-483A-8AF4-E1E03C0454AA}\RP31\A0007553.EXE

      Trojan.Agent/Gen-Nullo[Short]
      C:\SYSTEM VOLUME INFORMATION\_RESTORE{C93A7264-03D8-483A-8AF4-E1E03C0454AA}\RP31\A0008612.EXE

      Trojan.Agent/Gen-System
      C:\WINDOWS\SYSTEM32\ESCMULT.EXE
      C:\WINDOWS\Prefetch\ESCMULT.EXE-0557FEE7.pf


      este ultimo, es un archivo del Control de ciber
      , y también deseo saber si es falso positivo, de antemano te agradezco si me puedes aclarar estas dudas mientras logro terminar con el otro equipo (es que está en otra dependencia).
      Última edición por luisk60309 fecha: 23/06/11 a las 12:13:33

    10. #10
      Ex-Colaborador Avatar de Dariosil
      Registrado
      jun 2009
      Ubicación
      Argentina.
      Mensajes
      5.651

      Re: Run-time error 7 malwarebytes

      Estas usando algún antivirus para los puertos Usb??

      Lo del modo de prueba de fallos lo puedes saltar, y proseguir con las demás herramientas.

      mientras tanto, en otra máquina
      Me puedes comentar, cuantas maquinas estas desinsectando??
      “Software privativo significa que priva a los usuarios de su libertad“

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo