• Registrarse
  • Iniciar sesión


  • Página 1 de 3 123 ÚltimoÚltimo
    Resultados 1 al 10 de 26

    Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

    HOLA!!!!, MI NOD 32 DICE QUE: OPERATING MEMORY EXPLORER.EXE(1448) - A VARIANT OF WIN32/DORKBOT.B WORM - UNABLE TO CLEAN, YA TRATE CON TDSSKILLER Y MBAM Y NO DETECTAN NADA!!!, GRACIAS DE ANTEMANO!!!...

    1. #1
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      HOLA!!!!, MI NOD 32 DICE QUE: OPERATING MEMORY EXPLORER.EXE(1448) - A VARIANT OF WIN32/DORKBOT.B WORM - UNABLE TO CLEAN, YA TRATE CON TDSSKILLER Y MBAM Y NO DETECTAN NADA!!!, GRACIAS DE ANTEMANO!!!

    2. #2
      Ex-Colaborador Avatar de Gemsa_03
      Registrado
      feb 2012
      Ubicación
      Málaga-España
      Mensajes
      6.615

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Hola, voy a tratar de echarte una mano.
      Ejecuta de nuevo el TDSSKiller según su manual: Eliminar Rootkit.ZeroAccess - Sirefef (Mediashifting - Abnow), ejecutas tal y como explica la guía y luego de nuevo ejcuta un escáner con el Malwarebytes Antimalware/Actualizado.
      Es necesario que en tu próximo post, adjuntes los reportes de los 2.
      Un saludo.

    3. #3
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      HOLA!!!, ADJUNTO LOS REPORTES DE MBAM Y TDSSKILLER


      Malwarebytes Anti-Malware 1.65.0.1400
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.09.24.01

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      HP_Owner :: JESUS-ARMY [administrador]

      9/24/2012 7:24:24 AM
      mbam-log-2012-09-24 (07-24-24).txt

      Tipos de Análisis: Análisis Rápido
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 211520
      Tiempo transcurrido: 15 minuto(s), 51 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 1
      HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)



      07:20:17.0031 3812 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
      07:20:18.0812 3812 ============================================================
      07:20:18.0812 3812 Current date / time: 2012/09/24 07:20:18.0812
      07:20:18.0812 3812 SystemInfo:
      07:20:18.0812 3812
      07:20:18.0812 3812 OS Version: 5.1.2600 ServicePack: 3.0
      07:20:18.0812 3812 Product type: Workstation
      07:20:18.0812 3812 ComputerName: JESUS-ARMY
      07:20:18.0812 3812 UserName: HP_Owner
      07:20:18.0812 3812 Windows directory: C:\WINDOWS
      07:20:18.0812 3812 System windows directory: C:\WINDOWS
      07:20:18.0812 3812 Processor architecture: Intel x86
      07:20:18.0812 3812 Number of processors: 1
      07:20:18.0812 3812 Page size: 0x1000
      07:20:18.0812 3812 Boot type: Normal boot
      07:20:18.0812 3812 ============================================================
      07:20:20.0125 3812 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
      07:20:20.0296 3812 ============================================================
      07:20:20.0296 3812 \Device\Harddisk0\DR0:
      07:20:20.0296 3812 MBR partitions:
      07:20:20.0296 3812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF1931
      07:20:20.0296 3812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDF1970, BlocksNum 0x11C26DA0
      07:20:20.0296 3812 ============================================================
      07:20:20.0343 3812 C: <-> \Device\Harddisk0\DR0\Partition2
      07:20:20.0343 3812 D: <-> \Device\Harddisk0\DR0\Partition1
      07:20:20.0343 3812 ============================================================
      07:20:20.0343 3812 Initialize success
      07:20:20.0343 3812 ============================================================
      07:20:26.0875 2316 ============================================================
      07:20:26.0875 2316 Scan started
      07:20:26.0875 2316 Mode: Manual;
      07:20:26.0875 2316 ============================================================
      07:20:27.0781 2316 ================ Scan system memory ========================
      07:20:27.0781 2316 System memory - ok
      07:20:27.0781 2316 ================ Scan services =============================
      07:20:28.0203 2316 Abiosdsk - ok
      07:20:28.0234 2316 abp480n5 - ok
      07:20:28.0265 2316 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
      07:20:28.0296 2316 ACPI - ok
      07:20:28.0328 2316 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
      07:20:28.0328 2316 ACPIEC - ok
      07:20:28.0390 2316 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
      07:20:28.0406 2316 AdobeFlashPlayerUpdateSvc - ok
      07:20:28.0421 2316 adpu160m - ok
      07:20:28.0453 2316 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
      07:20:28.0468 2316 aec - ok
      07:20:28.0531 2316 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
      07:20:28.0531 2316 AFD - ok
      07:20:28.0640 2316 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
      07:20:28.0718 2316 AgereSoftModem - ok
      07:20:28.0750 2316 Aha154x - ok
      07:20:28.0765 2316 aic78u2 - ok
      07:20:28.0781 2316 aic78xx - ok
      07:20:28.0890 2316 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
      07:20:29.0046 2316 ALCXWDM - ok
      07:20:29.0078 2316 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
      07:20:29.0078 2316 Alerter - ok
      07:20:29.0093 2316 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
      07:20:29.0093 2316 ALG - ok
      07:20:29.0109 2316 AliIde - ok
      07:20:29.0125 2316 amsint - ok
      07:20:29.0140 2316 AppMgmt - ok
      07:20:29.0171 2316 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
      07:20:29.0171 2316 Arp1394 - ok
      07:20:29.0187 2316 asc - ok
      07:20:29.0187 2316 asc3350p - ok
      07:20:29.0218 2316 asc3550 - ok
      07:20:29.0312 2316 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
      07:20:29.0312 2316 aspnet_state - ok
      07:20:29.0359 2316 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      07:20:29.0375 2316 AsyncMac - ok
      07:20:29.0390 2316 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
      07:20:29.0406 2316 atapi - ok
      07:20:29.0421 2316 Atdisk - ok
      07:20:29.0453 2316 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      07:20:29.0453 2316 Atmarpc - ok
      07:20:29.0484 2316 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
      07:20:29.0484 2316 AudioSrv - ok
      07:20:29.0515 2316 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
      07:20:29.0515 2316 audstub - ok
      07:20:29.0546 2316 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
      07:20:29.0578 2316 Beep - ok
      07:20:29.0609 2316 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
      07:20:29.0640 2316 BITS - ok
      07:20:29.0671 2316 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
      07:20:29.0671 2316 Browser - ok
      07:20:29.0718 2316 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
      07:20:29.0718 2316 cbidf2k - ok
      07:20:29.0734 2316 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
      07:20:29.0750 2316 CCDECODE - ok
      07:20:29.0750 2316 cd20xrnt - ok
      07:20:29.0796 2316 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
      07:20:29.0796 2316 Cdaudio - ok
      07:20:29.0859 2316 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
      07:20:29.0859 2316 Cdfs - ok
      07:20:29.0906 2316 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\20120608001326.cdrom.sys
      07:20:29.0906 2316 Cdrom - ok
      07:20:29.0921 2316 Changer - ok
      07:20:29.0953 2316 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
      07:20:29.0953 2316 CiSvc - ok
      07:20:29.0968 2316 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
      07:20:29.0968 2316 ClipSrv - ok
      07:20:30.0031 2316 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      07:20:30.0031 2316 clr_optimization_v2.0.50727_32 - ok
      07:20:30.0078 2316 CmdIde - ok
      07:20:30.0140 2316 COMSysApp - ok
      07:20:30.0265 2316 Cpqarray - ok
      07:20:30.0312 2316 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
      07:20:30.0312 2316 CryptSvc - ok
      07:20:30.0359 2316 dac2w2k - ok
      07:20:30.0421 2316 dac960nt - ok
      07:20:30.0515 2316 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
      07:20:30.0531 2316 DcomLaunch - ok
      07:20:30.0609 2316 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
      07:20:30.0609 2316 Dhcp - ok
      07:20:30.0640 2316 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
      07:20:30.0640 2316 Disk - ok
      07:20:30.0703 2316 dmadmin - ok
      07:20:30.0765 2316 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
      07:20:30.0796 2316 dmboot - ok
      07:20:30.0859 2316 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
      07:20:30.0859 2316 dmio - ok
      07:20:30.0890 2316 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
      07:20:30.0890 2316 dmload - ok
      07:20:30.0921 2316 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
      07:20:30.0921 2316 dmserver - ok
      07:20:30.0953 2316 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
      07:20:30.0953 2316 DMusic - ok
      07:20:31.0000 2316 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
      07:20:31.0000 2316 Dnscache - ok
      07:20:31.0062 2316 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
      07:20:31.0062 2316 Dot3svc - ok
      07:20:31.0078 2316 dpti2o - ok
      07:20:31.0093 2316 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
      07:20:31.0109 2316 drmkaud - ok
      07:20:31.0156 2316 [ 9309C5C9831203436E64CF2AE605C5D7 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
      07:20:31.0171 2316 eamon - ok
      07:20:31.0203 2316 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
      07:20:31.0203 2316 EapHost - ok
      07:20:31.0250 2316 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
      07:20:31.0250 2316 ehdrv - ok
      07:20:31.0375 2316 [ F0EEBAC2F362AA866188A1C0EF819CB9 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      07:20:31.0390 2316 ekrn - ok
      07:20:31.0453 2316 [ 06C65AC0A703CF8EEA4F284D901A1550 ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
      07:20:31.0453 2316 epfwtdir - ok
      07:20:31.0484 2316 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
      07:20:31.0484 2316 ERSvc - ok
      07:20:31.0515 2316 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
      07:20:31.0531 2316 Eventlog - ok
      07:20:31.0593 2316 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
      07:20:31.0593 2316 EventSystem - ok
      07:20:31.0640 2316 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
      07:20:31.0640 2316 Fastfat - ok
      07:20:31.0656 2316 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
      07:20:31.0671 2316 fasttx2k - ok
      07:20:31.0812 2316 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
      07:20:31.0812 2316 FastUserSwitchingCompatibility - ok
      07:20:31.0843 2316 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
      07:20:31.0843 2316 Fax - ok
      07:20:31.0875 2316 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
      07:20:31.0875 2316 Fdc - ok
      07:20:31.0906 2316 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
      07:20:31.0906 2316 Fips - ok
      07:20:31.0937 2316 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
      07:20:31.0953 2316 Flpydisk - ok
      07:20:31.0984 2316 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
      07:20:31.0984 2316 FltMgr - ok
      07:20:32.0046 2316 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      07:20:32.0046 2316 FontCache3.0.0.0 - ok
      07:20:32.0078 2316 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
      07:20:32.0078 2316 Fs_Rec - ok
      07:20:32.0109 2316 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      07:20:32.0109 2316 Ftdisk - ok
      07:20:32.0156 2316 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
      07:20:32.0156 2316 Gpc - ok
      07:20:32.0234 2316 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
      07:20:32.0234 2316 gupdate - ok
      07:20:32.0250 2316 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
      07:20:32.0250 2316 gupdatem - ok
      07:20:32.0296 2316 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
      07:20:32.0296 2316 helpsvc - ok
      07:20:32.0343 2316 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
      07:20:32.0343 2316 HidServ - ok
      07:20:32.0390 2316 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
      07:20:32.0390 2316 HidUsb - ok
      07:20:32.0437 2316 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
      07:20:32.0437 2316 hkmsvc - ok
      07:20:32.0468 2316 hpn - ok
      07:20:32.0515 2316 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
      07:20:32.0515 2316 HPZid412 - ok
      07:20:32.0546 2316 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
      07:20:32.0546 2316 HPZipr12 - ok
      07:20:32.0578 2316 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
      07:20:32.0578 2316 HPZius12 - ok
      07:20:32.0625 2316 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
      07:20:32.0656 2316 HTTP - ok
      07:20:32.0671 2316 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
      07:20:32.0687 2316 HTTPFilter - ok
      07:20:32.0718 2316 i2omgmt - ok
      07:20:32.0734 2316 i2omp - ok
      07:20:32.0765 2316 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      07:20:32.0765 2316 i8042prt - ok
      07:20:32.0812 2316 [ 737DA0BE27652C4482AC5CDE099BFCE9 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
      07:20:32.0890 2316 ialm - ok
      07:20:32.0937 2316 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      07:20:32.0937 2316 IDriverT - ok
      07:20:33.0031 2316 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
      07:20:33.0062 2316 idsvc - ok
      07:20:33.0093 2316 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
      07:20:33.0093 2316 Imapi - ok
      07:20:33.0125 2316 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
      07:20:33.0125 2316 ImapiService - ok
      07:20:33.0171 2316 ini910u - ok
      07:20:33.0187 2316 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
      07:20:33.0187 2316 IntelIde - ok
      07:20:33.0218 2316 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
      07:20:33.0218 2316 intelppm - ok
      07:20:33.0250 2316 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
      07:20:33.0250 2316 Ip6Fw - ok
      07:20:33.0281 2316 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      07:20:33.0281 2316 IpFilterDriver - ok
      07:20:33.0296 2316 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
      07:20:33.0296 2316 IpInIp - ok
      07:20:33.0359 2316 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
      07:20:33.0359 2316 IpNat - ok
      07:20:33.0390 2316 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
      07:20:33.0406 2316 IPSec - ok
      07:20:33.0468 2316 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
      07:20:33.0484 2316 IRENUM - ok
      07:20:33.0578 2316 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
      07:20:33.0578 2316 isapnp - ok
      07:20:33.0703 2316 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
      07:20:33.0703 2316 JavaQuickStarterService - ok
      07:20:33.0734 2316 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      07:20:33.0734 2316 Kbdclass - ok
      07:20:33.0750 2316 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
      07:20:33.0765 2316 kbdhid - ok
      07:20:33.0796 2316 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
      07:20:33.0796 2316 kmixer - ok
      07:20:33.0843 2316 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
      07:20:33.0859 2316 KSecDD - ok
      07:20:33.0890 2316 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
      07:20:33.0890 2316 lanmanserver - ok
      07:20:33.0953 2316 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
      07:20:33.0953 2316 lanmanworkstation - ok
      07:20:33.0968 2316 lbrtfdc - ok
      07:20:34.0046 2316 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      07:20:34.0046 2316 LightScribeService - ok
      07:20:34.0078 2316 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
      07:20:34.0093 2316 LmHosts - ok
      07:20:34.0093 2316 MaxBackServiceInt - ok
      07:20:34.0187 2316 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      07:20:34.0187 2316 MDM - ok
      07:20:34.0250 2316 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
      07:20:34.0250 2316 Messenger - ok
      07:20:34.0312 2316 Microsoft SharePoint Workspace Audit Service - ok
      07:20:34.0375 2316 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
      07:20:34.0375 2316 mnmdd - ok
      07:20:34.0437 2316 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
      07:20:34.0437 2316 mnmsrvc - ok
      07:20:34.0500 2316 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
      07:20:34.0500 2316 Modem - ok
      07:20:34.0578 2316 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
      07:20:34.0578 2316 motmodem - ok
      07:20:34.0593 2316 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
      07:20:34.0593 2316 Mouclass - ok
      07:20:34.0687 2316 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
      07:20:34.0687 2316 mouhid - ok
      07:20:34.0718 2316 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
      07:20:34.0718 2316 MountMgr - ok
      07:20:34.0718 2316 mraid35x - ok
      07:20:34.0796 2316 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      07:20:34.0812 2316 MRxDAV - ok
      07:20:34.0890 2316 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      07:20:34.0906 2316 MRxSmb - ok
      07:20:34.0937 2316 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
      07:20:34.0937 2316 MSDTC - ok
      07:20:34.0968 2316 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
      07:20:34.0968 2316 Msfs - ok
      07:20:34.0984 2316 MSIServer - ok
      07:20:35.0000 2316 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
      07:20:35.0000 2316 MSKSSRV - ok
      07:20:35.0046 2316 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      07:20:35.0062 2316 MSPCLOCK - ok
      07:20:35.0078 2316 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
      07:20:35.0078 2316 MSPQM - ok
      07:20:35.0125 2316 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      07:20:35.0125 2316 mssmbios - ok
      07:20:35.0156 2316 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
      07:20:35.0156 2316 MSTEE - ok
      07:20:35.0218 2316 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
      07:20:35.0234 2316 Mup - ok
      07:20:35.0265 2316 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
      07:20:35.0265 2316 MXOPSWD - ok
      07:20:35.0328 2316 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
      07:20:35.0328 2316 NABTSFEC - ok
      07:20:35.0390 2316 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
      07:20:35.0390 2316 napagent - ok
      07:20:35.0437 2316 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
      07:20:35.0453 2316 NDIS - ok
      07:20:35.0468 2316 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
      07:20:35.0484 2316 NdisIP - ok
      07:20:35.0500 2316 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      07:20:35.0515 2316 NdisTapi - ok
      07:20:35.0531 2316 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      07:20:35.0531 2316 Ndisuio - ok
      07:20:35.0578 2316 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      07:20:35.0578 2316 NdisWan - ok
      07:20:35.0625 2316 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
      07:20:35.0625 2316 NDProxy - ok
      07:20:35.0687 2316 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
      07:20:35.0687 2316 NetBIOS - ok
      07:20:35.0750 2316 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
      07:20:35.0765 2316 NetBT - ok
      07:20:35.0828 2316 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
      07:20:35.0859 2316 NetDDE - ok
      07:20:35.0859 2316 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
      07:20:35.0875 2316 NetDDEdsdm - ok
      07:20:35.0890 2316 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
      07:20:35.0890 2316 Netlogon - ok
      07:20:35.0921 2316 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
      07:20:35.0921 2316 Netman - ok
      07:20:35.0968 2316 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
      07:20:35.0984 2316 NetTcpPortSharing - ok
      07:20:36.0015 2316 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
      07:20:36.0015 2316 NIC1394 - ok
      07:20:36.0046 2316 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
      07:20:36.0046 2316 Nla - ok
      07:20:36.0109 2316 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
      07:20:36.0109 2316 Npfs - ok
      07:20:36.0156 2316 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
      07:20:36.0187 2316 Ntfs - ok
      07:20:36.0218 2316 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
      07:20:36.0234 2316 NtLmSsp - ok
      07:20:36.0296 2316 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
      07:20:36.0312 2316 NtmsSvc - ok
      07:20:36.0343 2316 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
      07:20:36.0343 2316 Null - ok
      07:20:36.0375 2316 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      07:20:36.0375 2316 NwlnkFlt - ok
      07:20:36.0406 2316 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      07:20:36.0406 2316 NwlnkFwd - ok
      07:20:36.0437 2316 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
      07:20:36.0437 2316 ohci1394 - ok
      07:20:36.0500 2316 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      07:20:36.0500 2316 ose - ok
      07:20:36.0734 2316 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      07:20:36.0828 2316 osppsvc - ok
      07:20:36.0890 2316 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
      07:20:36.0890 2316 Parport - ok
      07:20:36.0921 2316 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
      07:20:36.0921 2316 PartMgr - ok
      07:20:36.0953 2316 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
      07:20:36.0953 2316 ParVdm - ok
      07:20:37.0015 2316 [ 505CBA425DF3BB230F244E1C23221058 ] PcdrNdisuio C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
      07:20:37.0015 2316 PcdrNdisuio - ok
      07:20:37.0031 2316 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
      07:20:37.0046 2316 PCI - ok
      07:20:37.0062 2316 PCIDump - ok
      07:20:37.0093 2316 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
      07:20:37.0093 2316 PCIIde - ok
      07:20:37.0109 2316 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
      07:20:37.0125 2316 Pcmcia - ok
      07:20:37.0140 2316 PDCOMP - ok
      07:20:37.0156 2316 PDFRAME - ok
      07:20:37.0171 2316 PDRELI - ok
      07:20:37.0203 2316 PDRFRAME - ok
      07:20:37.0218 2316 perc2 - ok
      07:20:37.0234 2316 perc2hib - ok
      07:20:37.0296 2316 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
      07:20:37.0312 2316 PlugPlay - ok
      07:20:37.0343 2316 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
      07:20:37.0343 2316 Pml Driver HPZ12 - ok
      07:20:37.0359 2316 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
      07:20:37.0359 2316 PolicyAgent - ok
      07:20:37.0406 2316 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
      07:20:37.0406 2316 PptpMiniport - ok
      07:20:37.0421 2316 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
      07:20:37.0421 2316 ProtectedStorage - ok
      07:20:37.0484 2316 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
      07:20:37.0484 2316 Ps2 - ok
      07:20:37.0546 2316 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
      07:20:37.0546 2316 PSched - ok
      07:20:37.0593 2316 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
      07:20:37.0593 2316 PSI_SVC_2 - ok
      07:20:37.0625 2316 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
      07:20:37.0625 2316 Ptilink - ok
      07:20:37.0671 2316 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
      07:20:37.0671 2316 PxHelp20 - ok
      07:20:37.0687 2316 ql1080 - ok
      07:20:37.0734 2316 Ql10wnt - ok
      07:20:37.0750 2316 ql12160 - ok
      07:20:37.0765 2316 ql1240 - ok
      07:20:37.0781 2316 ql1280 - ok
      07:20:37.0828 2316 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
      07:20:37.0828 2316 RasAcd - ok
      07:20:37.0859 2316 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
      07:20:37.0859 2316 RasAuto - ok
      07:20:37.0890 2316 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      07:20:37.0890 2316 Rasl2tp - ok
      07:20:37.0937 2316 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
      07:20:37.0968 2316 RasMan - ok
      07:20:37.0984 2316 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      07:20:37.0984 2316 RasPppoe - ok
      07:20:38.0031 2316 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
      07:20:38.0031 2316 Raspti - ok
      07:20:38.0062 2316 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
      07:20:38.0062 2316 Rdbss - ok
      07:20:38.0093 2316 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      07:20:38.0093 2316 RDPCDD - ok
      07:20:38.0140 2316 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
      07:20:38.0156 2316 RDPWD - ok
      07:20:38.0187 2316 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
      07:20:38.0203 2316 RDSessMgr - ok
      07:20:38.0234 2316 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
      07:20:38.0234 2316 redbook - ok
      07:20:38.0250 2316 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
      07:20:38.0250 2316 RemoteAccess - ok
      07:20:38.0296 2316 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
      07:20:38.0296 2316 RpcLocator - ok
      07:20:38.0328 2316 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
      07:20:38.0328 2316 RpcSs - ok
      07:20:38.0390 2316 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
      07:20:38.0406 2316 RSVP - ok
      07:20:38.0437 2316 [ 1A2A445E8968B2019E75E08F3A1344FC ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
      07:20:38.0437 2316 RTL8023xp - ok
      07:20:38.0453 2316 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
      07:20:38.0453 2316 rtl8139 - ok
      07:20:38.0515 2316 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
      07:20:38.0515 2316 SamSs - ok
      07:20:38.0531 2316 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
      07:20:38.0531 2316 SCardSvr - ok
      07:20:38.0593 2316 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
      07:20:38.0609 2316 Schedule - ok
      07:20:38.0656 2316 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
      07:20:38.0656 2316 Secdrv - ok
      07:20:38.0718 2316 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
      07:20:38.0718 2316 seclogon - ok
      07:20:38.0765 2316 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
      07:20:38.0765 2316 SENS - ok
      07:20:38.0796 2316 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
      07:20:38.0796 2316 Serenum - ok
      07:20:38.0843 2316 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
      07:20:38.0843 2316 Serial - ok
      07:20:38.0968 2316 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
      07:20:38.0968 2316 Sfloppy - ok
      07:20:39.0046 2316 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
      07:20:39.0062 2316 SharedAccess - ok
      07:20:39.0078 2316 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
      07:20:39.0093 2316 ShellHWDetection - ok
      07:20:39.0109 2316 Simbad - ok
      07:20:39.0140 2316 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
      07:20:39.0140 2316 SkypeUpdate - ok
      07:20:39.0187 2316 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
      07:20:39.0187 2316 SLIP - ok
      07:20:39.0203 2316 Sparrow - ok
      07:20:39.0234 2316 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
      07:20:39.0265 2316 splitter - ok
      07:20:39.0281 2316 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
      07:20:39.0281 2316 Spooler - ok
      07:20:39.0312 2316 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
      07:20:39.0312 2316 sr - ok
      07:20:39.0343 2316 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
      07:20:39.0359 2316 srservice - ok
      07:20:39.0390 2316 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
      07:20:39.0437 2316 Srv - ok
      07:20:39.0468 2316 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
      07:20:39.0468 2316 SSDPSRV - ok
      07:20:39.0546 2316 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
      07:20:39.0546 2316 stisvc - ok
      07:20:39.0578 2316 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
      07:20:39.0593 2316 streamip - ok
      07:20:39.0625 2316 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
      07:20:39.0625 2316 swenum - ok
      07:20:39.0656 2316 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
      07:20:39.0656 2316 swmidi - ok
      07:20:39.0671 2316 SwPrv - ok
      07:20:39.0703 2316 symc810 - ok
      07:20:39.0765 2316 symc8xx - ok
      07:20:39.0828 2316 sym_hi - ok
      07:20:39.0859 2316 sym_u3 - ok
      07:20:39.0937 2316 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
      07:20:39.0937 2316 sysaudio - ok
      07:20:40.0000 2316 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
      07:20:40.0000 2316 SysmonLog - ok
      07:20:40.0062 2316 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
      07:20:40.0062 2316 TapiSrv - ok
      07:20:40.0140 2316 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
      07:20:40.0156 2316 Tcpip - ok
      07:20:40.0187 2316 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
      07:20:40.0187 2316 TDPIPE - ok
      07:20:40.0218 2316 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
      07:20:40.0218 2316 TDTCP - ok
      07:20:40.0234 2316 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
      07:20:40.0250 2316 TermDD - ok
      07:20:40.0296 2316 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
      07:20:40.0312 2316 TermService - ok
      07:20:40.0359 2316 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
      07:20:40.0359 2316 Themes - ok
      07:20:40.0375 2316 TosIde - ok
      07:20:40.0390 2316 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
      07:20:40.0406 2316 TrkWks - ok
      07:20:40.0437 2316 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
      07:20:40.0437 2316 Udfs - ok
      07:20:40.0468 2316 ultra - ok
      07:20:40.0515 2316 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
      07:20:40.0562 2316 Update - ok
      07:20:40.0609 2316 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
      07:20:40.0625 2316 upnphost - ok
      07:20:40.0671 2316 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
      07:20:40.0671 2316 UPS - ok
      07:20:40.0703 2316 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
      07:20:40.0703 2316 usbaudio - ok
      07:20:40.0765 2316 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      07:20:40.0765 2316 usbccgp - ok
      07:20:40.0796 2316 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
      07:20:40.0796 2316 usbehci - ok
      07:20:40.0828 2316 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
      07:20:40.0828 2316 usbhub - ok
      07:20:40.0906 2316 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
      07:20:40.0906 2316 usbprint - ok
      07:20:40.0921 2316 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
      07:20:40.0921 2316 usbscan - ok
      07:20:40.0984 2316 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      07:20:41.0000 2316 USBSTOR - ok
      07:20:41.0031 2316 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      07:20:41.0031 2316 usbuhci - ok
      07:20:41.0093 2316 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
      07:20:41.0093 2316 usbvideo - ok
      07:20:41.0109 2316 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
      07:20:41.0109 2316 VgaSave - ok
      07:20:41.0140 2316 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
      07:20:41.0140 2316 ViaIde - ok
      07:20:41.0187 2316 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
      07:20:41.0187 2316 VolSnap - ok
      07:20:41.0250 2316 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
      07:20:41.0250 2316 VSS - ok
      07:20:41.0312 2316 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
      07:20:41.0312 2316 W32Time - ok
      07:20:41.0406 2316 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
      07:20:41.0421 2316 Wanarp - ok
      07:20:41.0468 2316 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
      07:20:41.0484 2316 Wdf01000 - ok
      07:20:41.0500 2316 WDICA - ok
      07:20:41.0546 2316 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
      07:20:41.0546 2316 wdmaud - ok
      07:20:41.0578 2316 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
      07:20:41.0578 2316 WebClient - ok
      07:20:41.0640 2316 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
      07:20:41.0640 2316 winmgmt - ok
      07:20:41.0734 2316 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
      07:20:41.0734 2316 WmdmPmSN - ok
      07:20:41.0906 2316 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
      07:20:41.0921 2316 WmiApSrv - ok
      07:20:41.0968 2316 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
      07:20:42.0000 2316 WMPNetworkSvc - ok
      07:20:42.0078 2316 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
      07:20:42.0078 2316 WSTCODEC - ok
      07:20:42.0109 2316 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
      07:20:42.0109 2316 wuauserv - ok
      07:20:42.0156 2316 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      07:20:42.0156 2316 WudfPf - ok
      07:20:42.0187 2316 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
      07:20:42.0187 2316 WudfSvc - ok
      07:20:42.0265 2316 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
      07:20:42.0281 2316 WZCSVC - ok
      07:20:42.0312 2316 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
      07:20:42.0359 2316 xmlprov - ok
      07:20:42.0375 2316 ================ Scan global ===============================
      07:20:42.0406 2316 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
      07:20:42.0484 2316 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
      07:20:42.0515 2316 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
      07:20:42.0546 2316 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
      07:20:42.0546 2316 [Global] - ok
      07:20:42.0546 2316 ================ Scan MBR ==================================
      07:20:42.0562 2316 [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0
      07:20:43.0578 2316 \Device\Harddisk0\DR0 - ok
      07:20:43.0578 2316 ================ Scan VBR ==================================
      07:20:43.0593 2316 [ 0A584C9D4550EE81607CBB54F3EA330C ] \Device\Harddisk0\DR0\Partition1
      07:20:43.0593 2316 \Device\Harddisk0\DR0\Partition1 - ok
      07:20:43.0593 2316 [ A3EFD7C2E99E6C3655A726BD9B7B1650 ] \Device\Harddisk0\DR0\Partition2
      07:20:43.0609 2316 \Device\Harddisk0\DR0\Partition2 - ok
      07:20:43.0609 2316 ============================================================
      07:20:43.0609 2316 Scan finished
      07:20:43.0609 2316 ============================================================
      07:20:43.0671 2128 Detected object count: 0
      07:20:43.0671 2128 Actual detected object count: 0
      07:21:55.0468 3444 Deinitialize success

      AUNQUE MBAM ENCONTRO ALGO MI NOD 32 ME MANDA EL MENSAJE DE DOS INFECCIONES EN LA MEMORIA. GRACIAS!!!

    4. #4
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Hola chicos:


      JOHESA70


      Realiza lo siguiente:


      Paso 1.- Descargue UsbFix



      *Nota* Para ejecutar UsbFix.exe, siga estos pasos:

      • Inicie en Modo Seguro
      • Haga doble Click sobre USBFix
      • Seguido teclee la opción Supresión
      • Aparecerá una advertencia para que conecte sus Usb) (Dispositivos extraibles, Pendrive\Micro SD, etc.), pulse en Aceptar
      • Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
      • USBFix, genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt

      Nota: UsbFix creará una carpeta oculta llamada "$RECYCLE.BIN" "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones.

      Paso 2.- -En Modo Normal Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Si te pide actualizar "Aceptas".
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



      Nota Importante: Luego del primer reinicio que realiza el programa Combofix, realiza un reinicio mas.





      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      ESTE ES EL REPORTE DEL USBFIX:

      ############################## | UsbFix V 7.096 | [Research]

      User: HP_Owner (Administrator) # JESUS-ARMY
      Updated 15/08/2012 by El Desaparecido
      Started at 17:38:21 | 25/09/2012

      Website: http://eldesaparecido.com
      Forum: http://forum.eldesaparecido.com
      Suspicious file ? : http://eldesaparecido.com/upload.php
      Contact: [email protected]

      PC: HP Pavilion 061 (PX743AA-ABA a1110n) (X86-based PC) # Desktop Computer
      CPU: Intel(R) Celeron(R) CPU 3.06GHz (3067)
      RAM -> [Total : 2039 | Free : 1760]
      BIOS: Phoenix - Award BIOS v6.00PG
      BOOT: Fail-safe boot

      OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
      WB: Windows Internet Explorer 8.0.6001.18702

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      FW: Windows FireWall Service [Enabled]

      C:\ (%systemdrive%) -> Fixed drive # 142 Gb (87 Mb free - 61%) [HP_PAVILION] # NTFS
      D:\ -> Fixed drive # 7 Gb (1 Mb free - 18%) [HP_RECOVERY] # FAT32
      E:\ -> CD-ROM
      F:\ -> CD-ROM
      G:\ -> Removable drive # 2 Gb (445 Mb free - 23%) [JOAQUIN 1] # FAT
      L:\ -> Removable drive # 7 Gb (303 Mb free - 4%) [JOAQUIN 8G] # FAT32
      M:\ -> Fixed drive # 466 Gb (235 Mb free - 50%) [HITACHI] # FAT32
      N:\ -> Removable drive # 4 Gb (264 Mb free - 7%) [USB ROJA] # FAT32

      ################## | Active Processes |

      C:\WINDOWS\System32\smss.exe (132)
      C:\WINDOWS\system32\winlogon.exe (220)
      C:\WINDOWS\system32\services.exe (264)
      C:\WINDOWS\system32\lsass.exe (276)
      C:\WINDOWS\system32\svchost.exe (424)
      C:\WINDOWS\system32\svchost.exe (568)
      C:\WINDOWS\Explorer.EXE (780)
      C:\UsbFix\Go.exe (1180)
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (1272)

      ################## | Files # Infected Folders |

      Found ! C:\Documents and Settings\HP_Owner\Application Data\19.tmp
      Found ! C:\Documents and Settings\HP_Owner\Application Data\9.exe
      Found ! C:\Documents and Settings\HP_Owner\Application Data\A.exe
      Found ! C:\Documents and Settings\HP_Owner\Application Data\Wlemei.exe
      Found ! G:\Curso.de.Word.2010.Español.lnk
      Found ! G:\Curso.de.Accessl.2010.Español.lnk
      Found ! G:\Curso.de.Macros.con.Excel.Español.lnk
      Found ! G:\Curso.de.PowerPoint l.2010.Español.lnk
      Found ! M:\RECYCLER.lnk
      Found ! M:\familia.lnk
      Found ! M:\The Five Year Engagement.lnk
      Found ! M:\Dark Shadows.lnk
      Found ! M:\Descargas vuze.lnk
      Found ! M:\.Trashes.lnk
      Found ! M:\System Volume Information.lnk
      Found ! M:\Recycled.lnk
      Found ! M:\.fseventsd.lnk
      Found ! M:\.Spotlight-V100.lnk
      Found ! M:\Respaldo usb blanca.lnk
      Found ! M:\$RECYCLE.BIN.lnk
      Found ! M:\Michael Jackson This Is It.lnk
      Found ! M:\Paul McCartney.lnk
      Found ! M:\Snow White and the Huntsman.lnk
      Found ! M:\The Avengers.lnk
      Found ! M:\The Beatles.lnk
      Found ! M:\The Time Travelers Wife.lnk
      Found ! M:\Bridesmaids.lnk
      Found ! M:\How To Train Your Dragon.lnk
      Found ! M:\Red Lights.lnk
      Found ! M:\Alice in Wonderland.lnk
      Found ! M:\Freelancers.lnk
      Found ! M:\Ver-pelis.lnk
      Found ! M:\Fotos Abel 12-2011.lnk
      Found ! M:\New folder.lnk
      Found ! M:\Pictures.lnk
      Found ! M:\video - Copy.lnk
      Found ! M:\2010-04-05.lnk
      Found ! M:\2010-11-29.lnk
      Found ! M:\2012-01-15 Fotos Abel y videos.lnk
      Found ! M:\Camara.lnk
      Found ! M:\Pelis cristianas.lnk
      Found ! M:\Predicas Casa Torre Fuerte.lnk
      Found ! M:\Coins Catalogs.lnk
      Found ! M:\USB ROJA (F).lnk
      Found ! M:\Ingles.Sin.Barreras.1.al.6.lnk
      Found ! M:\Ingles.Sin.Barreras.7.al.12.lnk
      Found ! N:\Concierto J.A.R.lnk
      Found ! N:\Driver.Genius.Professional.11.0.0.1128+Crack+Serial[A4].lnk
      Found ! N:\drivers asus.lnk
      Found ! N:\EnhanceMySe7en Pro v2.8.1 + Crack[h33t][Gladrag_Manhunt].lnk
      Found ! G:\Recycler\desktop.ini
      Found ! G:\RECYCLER\e621ca05.exe
      Found ! L:\Recycler\desktop.ini
      Found ! L:\RECYCLER\e621ca05.exe
      Found ! M:\Recycler\desktop.ini
      Found ! M:\RECYCLER\e621ca05.exe
      Found ! N:\Recycler\desktop.ini
      Found ! N:\RECYCLER\e621ca05.exe

      ################## | Registry |

      Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wlemei

      ################## | Mountpoints2 |



      ################## | Vaccin |

      C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      L:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      M:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      N:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

      ################## | E.O.F |

      EL COMBO FIX NO PUDO DESINFECTAR MI PC, ESTE ES EL MENSAJE QUE ARROJA:

      YOU ARE INFECTED WITH ROOTKIT.ZEROACCES! IT HAS INSERTED ITSELF IN TO THE TCP/IP STACK. THIS IS A PARTICULARLY DIFFICULT INFECTION.

      IF FOR ANY REASON THAT YOU´RE UNABLE TO CONNECT TO THE INTERNET AFTER RUNNING COMBOFIX, REBOOT ONCE AND SEE IF THAT FIXES IT.
      IF IT´S NOT FIXED, RUN COMBOFIX ONE MORE TIME.

      REINICIE LA PC DOS VECES Y REPETI EL PROCEDIMIENTO, PERO NO PUEDE ELIMINAR COMBOFIX LA INFECCION!!!

      ME BLOQUEA EL ACCESO A INTERNET, NOD 32 ME DICE QUE EL VIRUS SE ALOJA EN EXPLORER.EXE!!!

      SALUDOS Y DE ANTEMANO GRACIAS!!!

    6. #6
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Hola :


      Has ejecutado mal USBfix, debes usar la opción Suprimir y tu usaste Buscar.


      Vuelve a correrlo y ejecutarlo tal los pasos que te deje anteriormente, ya que como tu lo corriste no te elimino todo lo que detecto y que fue bastante....


      Inicia tu ordenador en Modo Seguro pero con funciones de Red y ejecuta Combofix tal como se te indico anteriormente.


      salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      HOLA OTRA VEZ, SEGUI TUS INSTRUCCIONES Y YA ELIMINO LAS INFECCIONES USBFIX, TE PEGO EL REPORTE:


      ############################## | UsbFix V 7.096 | [Deletion]

      User: HP_Owner (Administrator) # JESUS-ARMY
      Updated 15/08/2012 by El Desaparecido
      Started at 15:26:18 | 26/09/2012

      Website: http://eldesaparecido.com
      Forum: http://forum.eldesaparecido.com
      Suspicious file ? : http://eldesaparecido.com/upload.php
      Contact: [email protected]

      PC: HP Pavilion 061 (PX743AA-ABA a1110n) (X86-based PC) # Desktop Computer
      CPU: Intel(R) Celeron(R) CPU 3.06GHz (3066)
      RAM -> [Total : 2039 | Free : 1754]
      BIOS: Phoenix - Award BIOS v6.00PG
      BOOT: Fail-safe with network boot

      OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
      WB: Windows Internet Explorer 8.0.6001.18702

      SC: Security Center Service [Enabled]
      WU: Windows Update Service [Enabled]
      FW: Windows FireWall Service [Enabled]

      C:\ (%systemdrive%) -> Fixed drive # 142 Gb (88 Mb free - 62%) [HP_PAVILION] # NTFS
      D:\ -> Fixed drive # 7 Gb (1 Mb free - 18%) [HP_RECOVERY] # FAT32
      E:\ -> CD-ROM
      F:\ -> CD-ROM
      G:\ -> Removable drive # 2 Gb (445 Mb free - 23%) [JOAQUIN 1] # FAT
      L:\ -> Removable drive # 7 Gb (303 Mb free - 4%) [JOAQUIN 8G] # FAT32
      M:\ -> Fixed drive # 466 Gb (234 Mb free - 50%) [HITACHI] # FAT32
      N:\ -> Removable drive # 4 Gb (264 Mb free - 7%) [USB ROJA] # FAT32
      O:\ -> Removable drive # 2 Gb (192 Mb free - 10%) [JOAQUIN] # FAT

      ################## | Active Processes |

      C:\WINDOWS\System32\smss.exe (360)
      C:\WINDOWS\system32\winlogon.exe (444)
      C:\WINDOWS\system32\services.exe (488)
      C:\WINDOWS\system32\lsass.exe (500)
      C:\WINDOWS\system32\svchost.exe (652)
      C:\WINDOWS\system32\svchost.exe (820)
      C:\WINDOWS\Explorer.EXE (1164)
      C:\UsbFix\Go.exe (1624)

      ################## | Stopped processes |

      Stopped! C:\WINDOWS\Explorer.EXE (1164)

      ################## | Files # Infected Folders |

      Deleted ! C:\Documents and Settings\HP_Owner\Application Data\4A.tmp
      Deleted ! C:\Documents and Settings\HP_Owner\Application Data\4B.exe
      Deleted ! C:\Documents and Settings\HP_Owner\Application Data\Wlemei.exe
      Deleted ! G:\Curso.de.Word.2010.Español.lnk
      Deleted ! G:\Curso.de.Accessl.2010.Español.lnk
      Deleted ! G:\Curso.de.Macros.con.Excel.Español.lnk
      Deleted ! G:\Curso.de.PowerPoint l.2010.Español.lnk
      Deleted ! C:\Recycler\S-1-5-21-3203083456-1318358853-1980352211-1009
      Deleted ! G:\Recycler\desktop.ini
      Deleted ! G:\RECYCLER\e621ca05.exe
      Deleted ! L:\Recycler\desktop.ini
      Deleted ! L:\RECYCLER\e621ca05.exe
      Deleted ! M:\Recycler\desktop.ini
      Deleted ! M:\RECYCLER\e621ca05.exe
      Deleted ! N:\Recycler\desktop.ini
      Deleted ! N:\RECYCLER\e621ca05.exe

      (!) Temporary files deleted.

      ################## | Registry |

      Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Wlemei

      ################## | Mountpoints2 |


      ################## | Listing |

      [30/03/2012 - 23:56:43 | D ] C:\AHCache
      [05/08/2012 - 15:18:56 | D ] C:\Archivos de programa
      [23/04/2012 - 20:36:16 | D ] C:\assembly
      [25/09/2012 - 17:35:59 | RASHD ] C:\Autorun.inf
      [15/12/2011 - 16:52:53 | N | 213] C:\BOOT.BAK
      [01/09/2012 - 09:31:08 | N | 281] C:\boot.ini
      [16/12/2011 - 07:40:01 | D ] C:\cmdcons
      [04/08/2004 - 05:00:00 | N | 260272] C:\cmldr
      [20/03/2012 - 21:41:19 | D ] C:\codec-info
      [25/09/2012 - 17:55:06 | D ] C:\ComboFix
      [24/09/2012 - 11:30:40 | D ] C:\Config.Msi
      [31/03/2012 - 00:12:31 | D ] C:\d0c8f6fd4df1b1cab4
      [15/12/2011 - 16:54:06 | D ] C:\Documents and Settings
      [15/12/2011 - 16:53:47 | D ] C:\hp
      [26/01/2005 - 21:53:38 | N | 0] C:\IO.SYS
      [26/01/2005 - 21:53:38 | N | 0] C:\MSDOS.SYS
      [20/06/2012 - 13:22:00 | RHD ] C:\MSOCache
      [04/08/2004 - 05:00:00 | N | 47564] C:\NTDETECT.COM
      [19/12/2011 - 17:38:28 | N | 250048] C:\ntldr
      [26/09/2012 - 15:24:31 | ASH | 3670016000] C:\pagefile.sys
      [24/09/2012 - 01:55:50 | D ] C:\Program Files
      [05/05/2005 - 23:28:36 | D ] C:\Python22
      [25/09/2012 - 16:24:46 | D ] C:\Qoobox
      [26/09/2012 - 15:30:59 | SHD ] C:\RECYCLER
      [15/12/2011 - 16:53:54 | D ] C:\sysprep
      [24/05/2012 - 18:47:51 | SHD ] C:\System Volume Information
      [05/05/2005 - 23:28:05 | D ] C:\system.sav
      [07/06/2012 - 20:16:09 | D ] C:\temp
      [26/09/2012 - 15:30:59 | D ] C:\UsbFix
      [26/09/2012 - 15:33:43 | A | 2747] C:\UsbFix.txt
      [25/09/2012 - 17:54:46 | D ] C:\WINDOWS
      [05/06/2012 - 21:52:05 | D ] C:\WinSetupFromUSB
      [24/04/2012 - 21:43:24 | N | 37360] C:\{80E835F9-C009-40CC-BF17-79E9C57316A3}
      [23/05/2012 - 20:52:27 | N | 27728] C:\{C505E24F-2A3F-4AD8-AB0C-D20B73F309B8}
      [28/07/2001 - 07:07:38 | N | 0] D:\AUTOEXEC.BAT
      [25/09/2012 - 17:36:02 | RASHD ] D:\Autorun.inf
      [21/04/2005 - 09:28:24 | N | 6] D:\BLOCK.RIN
      [09/01/2002 - 20:52:30 | N | 244] D:\BOOT.INI
      [17/08/2001 - 10:26:26 | N | 237728] D:\CMLDR
      [28/07/2001 - 07:07:38 | N | 0] D:\CONFIG.SYS
      [10/09/2002 - 00:14:14 | SH | 100] D:\Desktop.ini
      [22/11/2004 - 09:28:00 | N | 8130] D:\Folder.htt
      [30/04/2001 - 21:16:46 | N | 14] D:\Graph
      [25/01/2002 - 19:21:24 | N | 0] D:\GRAPH16
      [30/11/2004 - 05:01:50 | N | 73728] D:\Info.exe
      [28/07/2001 - 07:07:38 | N | 0] D:\IO.SYS
      [29/12/2011 - 21:03:46 | N | 946] D:\MASTER.LOG
      [28/07/2001 - 07:07:38 | N | 0] D:\MSDOS.SYS
      [25/07/2001 - 23:00:00 | N | 45124] D:\NTDETECT.COM
      [17/08/2001 - 16:32:24 | N | 0] D:\NTFS
      [25/07/2001 - 23:00:00 | N | 222880] D:\NTLDR
      [22/11/2004 - 09:28:30 | N | 181648] D:\protect.ed
      [27/01/2005 - 13:44:28 | N | 36] D:\SaveFile.Dir
      [30/04/2001 - 21:16:46 | N | 14] D:\SVGA
      [27/01/2005 - 22:24:54 | N | 18] D:\USER
      [08/02/2002 - 09:44:24 | N | 88038] D:\Warning.bmp
      [18/08/2001 - 16:00:00 | N | 10] D:\WIN51
      [22/01/2001 - 16:00:00 | N | 11] D:\WIN51.B2
      [25/07/2001 - 16:00:00 | N | 11] D:\WIN51.RC1
      [25/07/2001 - 21:47:04 | N | 11] D:\WIN51.RC2
      [18/08/2001 - 16:00:00 | N | 10] D:\WIN51IC
      [20/03/2001 - 16:00:00 | N | 11] D:\WIN51IC.B2
      [25/07/2001 - 16:00:00 | N | 11] D:\WIN51IC.RC1
      [25/07/2001 - 16:00:00 | N | 11] D:\WIN51IC.RC2
      [17/08/2001 - 16:00:00 | N | 10] D:\WIN51IP
      [22/01/2001 - 16:00:00 | N | 11] D:\WIN51IP.B2
      [25/07/2001 - 21:47:04 | N | 11] D:\WIN51IP.RC2
      [17/08/2001 - 14:17:02 | N | 184] D:\WINBOM.INI
      [05/05/2005 - 17:11:44 | D ] D:\cmdcons
      [05/05/2005 - 17:11:44 | D ] D:\hp
      [05/05/2005 - 17:11:44 | D ] D:\I386
      [05/05/2005 - 17:12:52 | D ] D:\MiniNT
      [05/05/2005 - 17:51:42 | SHD ] D:\PRELOAD
      [05/05/2005 - 17:11:44 | RD ] D:\RECOVERY
      [30/03/1999 - 18:17:54 | D ] D:\SYSTEM.SAV
      [05/05/2005 - 17:11:44 | D ] D:\TOOLS
      [05/05/2005 - 16:29:28 | SHD ] D:\System Volume Information
      [05/05/2005 - 17:50:04 | SHD ] D:\Recycled
      [29/12/2011 - 21:03:46 | RSH | 26] D:\RCBoot.sys
      [29/12/2011 - 22:30:32 | ASH | 22] D:\HPCD.sys
      [05/07/2012 - 16:34:58 | D ] G:\Windows XP CD Key Changer
      [06/07/2012 - 16:46:18 | D ] G:\Microsoft Office 2010
      [17/06/2012 - 23:00:30 | N | 2785177] G:\01-Completo-El Gran Conflicto.PDF.pdf
      [11/07/2012 - 20:09:30 | D ] G:\El camino a Cristo
      [02/03/2012 - 13:05:02 | D ] G:\Curso.de.Word.2010.Español
      [01/03/2012 - 15:35:58 | D ] G:\Curso.de.Accessl.2010.Español
      [24/07/2012 - 00:11:46 | D ] G:\Curso.de.Macros.con.Excel.Español
      [01/03/2012 - 15:22:08 | D ] G:\Curso.de.PowerPoint l.2010.Español
      [06/08/2012 - 23:53:24 | N | 153470] G:\Foto0310-crop.jpg
      [08/09/2012 - 12:14:34 | N | 638799360] G:\1.avi
      [25/09/2012 - 16:01:24 | HD ] G:\RECYCLER
      [25/09/2012 - 17:36:04 | RASHD ] G:\Autorun.inf
      [21/06/2012 - 20:40:44 | D ] L:\Archivos Joaquin
      [21/06/2012 - 20:49:50 | D ] L:\Fuentes Ministerio Jerusalen
      [21/06/2012 - 20:50:00 | D ] L:\Italiano
      [21/06/2012 - 20:50:02 | D ] L:\LETRAS CREED
      [21/06/2012 - 20:50:04 | D ] L:\Ministerio Jerusalen
      [21/06/2012 - 20:50:26 | D ] L:\Musica 70´s
      [21/06/2012 - 20:52:06 | D ] L:\Musica 80's
      [21/06/2012 - 20:55:10 | D ] L:\Musica 90´s
      [21/06/2012 - 21:15:00 | D ] L:\PPS-VARIOS
      [21/06/2012 - 21:15:50 | D ] L:\Vida Ministerio Cristiano
      [21/06/2012 - 21:16:04 | D ] L:\Videos Ballet
      [12/02/2012 - 12:41:34 | N | 313251] L:\APOLOGIA.docx
      [05/10/2011 - 01:11:32 | N | 43012] L:\ARDE.docx
      [04/03/2012 - 22:32:58 | N | 4454856] L:\BIBLIA NVI.pdf
      [12/02/2012 - 12:03:56 | N | 19390] L:\Biografia Eusebio de Cesarea.docx
      [21/09/2011 - 17:51:50 | N | 17011] L:\CHICO.docx
      [29/04/2012 - 23:32:08 | N | 67072] L:\CV- ULISES renovado.doc
      [20/06/2012 - 07:38:00 | N | 34858] L:\drive increaser 2 BY[ iVAN-.rar
      [23/03/2012 - 09:50:04 | N | 64512] L:\Estructura basica del ministerio de evangelismo.doc
      [20/06/2012 - 04:07:32 | N | 13541] L:\Office Professional 2010 MB8VG.docx
      [11/12/2011 - 01:24:32 | N | 179113] L:\PCDJ Local Database.xml
      [05/09/2011 - 08:33:58 | N | 3046350] L:\Sandillazo(1).wmv
      [01/10/2011 - 22:16:44 | N | 15102] L:\SHALOM SALAAM.docx
      [12/02/2012 - 13:09:44 | N | 21922] L:\Taller de evangelismo dinámico.docx
      [31/01/2012 - 00:44:04 | N | 689371] L:\TARJETA SOCORRO 1.jpg
      [22/03/2012 - 09:48:40 | N | 296] L:\WMPInfo.xml
      [03/11/2011 - 22:41:44 | N | 14561] L:\YOUR SONG.docx
      [25/09/2012 - 16:02:38 | HD ] L:\RECYCLER
      [25/09/2012 - 17:36:18 | D ] L:\Autorun.inf
      [02/09/2012 - 23:27:54 | SHD ] M:\RECYCLER
      [14/09/2012 - 17:09:36 | D ] M:\The Five Year Engagement
      [14/09/2012 - 17:09:26 | D ] M:\Dark Shadows
      [22/09/2010 - 18:33:30 | D ] M:\Descargas vuze
      [24/09/2011 - 10:35:16 | SHD ] M:\.Trashes
      [23/09/2011 - 18:11:36 | SHD ] M:\System Volume Information
      [24/09/2011 - 00:34:06 | SHD ] M:\Recycled
      [24/09/2011 - 10:35:16 | N | 4096] M:\._.Trashes
      [19/04/2012 - 19:51:32 | D ] M:\.fseventsd
      [24/09/2011 - 10:35:18 | D ] M:\.Spotlight-V100
      [19/07/2012 - 19:54:10 | D ] M:\Respaldo usb blanca
      [17/03/2012 - 18:13:18 | N | 4096] M:\._oceanic.wav
      [20/08/2012 - 20:32:44 | ASH | 31232] M:\Thumbs.db
      [24/09/2011 - 21:58:00 | SHD ] M:\$RECYCLE.BIN
      [14/09/2012 - 17:09:26 | D ] M:\Michael Jackson This Is It
      [14/09/2012 - 17:09:26 | D ] M:\Paul McCartney
      [14/09/2012 - 17:09:28 | D ] M:\Snow White and the Huntsman
      [07/02/2012 - 22:02:20 | N | 0] M:\.com.apple.timemachine.donotpresent
      [07/02/2012 - 22:02:20 | N | 4096] M:\._.com.apple.timemachine.donotpresent
      [14/09/2012 - 17:09:32 | D ] M:\The Avengers
      [17/03/2012 - 18:13:16 | N | 4096] M:\._Luis_Rachel.wav
      [14/09/2012 - 17:09:34 | D ] M:\The Beatles
      [20/09/2012 - 02:39:10 | D ] M:\The Time Travelers Wife
      [20/09/2012 - 02:38:48 | D ] M:\Bridesmaids
      [23/09/2012 - 17:59:12 | D ] M:\How To Train Your Dragon
      [23/09/2012 - 18:01:28 | D ] M:\Red Lights
      [23/09/2012 - 17:55:16 | D ] M:\Alice in Wonderland
      [23/09/2012 - 17:58:08 | D ] M:\Freelancers
      [04/01/2012 - 21:21:24 | D ] M:\Ver-pelis
      [25/09/2012 - 17:36:22 | RASHD ] M:\Autorun.inf
      [25/09/2012 - 18:26:56 | D ] M:\The Pirates! In an Adventure with Scientists! (2012) [1080p]
      [20/04/2012 - 13:08:26 | D ] M:\familia
      [20/04/2012 - 13:09:42 | D ] M:\Fotos Abel 12-2011
      [20/04/2012 - 13:14:06 | D ] M:\New folder
      [20/04/2012 - 13:27:24 | D ] M:\Pictures
      [20/04/2012 - 13:28:56 | D ] M:\video - Copy
      [20/04/2012 - 13:58:58 | D ] M:\2010-04-05
      [20/04/2012 - 14:04:38 | D ] M:\2010-11-29
      [20/04/2012 - 14:07:44 | D ] M:\2012-01-15 Fotos Abel y videos
      [20/04/2012 - 1452 | D ] M:\Camara
      [23/04/2012 - 21:31:06 | D ] M:\Pelis cristianas
      [29/04/2012 - 17:47:50 | D ] M:\Predicas Casa Torre Fuerte
      [04/06/2012 - 10:27:04 | D ] M:\Coins Catalogs
      [05/07/2012 - 18:42:20 | D ] M:\USB ROJA (F)
      [02/07/2012 - 1446 | D ] M:\Ingles.Sin.Barreras.1.al.6
      [02/07/2012 - 1422 | D ] M:\Ingles.Sin.Barreras.7.al.12
      [07/07/2012 - 09:55:02 | D ] N:\drivers asus
      [04/09/2011 - 00:59:48 | N | 13785856] N:\Firefox Setup 6.0.1.exe
      [10/08/2012 - 13:31:08 | D ] N:\EnhanceMySe7en Pro v2.8.1 + Crack[h33t][Gladrag_Manhunt]
      [24/08/2012 - 12:54:16 | N | 15933837] N:\Driver.Genius.Professional.11.0.0.1128+Crack+Serial[A4].rar
      [19/04/2012 - 10:41:02 | D ] N:\Driver.Genius.Professional.11.0.0.1128+Crack+Serial[A4]
      [02/09/2012 - 09:19:52 | D ] N:\Concierto J.A.R
      [29/07/2011 - 22:18:38 | N | 42534] N:\JOAQUIN HDZ..jpg
      [02/09/2012 - 19:08:18 | HD ] N:\RECYCLER
      [25/09/2012 - 17:36:30 | RASHD ] N:\Autorun.inf
      [08/12/2010 - 10:51:56 | D ] O:\IMSS
      [15/01/2011 - 19:36:04 | D ] O:\Rosa de saron
      [20/05/2011 - 18:19:38 | D ] O:\Varios
      [18/08/2011 - 00:47:30 | N | 296] O:\WMPInfo.xml
      [26/08/2011 - 10:36:32 | D ] O:\Mormonismo
      [10/09/2011 - 23:59:32 | D ] O:\Testigos de Jehova
      [07/10/2011 - 12:45:20 | D ] O:\MANUAL DE DISCIPULADO
      [15/10/2011 - 14:11:38 | D ] O:\7. Cristianismo en crisis
      [15/10/2011 - 01:50:02 | N | 61445] O:\ESTATUTOS JERUSALEN MINISTERIO CRISTIANO.docx
      [27/06/2011 - 11:36:42 | N | 100878] O:\DC-1059.pdf
      [19/11/2011 - 22:27:52 | D ] O:\MUSICA JOAQUIN
      [09/02/2012 - 14:08:24 | D ] O:\SAT
      [14/02/2012 - 10:20:52 | D ] O:\New folder
      [29/07/2011 - 22:18:38 | N | 42534] O:\JOAQUIN HDZ..jpg
      [13/05/2012 - 07:29:56 | N | 113139] O:\Officemax ubicaciones.docx
      [15/06/2012 - 23:36:40 | N | 1440768] O:\768___maestro_como_alumno.doc
      [15/06/2012 - 23:36:58 | N | 1094656] O:\831___predicacion.doc
      [03/07/2012 - 20:28:44 | N | 364263] O:\albo2.PDF
      [13/09/2012 - 09:50:06 | D ] O:\Orhidea 1080p

      ################## | Vaccin |

      C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      L:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      M:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      N:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
      O:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

      ################## | Upload |

      Please send the file: C:\UsbFix_Upload_Me_JESUS-ARMY.zip
      http://eldesaparecido.com/upload.php
      Thank you for your contribution.

      ################## | E.O.F |

      PERO EL COMBOFIX ME SIGUE MOSTRANDO EN MISMO CUADRO DE DIALOGO QUE TRANSCRIBI EN EK MENSAJE ANTERIOR!!!, BENDICIONES Y SALUDOS!!!

    8. #8
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Hola:


      Prueba lo siguiente:





      Descarga OTL By OldTimer


      >>> Para Ejecutar OTL

      • Cerrar todos programas que tengas abiertos y hacer doble clic en el ícono de OTL para ejecutarlo.
      • Dejarlo correr y esperar a que aparezca el menú de OTL..
      • Cuando salga el menú de OTL, solo debes cambiar debajo de: "Tipo de Análisis" poniendo Resultado Mínimo.
      • Marcar las opciones: Buscar LOP y Buscar Purity.
      • Marcar las Opciones >> Omitir Archivos De Microsoft y Usar Listado de Compañías Reconocidas.
      • Copiar y Pegar el siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

        NOTA: No copiar la palabra Cita.
        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        /md5start
        services.exe
        /md5stop
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.




      • Presionar el botón >>
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos archivos estarán grabados en el mismo lugar donde OTL.exe fue descargado.
      • Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.




      Salu2

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      hola, ya ejecute el procedimiento y esto fue lo que salio:


      OTL Extras logfile created on: 9/28/2012 4:31:28 PM - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

      1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.26% Memory free
      5.26 Gb Paging File | 4.95 Gb Available in Paging File | 93.96% Paging File free
      Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 142.08 Gb Total Space | 88.28 Gb Free Space | 62.14% Space Free | Partition Type: NTFS
      Drive D: | 6.96 Gb Total Space | 1.25 Gb Free Space | 18.02% Space Free | Partition Type: FAT32

      Computer Name: JESUS-ARMY | User Name: HP_Owner | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

      ========== Extra Registry (SafeList) ==========


      ========== File Associations ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

      [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
      .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

      ========== Shell Spawning ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
      exefile [open] -- "%1" %*
      htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
      htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
      Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

      ========== Security Center Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "FirstRunDisabled" = 1
      "UpdatesDisableNotify" = 0
      "AntiVirusDisableNotify" = 0
      "FirewallDisableNotify" = 0
      "AntiVirusOverride" = 0
      "FirewallOverride" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      "DisableMonitoring" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

      ========== System Restore Settings ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
      "DisableSR" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
      "Start" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
      "Start" = 2

      ========== Firewall Settings ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = 1

      ========== Authorized Applications List ==========

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
      "%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
      "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
      "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
      "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
      "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
      "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
      "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
      "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
      "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
      "C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
      "C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Computer, Inc.)
      "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
      "C:\WINDOWS\Keygen.exe" = C:\WINDOWS\Keygen.exe:*:Enabled:Keygen
      "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
      "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
      "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
      "C:\WINDOWS\KMSEmulator.exe" = C:\WINDOWS\KMSEmulator.exe:*:Enabled:KMSEmulator
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
      "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
      "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


      ========== HKEY_LOCAL_MACHINE Uninstall List ==========

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
      "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
      "{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1
      "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
      "{272F534A-29A8-40D4-8E0C-2A9A596F808D}" = LightScribe Template Designs - Tribal Pack 1
      "{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
      "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}" = LightScribe Template Designs - Music Pack 1
      "{5B295E70-5256-46DD-ADA8-81E9EF7F4939}" = LightScribe Template Designs - Life Events Pack 1
      "{605C0E57-BBB8-458F-9020-B17DCF0D5DEA}" = LightScribe Template Designs - Floral Pack 1
      "{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
      "{63D3D558-EAF4-419B-880C-208DAC13F794}" = LightScribe Template Designs - Travel Pack 1
      "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
      "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
      "{7419582C-1E2E-4848-88F6-9FF638D9EA87}" = LightScribe Diagnostic Utility
      "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
      "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
      "{81A28748-46BA-4010-A877-E9808993C214}" = LightScribe Template Designs - Architecture Pack 1
      "{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{90140000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 14
      "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
      "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
      "{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
      "{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
      "{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
      "{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
      "{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
      "{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
      "{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROPLUS_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
      "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
      "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
      "{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUS_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
      "{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROPLUS_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
      "{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROPLUS_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
      "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
      "{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
      "{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
      "{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
      "{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
      "{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
      "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
      "{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
      "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
      "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
      "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
      "{A5CC4D86-371A-4044-A7F3-C6CFCC4CA813}" = LightScribe Template Designs - Expressions
      "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
      "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
      "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
      "{B5ECA6E5-C943-4A40-936B-8E16D5B233ED}" = LightScribe Template Designs - Grab Bag Pack 1
      "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
      "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
      "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
      "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
      "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
      "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
      "{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
      "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
      "{DFDB0358-3CAC-4796-B031-4D99A3B70B8E}" = Visual Basic for Applications (R) Core - Spanish
      "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
      "{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
      "{F9E858E3-522C-4E89-AACC-619CCA2E1EA4}" = ESET NOD32 Antivirus
      "8461-7759-5462-8226" = Vuze
      "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
      "Audacity_is1" = Audacity 2.0
      "DivX Setup" = DivX Setup
      "e-Sword" = e-Sword
      "Free Easy Burner_is1" = Free Easy Burner V 5.1
      "Google Chrome" = Google Chrome
      "InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
      "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.65.0.1400
      "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
      "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
      "Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
      "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
      "SearchCore for Browsers" = SearchCore for Browsers
      "Searchqu 421 MediaBar" = Windows Searchqu Toolbar
      "Usbfix" = UsbFix By El Desaparecido
      "VLC media player" = VLC media player 1.1.11
      "Vuze_Remote Toolbar" = Vuze Remote Toolbar
      "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

      ========== HKEY_CURRENT_USER Uninstall List ==========

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "FoxTab Video Player" = FoxTab Video Player

      ========== Last 20 Event Log Errors ==========

      [ Application Events ]
      Error - 7/15/2012 10:08:05 PM | Computer Name = JESUS-ARMY | Source = Application Error | ID = 1000
      Description = Faulting application mplayerc.exe, version 6.4.9.1, faulting module
      ntdll.dll, version 5.1.2600.6055, fault address 0x0001245f.

      Error - 7/15/2012 10:08:30 PM | Computer Name = JESUS-ARMY | Source = Google Update | ID = 20
      Description =

      Error - 7/16/2012 1:08:29 AM | Computer Name = JESUS-ARMY | Source = Google Update | ID = 20
      Description =

      Error - 7/19/2012 8:01:20 PM | Computer Name = JESUS-ARMY | Source = MsiInstaller | ID = 11920
      Description = Producto: Maxtor Backup -- Error 1920. Fallo al iniciar el servicio
      'NTService1' (NTService1). Compruebe que dispone de suficientes privilegios para
      iniciar servicios del sistema.

      Error - 7/31/2012 10:14:14 AM | Computer Name = JESUS-ARMY | Source = Google Update | ID = 20
      Description =

      Error - 9/19/2012 7:00:34 PM | Computer Name = JESUS-ARMY | Source = Application Error | ID = 1000
      Description = Faulting application chrome.exe, version 21.0.1180.83, faulting module
      msvcrt.dll, version 7.0.2600.5512, fault address 0x000381cd.

      Error - 9/19/2012 10:13:59 PM | Computer Name = JESUS-ARMY | Source = Application Error | ID = 1000
      Description = Faulting application hpbootop.exe, version 2.0.5.0, faulting module
      hpbootop.exe, version 2.0.5.0, fault address 0x00002f03.

      Error - 9/19/2012 11:46:57 PM | Computer Name = JESUS-ARMY | Source = Application Hang | ID = 1002
      Description = Hanging application DivX Plus Player.exe, version 10.3.3.16, hang
      module hungapp, version 0.0.0.0, hang address 0x00000000.

      Error - 9/24/2012 12:06:09 AM | Computer Name = JESUS-ARMY | Source = Application Error | ID = 1000
      Description = Faulting application hpbootop.exe, version 2.0.5.0, faulting module
      kernel32.dll, version 5.1.2600.5781, fault address 0x00009823.

      Error - 9/24/2012 12:14:55 AM | Computer Name = JESUS-ARMY | Source = Application Error | ID = 1000
      Description = Faulting application tdsskiller.exe, version 2.8.10.0, faulting module
      tdsskiller.exe, version 2.8.10.0, fault address 0x000bf575.

      [ System Events ]
      Error - 9/26/2012 10:08:42 PM | Computer Name = JESUS-ARMY | Source = DCOM | ID = 10005
      Description = DCOM got error "%1084" attempting to start the service netman with
      arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

      Error - 9/26/2012 10:08:50 PM | Computer Name = JESUS-ARMY | Source = DCOM | ID = 10005
      Description = DCOM got error "%1084" attempting to start the service StiSvc with
      arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

      Error - 9/26/2012 10:08:52 PM | Computer Name = JESUS-ARMY | Source = DCOM | ID = 10005
      Description = DCOM got error "%1084" attempting to start the service EventSystem
      with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

      Error - 9/26/2012 10:09:35 PM | Computer Name = JESUS-ARMY | Source = DCOM | ID = 10005
      Description = DCOM got error "%1084" attempting to start the service EventSystem
      with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

      Error - 9/26/2012 10:09:37 PM | Computer Name = JESUS-ARMY | Source = Service Control Manager | ID = 7001
      Description = The DHCP Client service depends on the NetBios over Tcpip service
      which failed to start because of the following error: %%31

      Error - 9/26/2012 10:09:37 PM | Computer Name = JESUS-ARMY | Source = Service Control Manager | ID = 7001
      Description = The DNS Client service depends on the TCP/IP Protocol Driver service
      which failed to start because of the following error: %%31

      Error - 9/26/2012 10:09:37 PM | Computer Name = JESUS-ARMY | Source = Service Control Manager | ID = 7001
      Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
      failed to start because of the following error: %%31

      Error - 9/26/2012 10:09:37 PM | Computer Name = JESUS-ARMY | Source = Service Control Manager | ID = 7001
      Description = The IPSEC Services service depends on the IPSEC driver service which
      failed to start because of the following error: %%31

      Error - 9/26/2012 10:09:37 PM | Computer Name = JESUS-ARMY | Source = Service Control Manager | ID = 7026
      Description = The following boot-start or system-start driver(s) failed to load:
      AFD ehdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

      Error - 9/27/2012 2:18:01 AM | Computer Name = JESUS-ARMY | Source = Service Control Manager | ID = 7026
      Description = The following boot-start or system-start driver(s) failed to load:
      fasttx2k


      < End of report >

      gracias y saludos!!!

    10. #10
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Hola JOHESA70:


      Pegaste el reporte de Extras.txt faltaria que pegues el OTL:txt.



      Salu2-

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 3 123 ÚltimoÚltimo