 |
| |||||||
| Foro de Virus y Spywares Ayuda con: Malwares - Virus - Spywares - Troyanos - Adwares - Worms - Hijackers - Dialers - Rootkits - Keylogger - etc.) Plantéanos tu problema en este sector. No ponga su log de HijackThis aquí !! |
 |
| | Herramientas |
 | 
06/07/06, 19:07:21
|  |
| |||
 S.O.S Malware PsGuard Hola! Hace meses que tengo el malware PsGuard, he hecho varios intentos de seguir instrucciones que habeis dejado a otros afectados por este malware, pero no me funciona. No consigo eliminarlo.  Con el Ad-Aware SE el scan log que me sale este: Ad-Aware SE Build 1.06r1 Logfile Created on:jueves, 06 de julio de 2006 23:46:57 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R106 02.05.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» » References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard(TAC index:7):1 total references MRU List(TAC index:0):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 06-07-2006 23:46:57 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 572 ThreadCreationTime : 06-07-2006 13:24:40 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 628 ThreadCreationTime : 06-07-2006 13:24:42 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\SYSTEM32\ ProcessID : 652 ThreadCreationTime : 06-07-2006 13:24:44 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 06-07-2006 13:24:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicación de servicios y controlador InternalName : services.exe LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 708 ThreadCreationTime : 06-07-2006 13:24:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 848 ThreadCreationTime : 06-07-2006 13:24:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 924 ThreadCreationTime : 06-07-2006 13:24:49 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 964 ThreadCreationTime : 06-07-2006 13:24:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1020 ThreadCreationTime : 06-07-2006 13:24:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1112 ThreadCreationTime : 06-07-2006 13:24:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1292 ThreadCreationTime : 06-07-2006 13:24:53 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [anbmserv.exe] FilePath : C:\Acer\eManager\ ProcessID : 1380 ThreadCreationTime : 06-07-2006 13:24:53 BasePriority : Normal FileVersion : 3.0.6.9 ProductVersion : 1.0 ProductName : Acer eManager for Notebook CompanyName : OSA Technologies Inc. FileDescription : Service Program for Acer eManager LegalCopyright : Acer Inc. (c) 2004 LegalTrademarks : Acer Empowering Technology Comments : A Windows 2000/XP Service Program for Acer eManager #:13 [btwdins.exe] FilePath : C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\ ProcessID : 1412 ThreadCreationTime : 06-07-2006 13:24:54 BasePriority : Normal FileVersion : 4.0.1.2101 ProductVersion : 4.0.1.2101 ProductName : Bluetooth Software 4.0.1.2101 CompanyName : Broadcom Corporation. FileDescription : Bluetooth Support Server InternalName : BTWDIns LegalCopyright : Copyright 2000-2005, Broadcom Corporation. OriginalFilename : BTWDIns.EXE #:14 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1556 ThreadCreationTime : 06-07-2006 13:24:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:15 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1584 ThreadCreationTime : 06-07-2006 13:24:57 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1876 ThreadCreationTime : 06-07-2006 13:24:59 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorador de Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : EXPLORER.EXE #:17 [epm-dm.exe] FilePath : C:\acer\epm\ ProcessID : 400 ThreadCreationTime : 06-07-2006 13:25:06 BasePriority : Normal FileVersion : 2.62 ProductVersion : 2.62 ProductName : Acer EPM Device Manager CompanyName : Acer Inc FileDescription : Acer EPM Device Manager InternalName : EPM-DM.exe LegalCopyright : Copyright ?2003-2004 by Acer Inc OriginalFilename : EPM-DM.exe #:18 [gnotify.exe] FilePath : C:\Archivos de programa\Google\Gmail Notifier\ ProcessID : 452 ThreadCreationTime : 06-07-2006 13:25:06 BasePriority : Normal FileVersion : 1.0.25.0 ProductVersion : 1.0.25.0 ProductName : Gmail CompanyName : Google Inc. FileDescription : Gmail Notifier LegalCopyright : Copyright © Google Inc. 2004-2005 OriginalFilename : gnotify.exe #:19 [jusched.exe] FilePath : C:\Archivos de programa\Java\jre1.5.0_06\bin\ ProcessID : 480 ThreadCreationTime : 06-07-2006 13:25:06 BasePriority : Normal #:20 [oespamtest.exe] FilePath : C:\ARCHIV~1\KASPER~1\KASPER~1\KASPER~3\ ProcessID : 556 ThreadCreationTime : 06-07-2006 13:25:07 BasePriority : Normal FileVersion : 1.1.50.0 ProductVersion : 1.1.50.0 ProductName : Kaspersky Anti-Spam Personal for Outlook CompanyName : Ashmanov & Partners FileDescription : OE SpamTest DLL loader InternalName : OESpamTest LegalCopyright : Copyright © 2004-2005 Ashmanov & Partners OriginalFilename : OESpamTest.exe Comments : OE SpamTest DLL loader #:21 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 568 ThreadCreationTime : 06-07-2006 13:25:07 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:22 [msmsgs.exe] FilePath : C:\Archivos de programa\Messenger\ ProcessID : 616 ThreadCreationTime : 06-07-2006 13:25:07 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:23 [edict.exe] FilePath : C:\Archivos de programa\Microsoft Encarta\Encarta 2006 Biblioteca Premium DVD\ ProcessID : 820 ThreadCreationTime : 06-07-2006 13:25:07 BasePriority : Normal FileVersion : 15.0.0.0603 ProductVersion : 15.0.0.0603 ProductName : Microsoft Encarta Dictionary Tools CompanyName : Microsoft Corporation FileDescription : Microsoft Encarta Dictionary Tools InternalName : EDICT.EXE LegalCopyright : Copyright © 2002-2005 Microsoft Corp. LegalTrademarks : Microsoft ® is a registered trademark of Microsoft Corporation. OriginalFilename : EDICT.EXE #:24 [bittorrent.exe] FilePath : C:\Archivos de programa\BitTorrent\ ProcessID : 856 ThreadCreationTime : 06-07-2006 13:25:07 BasePriority : Normal #:25 [hpqtra08.exe] FilePath : C:\Archivos de programa\HP\Digital Imaging\bin\ ProcessID : 1700 ThreadCreationTime : 06-07-2006 13:25:13 BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor InternalName : HPQTRA00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor #:26 [bttray.exe] FilePath : C:\Archivos de programa\WIDCOMM\Software Bluetooth\ ProcessID : 1844 ThreadCreationTime : 06-07-2006 13:25:15 BasePriority : Normal FileVersion : 4.0.1.2101 ProductVersion : 4.0.1.2101 ProductName : Bluetooth Software 4.0.1.2101 CompanyName : Broadcom Corporation. FileDescription : Bluetooth Tray Application InternalName : BTTray LegalCopyright : Copyright 2000-2005, Broadcom Corporation. OriginalFilename : BTTray.exe #:27 [kavpf.exe] FilePath : C:\Archivos de programa\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\ ProcessID : 1860 ThreadCreationTime : 06-07-2006 13:25:16 BasePriority : Normal FileVersion : 1.8.0.180 ProductVersion : 1.5.0.0 ProductName : Kaspersky Anti-Hacker CompanyName : Kaspersky Lab FileDescription : Kaspersky Anti-Hacker InternalName : KAVPF LegalCopyright : Copyright © Kaspersky Lab 1996-2005. LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab. OriginalFilename : KAVPF.EXE #:28 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2088 ThreadCreationTime : 06-07-2006 13:25:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:29 [hpqste08.exe] FilePath : C:\Archivos de programa\HP\Digital Imaging\bin\ ProcessID : 2312 ThreadCreationTime : 06-07-2006 13:25:34 BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP CUE Status InternalName : HPQSTS00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQSTS00.EXE Comments : HP CUE Status #:30 [hpqimzone.exe] FilePath : C:\Archivos de programa\HP\Digital Imaging\bin\ ProcessID : 2476 ThreadCreationTime : 06-07-2006 13:25:41 BasePriority : Normal #:31 [hprblog.exe] FilePath : C:\Archivos de programa\HP\Digital Imaging\Product Assistant\bin\ ProcessID : 2600 ThreadCreationTime : 06-07-2006 13:25:46 BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : Hewlett-Packard Product Assistant InternalName : HPRBLOG LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : HPRBLOG.EXE Comments : Hewlett-Packard Product Assistant #:32 [encwcsvr.exe] FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Web Companion\ ProcessID : 2680 ThreadCreationTime : 06-07-2006 18:43:08 BasePriority : Normal #:33 [iexplore.exe] FilePath : C:\Archivos de programa\Internet Explorer\ ProcessID : 3092 ThreadCreationTime : 06-07-2006 19:23:55 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : IEXPLORE.EXE #:34 [ad-aware.exe] FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2412 ThreadCreationTime : 06-07-2006 21:38:18 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Malware.Psguard Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winhound.com Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\DOCUME~1\ (…) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplicatio n Description : most recent application to use microsoft directdraw Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 23:48:49 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:51.860 Objects scanned:80792 Objects identified:1 Objects ignored:0 New critical objects:1 ¿Qué puedo hacer? Gracias por todo      |
|
06/07/06, 19:17:58
| |
| ||||
 Re: S.O.S Malware PsGuard Hola, En el reporte no sale nada de cuidado  Pasa el ewido y el kaspersky online, los ejecutas desde aqui: http://www.forospyware.com/foro-de-v...s/aviso-7.html Pegas los reportes en tu proxima respuesta. Por cierto, a veces (en mi experiencia) he tendio que agragr a lo que marca este tutorial: Eliminar familia PSGuard, AntiVirGear, VirusProtectPro, Antivirus 2009, SpyLocked el archivo C:\WINDOWS\System32\hp100.tmp (tanto en el log como en el disco duro). Bueno, esperamos los reportes de los antivirus. Saludos Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Invasión de Malware S.O.S.!!! | signi | Foro de Virus y Spywares | 12 | 12/04/07 20:27:54 |
| Spware - spyaxe | palomadrag | Foro de Virus y Spywares | 3 | 17/12/05 11:50:02 |
| RazeSpyware y otros malware que no puedo eliminar | chayalar | Foro Oficial de HijackThis en español | 1 | 11/10/05 10:57:28 |
| La tendencia del Malware en el 2005 | Admin | Últimas Noticias | 0 | 11/02/05 12:21:32 |
| S.O.S. molesta página de inicio, se lentea mi pc, un virus? (solucionado) | ixilion | Temas Solucionados | 4 | 03/02/05 13:05:55 |
Todas las horas son GMT -4. La hora es 06:44:26.
