• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Virus zaberg

    HOLA A TODOS EL PROBLEMA ESTA EN QUE MI PC ESTA INFECTADA POR EL VIRUS LLAMADO ZABERG YA DESCARGUE EL PROGRAMA DDS.PIF Y EL OTM PERO NO SE QUE PARTE DEL CODIGO PONER SI ALGUIEN ...

    1. #1
      Usuario Avatar de skytrol
      Registrado
      sep 2012
      Ubicación
      tlaquepaque, jalisco
      Mensajes
      1

      Virus zaberg

      HOLA A TODOS EL PROBLEMA ESTA EN QUE MI PC ESTA INFECTADA POR EL VIRUS LLAMADO ZABERG YA DESCARGUE EL PROGRAMA DDS.PIF Y EL OTM PERO NO SE QUE PARTE DEL CODIGO PONER SI ALGUIEN ME PUEDE AYUDAR EN VERDAD LO AGRADECERIA GRACIAS ESTE ES MI CODIGO


      .
      DDS (Ver_2011-08-26.01) - NTFSx86
      Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
      Run by mariela at 23:48:08 on 2012-09-05
      Microsoft Windows 7 Ultimate 6.1.7600.0.1252.52.3082.18.2037.1222 [GMT -5:00]
      .
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
      C:\Windows\System32\igfxtray.exe
      C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Sony\ISB Utility\ISBMgr.exe
      C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
      C:\Program Files\Ralink\Common\RaRegistry.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Sony\SmartWi Connection Utility\CCP.exe
      C:\Program Files\Iminent\IMBooster\IMBooster.exe
      C:\Program Files\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Common Files\Sony Shared\SOHLib\SHTtray.exe
      C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
      C:\Windows\system32\DllHost.exe
      C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
      C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
      C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
      C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\svchost.exe -k bthsvcs
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Users\mariela\AppData\Roaming\ScreenSaver.scr
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Program Files\Sony\VAIO Care\VCsystray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Ralink\Common\RaUI.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
      C:\Program Files\Sony\SmartWi Connection Utility\PowerManager.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\system32\conhost.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://search.iminent.com/?appId=14e3a89f-50f5-4d1a-8bf5-1feef249f705&ref=homepage
      uDefault_Page_URL = hxxp://sony.msn.com
      uInternet Settings,ProxyOverride = *.local
      uURLSearchHooks: H - No File
      uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll
      BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
      BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
      BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
      BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\imbooster4web\Iminent.WebBooster.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
      BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1399.0\npwinext.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      TB: @c:\program files\msn toolbar\platform\5.0.1399.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1399.0\npwinext.dll
      TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
      uRun: [Bwhahb] c:\users\mariela\appdata\roaming\Bwhahb.scr
      uRun: [zaber0] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
      uRun: [DAT9C5E.tmp.exe] c:\users\mariela\appdata\local\temp\DAT9C5E.tmp.exe
      uRun: [Remote Shell Manager] c:\users\mariela\appdata\roaming\recycler\logon.exe
      uRun: [Windows Protect Manager] c:\users\mariela\appdata\roaming\new.bin.scr
      uRun: [Rvhahr] c:\users\mariela\appdata\roaming\Rvhahr.scr
      uRun: [Microsoft Access Starter] c:\users\mariela\appdata\roaming\adobe\WinManager.exe
      uRun: [Windows System Cleaner 2012] c:\users\mariela\appdata\roaming\ScreenSaver.scr
      mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
      mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
      mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
      mRun: [Persistence] c:\windows\system32\igfxpers.exe
      mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
      mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
      mRun: [SmartWiHelper] "c:\program files\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
      mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
      mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
      mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
      mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
      mRun: [IMBooster] c:\program files\iminent\imbooster\imbooster.exe /warmup
      mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
      mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
      mRun: [SHTtray.exe] c:\program files\common files\sony shared\sohlib\SHTtray.exe
      StartupFolder: c:\users\mariela\appdata\roaming\micros~1\windows\startm~1\programs\startup\accuwe~1.lnk - c:\program files\accuweather.com cirrus\AccuWeather.com Cirrus.exe
      StartupFolder: c:\users\mariela\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
      StartupFolder: c:\users\mariela\appdata\roaming\microsoft\windows\start menu\programs\startup\ScreenSaver.scr
      StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
      StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
      mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
      mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
      mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
      IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
      IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
      IE: Enviar página al dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
      IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
      TCP: Interfaces\{6FA1BC92-3B8F-44FA-9B1C-F902E5B752CC}\94E46494E4944555D403367356 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{6FA1BC92-3B8F-44FA-9B1C-F902E5B752CC}\94E46494E4944555D423565693 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{6FA1BC92-3B8F-44FA-9B1C-F902E5B752CC}\94E46494E4944555D483937343 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{76BC762A-605E-421D-A4C1-273057315E1C}\94E46494E4944555D483937343 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{7FC82F51-6171-4E55-85E8-02BF519F138A}\94E46494E4944555D403367356 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{7FC82F51-6171-4E55-85E8-02BF519F138A}\94E46494E4944555D426937316 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{7FC82F51-6171-4E55-85E8-02BF519F138A}\94E46494E4944555D483937343 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{88D715B3-E57B-45CB-A9FB-068AEDA35A51} : DhcpNameServer = 192.168.111.4
      TCP: Interfaces\{894C02A2-24DE-41DA-9105-225A66F31660} : DhcpNameServer = 10.233.21.4 10.233.20.4
      TCP: Interfaces\{9D9A80E6-20F5-4EAD-95E7-BB05DCEF4DFC} : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{9D9A80E6-20F5-4EAD-95E7-BB05DCEF4DFC}\94E46494E4944555D423565693 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{A566699A-E78A-4EB7-BD33-554D744DB989} : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{A566699A-E78A-4EB7-BD33-554D744DB989}\44C494E4B4D25554E44554 : DhcpNameServer = 192.168.0.1
      TCP: Interfaces\{A566699A-E78A-4EB7-BD33-554D744DB989}\46C696E6B6 : DhcpNameServer = 192.168.0.1
      TCP: Interfaces\{A566699A-E78A-4EB7-BD33-554D744DB989}\94E46494E4944555D456334623 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{F6ADEDB0-F6A6-467F-AC87-1571B0741824} : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{F6ADEDB0-F6A6-467F-AC87-1571B0741824}\94E46494E4944555D403367356 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{F6ADEDB0-F6A6-467F-AC87-1571B0741824}\94E46494E4944555D423565693 : DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{F6ADEDB0-F6A6-467F-AC87-1571B0741824}\94E46494E4944555D483937343 : DhcpNameServer = 192.168.1.254
      Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
      Notify: igfxcui - igfxdev.dll
      Notify: VESWinlogon - VESWinlogon.dll
      SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - c:\users\mariela\appdata\roaming\mozilla\firefox\profiles\sx4i4l4t.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=14e3a89f-50f5-4d1a-8bf5-1feef249f705&lcid=2058&ref=homepage
      FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30247&client_id=58b2c4335fb8e618387528d8&camp_id=3555&install_time=2012-05-30T03:03:28Z&pr=auto&tb_version=1.0.17000(G)&q=
      FF - prefs.js: network.proxy.type - 0
      FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
      FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
      FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
      FF - plugin: c:\program files\msn toolbar\platform\5.0.1399.0\npwinext.dll
      FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
      FF - plugin: c:\users\mariela\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      .
      =============== Created Last 30 ================
      .
      2012-09-06 03:32:00 -------- d-----w- c:\users\mariela\appdata\local\{FA4D1791-182C-45AE-A33D-A226B131DCB7}
      2012-08-23 02:39:54 -------- d-----w- c:\program files\CCleaner
      2012-08-23 02:27:51 -------- d-----w- c:\users\mariela\appdata\local\{0D3B0D31-2147-47BB-9563-1A0F8080CE84}
      2012-08-23 02:19:56 -------- d-----w- c:\program files\Windows Journal
      2012-08-23 02:19:53 -------- d-----w- c:\windows\ehome
      2012-08-23 02:19:52 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
      2012-08-23 02:19:52 -------- d-----w- c:\windows\RemotePackages
      2012-08-23 00:48:41 -------- d-----w- c:\users\mariela\appdata\local\{4BAB36F5-B8F9-4AD0-816F-534ECE95A3CA}
      2012-08-23 00:42:30 -------- d-----w- c:\users\mariela\appdata\local\{BD26CBA7-2226-4883-820C-5F58366F79F1}
      2012-08-19 20:46:17 -------- d-----w- c:\users\mariela\appdata\local\{5AEC98D9-7BF1-43A6-8C77-8D375E88CF8F}
      2012-08-16 02:01:41 -------- d-----w- c:\users\mariela\appdata\local\{0C052EB6-A733-4A62-B6F7-A5D8B34DB15D}
      2012-08-15 18:52:03 -------- d-----w- c:\users\mariela\appdata\local\{6CBAA905-66F8-4CDE-AD80-427DD3E4666F}
      2012-08-13 23:57:56 -------- d-----w- c:\users\mariela\appdata\local\{8A4E988C-C59B-43CD-BD53-ED10CC59DA37}
      2012-08-13 23:27:58 29184 --sha-r- c:\users\mariela\appdata\roaming\microsoft\windows\start menu\programs\startup\ScreenSaver.scr
      2012-08-13 23:27:58 29184 --sh--r- c:\users\mariela\appdata\roaming\ScreenSaver.scr
      2012-08-13 23:27:54 -------- d-----w- c:\users\mariela\appdata\local\{8837ABA4-169A-4DB9-96F2-2459C81F4591}
      2012-08-13 23:26:57 -------- d-----w- c:\users\mariela\appdata\local\{C1DDE233-9317-4F0E-ADD0-0FFDD6FBF807}
      2012-08-13 20:18:30 -------- d-----w- c:\users\mariela\appdata\local\{9B2AB2EB-B838-4A32-95F1-56CA25485B98}
      2012-08-13 20:17:56 -------- d-----w- c:\users\mariela\appdata\local\{BC9D9C24-6D8B-4118-B324-A5ACF55E5BD5}
      2012-08-13 17:56:06 -------- d-----w- c:\users\mariela\appdata\local\{FB8D1011-778F-457F-94F7-7AFD4B4490B4}
      2012-08-13 17:55:36 -------- d-----w- c:\users\mariela\appdata\local\{76EF6399-7745-4697-8473-5F9FB0232341}
      2012-08-13 00:47:01 -------- d-----w- c:\users\mariela\appdata\local\{A88D6B77-28E2-4F4C-9CB5-303E51A7ECC8}
      2012-08-13 00:46:24 -------- d-----w- c:\users\mariela\appdata\local\{473EDF47-4A0D-465A-8A0F-9448E2243401}
      2012-08-12 18:32:52 -------- d-----w- c:\users\mariela\appdata\local\{D6475677-7905-4C70-8E0A-F6A8876743E6}
      2012-08-12 18:32:32 -------- d-----w- c:\users\mariela\appdata\local\{7404AE35-7EF7-40F7-BF2D-9A3EEEE1976E}
      2012-08-12 16:18:05 -------- d-----w- c:\users\mariela\appdata\local\{DECF7F5B-4184-4503-ABC5-8E755CE8C42C}
      2012-08-12 16:17:32 -------- d-----w- c:\users\mariela\appdata\local\{C4DFDC69-2E63-4DD8-B36C-6F32429FA9AD}
      2012-08-10 16:58:11 -------- d-----w- c:\users\mariela\appdata\local\{78158CBB-F11C-431A-9794-7FF7FF2FF8F8}
      2012-08-10 16:57:45 -------- d-----w- c:\users\mariela\appdata\local\{F8C87776-DB83-475B-BA79-0CBB11769C76}
      2012-08-10 0440 -------- d-----w- c:\users\mariela\appdata\local\{5429584C-C6A7-451A-A6D8-BCF92713E353}
      2012-08-10 04:02:22 -------- d-----w- c:\users\mariela\appdata\local\{9F60BA56-2CF4-4591-8C67-2E0241B6936D}
      2012-08-10 04:01:32 -------- d-----w- c:\users\mariela\appdata\local\{DB864987-10D0-4559-BDED-4B99BEBECBBA}
      2012-08-10 02:17:57 -------- d-----w- c:\users\mariela\appdata\local\{156F959F-7F4D-4684-81CF-52578449CDD7}
      2012-08-10 02:17:37 -------- d-----w- c:\users\mariela\appdata\local\{AB59709F-14A4-4B76-BA72-F862B331323E}
      2012-08-10 01:54:19 -------- d-----w- c:\users\mariela\appdata\local\{D1DEA10D-AC6A-491D-B8D7-57093B3143C9}
      2012-08-10 01:51:41 -------- d-----w- c:\users\mariela\appdata\local\{EDDA4418-32F9-4ADA-860E-21D33DA0E60F}
      2012-08-09 21:21:34 -------- d-----w- c:\users\mariela\appdata\local\{FA4EC2D4-9B10-4AB7-AB2E-04D330DD1297}
      2012-08-09 21:21:03 -------- d-----w- c:\users\mariela\appdata\local\{FEE03865-3482-4CA2-AE17-6E0988F68E61}
      2012-08-09 16:24:50 -------- d-----w- c:\users\mariela\appdata\local\{8DEDE04C-EE67-48DA-9F07-10DA0249399A}
      2012-08-09 16:01:01 -------- d-----w- c:\users\mariela\appdata\local\{0493F5F9-4169-4421-A296-7A81A73ECF4B}
      2012-08-09 13:07:53 -------- d-----w- c:\users\mariela\appdata\local\{5BFECE1E-C7A4-42F1-BA8A-70C1EEE2C5A1}
      2012-08-09 03:28:24 -------- d-----w- c:\users\mariela\appdata\local\{0C8B8756-9C48-4690-897E-458118A72EA1}
      2012-08-08 18:47:31 -------- d-----w- c:\users\mariela\appdata\local\{79888B0F-B4A7-4113-9B7A-AB1995EB33B8}
      2012-08-08 14:14:08 -------- d-----w- c:\users\mariela\appdata\local\{0E991FB4-06DC-4E48-BF6C-2C217DEBEB3E}
      2012-08-08 12:25:49 -------- d-----w- c:\users\mariela\appdata\local\{12F7EA76-9959-483C-88C6-0F1A8C9392FC}
      2012-08-08 02:46:48 -------- d-----w- c:\users\mariela\appdata\local\{B7FCDAE3-2F66-4A3C-B965-10253F2E7ECC}
      2012-08-07 21:09:25 -------- d-----w- c:\users\mariela\appdata\local\{43A6E961-F334-43A8-9EC4-4412C481B7F1}
      2012-08-07 21:08:40 -------- d-----w- c:\users\mariela\appdata\local\{836D1259-DFD4-4591-A37D-62F03CB8966B}
      2012-08-07 16:19:35 -------- d-----w- c:\users\mariela\appdata\local\{A7A1FA09-AABA-4AD9-85E8-EDFB7D51E7C6}
      .
      ==================== Find3M ====================
      .
      2012-08-13 20:18:34 29696 ----a-w- c:\users\mariela\appdata\roaming\new.bin.scr
      2012-08-13 20:18:34 29696 ----a-w- c:\users\mariela\appdata\roaming\new.bin
      2012-08-06 13:26:47 175104 ----a-w- c:\users\mariela\appdata\roaming\Rvhahr.scr
      2012-08-04 04:47:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-08-04 04:47:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-07-26 21:15:53 38400 ----a-w- c:\users\mariela\appdata\roaming\winlogon.scr
      2012-06-09 01:30:06 126976 ----a-w- c:\users\mariela\appdata\roaming\Bwhahb.scr
      2012-06-09 01:30:05 126976 ----a-w- c:\users\mariela\appdata\roaming\E064.tmp
      .
      ============= FINISH: 23:52:09.75 ===============

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.638

      Re: Virus zaberg

      Hola skytrol



      Por favor, seguí este procedimiento:



      PASO 1

      Descargá estas herramientas a Tu escritorio, pero no ejecutes nada aún:


      º Glary Utilities. Lo instalas según Su manual.

      º Malwarebytes. Lo instalas y actualizas según su manual. Si ya lo tenes, solo debes actualizarlo.

      º ComboFix.exe




      PASO 2

      Ejecutá Malwarebytes
      • Hacé un "escaneo completo".
      • Una vez finalizado, si te detecta algo elegis "Quitar lo seleccionado" como lo indica Esta Imagen
      • Si te pide reiniciar, lo haces.





      PASO 3

      Ejecutá Glary Utilities
      • Presioná el Boton Mantenimiento un Clic
      • Presioná el Boton Ver Resultados y esperá a que termine.
      • Cuando termine, presionas el Boton Reparar Problemas.




      PASO 4

      Ejecutá ComboFix


      • Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus
      • Cerrá todas las ventanas abiertas.
      • Hacá doble clic en el archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generará un registro en C:\ComboFix.txt.




      Notas Importantes:

      • Mientras CF este trabajando, no debes mover el mouse ya que pararía su proceso.
      • ComboFix Puede Reiniciar automáticamente el PC para completar el proceso de eliminación.
      • Una vez Terminado el Trabajo de ComboFix, podes activar Tu antivirus.
      • No Pongas los Reportes Dentro de Etiquetas Code ni HTML.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.






      En tu próxima respuesta, debes poner lo siguiente:


      º El reporte de Malwarebytes -----> Pestaña Registro
      º El reporte de ComboFix -----> C:\ComboFix.txt
      º Como funciona tu pc ahora



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.