• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    Mi cuenta de correo manda virus

    Según un amigo, hoy recibió un correo mio el cual estaba infectado. Mi cuenta es de Gmail, y la utilizo solamente desde la web. Seguí los pasos que ustedes recomiendan para la eliminación de virus, ...

    1. #1
      Usuario Avatar de EL VAGO
      Registrado
      abr 2005
      Ubicación
      Argentina
      Mensajes
      43

      Mi cuenta de correo manda virus

      Según un amigo, hoy recibió un correo mio el cual estaba infectado. Mi cuenta es de Gmail, y la utilizo solamente desde la web.
      Seguí los pasos que ustedes recomiendan para la eliminación de virus, y mi antivirus (Avira) no detecto nada, el NOD32 online tampoco, pero si me detectaron infecciones el Malwarebytes' Anti-Malware y el TDSSKiller, lo cuales no elimine por miedo a que no sean infecciones de verdad.
      Dejo la captura del TDSSKiller:
      [IMG]http://i46.*******.com/15qxhmt.png[/IMG]

      Y este es el reporte del Malwarebytes:
      Malwarebytes Anti-Malware 1.65.1.1000
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.12.12.14

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 6.0.2900.5512
      Teikirisi :: PC [administrador]

      12/12/2012 07:58:34 p.m.
      mbam-log-2012-12-12 (21-01-55).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 231419
      Tiempo transcurrido: 1 hora(s), 49 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 1
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> datos: 1 -> No se tomaron medidas.

      Elementos de Datos del Registro Detectados: 2
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Malo: (0) Bueno: (1) -> No se tomaron medidas.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Malo: (1) Bueno: (0) -> No se tomaron medidas.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)


      fin)

      Saludos y espero me puedan ayudar.

    2. #2
      Ex-Colaborador Avatar de @Frank_JPS
      Registrado
      abr 2012
      Ubicación
      España
      Mensajes
      2.457

      Re: Mi cuenta de correo manda virus

      Buenas.


      Nota : omite estos posos :
      haga estos pasos con la heramienta MSNCleaner creada por InfoSpyware.com

      Sigue el manual paso por paso tal y como viene *

      comenta si se solucionó el problema
      Realice los pasos mencionados por Elpiedra mas abajo.

      Saludos!!. Mudo13 .
      Última edición por @Frank_JPS fecha: 12/12/12 a las 22:22:59

    3. #3
      FS-Admin
      Avatar de @MarceloRivero
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      40.915

      Re: Mi cuenta de correo manda virus

      Hola EL VAGO: efectivamente tu equipo se encuentra infectado y el primer paso a seguir seria eliminar todo lo detectado por MBAM. Lo de TDSSKiller lo dejaremos para más adelante luego de utilizar CF siguiendo estos pasos:


      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacerle doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.




      Salu2


      PD//Para @mudo13 agradecemos tu intención de ayudar, pero hay que tener cuidado con lo que se recomienda ya que en este caso MSNCleaner es una herramienta específica para los virus del Messenger y nada puede hacer ni tiene que ver con el problema que comenta el usuario, mas ya mostrando los logs de MBAM con la infección, gracias.
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #4
      Usuario Avatar de EL VAGO
      Registrado
      abr 2005
      Ubicación
      Argentina
      Mensajes
      43

      Re: Mi cuenta de correo manda virus

      Gracias por tu respuesta

      Segui tus pasos, y elimine las infecciones con el MBAM y no toque el TDSSKiller, ni tampoco use el MSNCleaner.
      EL reporte del combofix es el siguiente:

      ComboFix 12-12-12.01 - Teikirisi 13/12/2012 0:35.1.1 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.1535.1093 [GMT -3:00]
      Running from: c:\usuarios\Teikirisi\Escritorio\ComboFix.exe
      * Created a new restore point
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\usuarios\All Users\Datos de programa\TEMP
      c:\windows\system32\msconfig.exe
      c:\windows\system32\URTTemp
      .
      .
      .
      c:\windows\system32\srsvc.dll . . . is infected!!
      .
      c:\windows\system32\drivers\psched.sys . . . is missing!!
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
      .
      .
      2012-12-12 04:31 . 2012-12-12 23:01 -------- d-----w- c:\windows\system32\wbem\Logs
      2012-12-10 18:27 . 2012-12-10 18:27 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\Maxthon3
      2012-12-10 17:44 . 2012-12-10 17:44 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\ProcessLasso
      2012-12-09 23:19 . 2012-12-09 23:19 -------- d-----w- c:\archivos de programa\ESET
      2012-12-09 07:17 . 2012-12-09 07:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
      2012-12-05 05:41 . 2012-12-07 04:51 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\Media Player Classic
      2012-12-05 03:35 . 2012-12-05 03:35 -------- d--h--w- c:\usuarios\Teikirisi\Entorno de red
      2012-12-05 03:27 . 2012-12-08 18:21 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\GlarySoft
      2012-12-05 01:19 . 2012-12-05 03:35 -------- d-s---w- c:\usuarios\Teikirisi\UserData
      2012-12-04 17:57 . 2012-12-04 17:57 20 --sha-w- c:\usuarios\Teikirisi\Datos de programa\App4870.ConfCollection.bin
      2012-11-27 22:18 . 2005-09-27 15:16 14944 ------w- c:\windows\system32\drivers\wg6n.sys
      2012-11-27 22:18 . 2005-09-27 15:16 14944 ------w- c:\windows\system32\drivers\wg5n.sys
      2012-11-27 22:18 . 2005-09-27 15:16 14944 ------w- c:\windows\system32\drivers\wg4n.sys
      2012-11-27 19:07 . 2012-11-27 19:07 -------- d-----r- c:\usuarios\NetworkService\Favoritos
      2012-11-27 19:04 . 2012-11-27 22:18 -------- d-----w- c:\archivos de programa\Archivos comunes\Wise Installation Wizard
      2012-11-27 18:40 . 2012-11-27 18:40 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\BlueSprig
      2012-11-26 23:27 . 2012-11-26 23:27 -------- d-----w- c:\usuarios\All Users\Datos de programa\Apple Computer
      2012-11-26 23:27 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
      2012-11-26 23:27 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
      2012-11-26 23:27 . 2010-11-29 17:38 180224 ----a-w- c:\windows\system32\QTCF.dll
      2012-11-20 01:56 . 2012-11-20 01:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
      2012-11-20 01:56 . 2012-11-20 01:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
      2012-11-20 01:56 . 2012-11-20 01:56 1060864 ----a-w- c:\windows\system32\mfc71.dll
      2012-11-19 02:25 . 2008-04-14 11:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
      2012-11-19 02:25 . 2008-04-14 11:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
      2012-11-19 02:25 . 2008-04-14 11:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
      2012-11-19 02:24 . 2010-11-17 00:10 527208 ------w- c:\windows\system32\HPDiscoPM9311.dll
      2012-11-19 02:24 . 2010-11-17 01:11 1792872 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ3050_J610.dll
      2012-11-19 02:23 . 2010-11-17 01:11 267112 ----a-w- c:\windows\system32\hpinksts9311LM.dll
      2012-11-19 02:23 . 2010-11-17 01:11 232296 ----a-w- c:\windows\system32\hpinksts9311.dll
      2012-11-19 02:23 . 2010-11-17 01:11 213864 ----a-w- c:\windows\system32\hpinkcoi9311.dll
      2012-11-19 02:23 . 2012-11-19 02:27 -------- d-----w- c:\usuarios\All Users\Datos de programa\HP
      2012-11-19 02:23 . 2012-11-19 02:23 -------- d-----w- c:\archivos de programa\HP
      2012-11-19 02:22 . 2012-11-19 02:22 -------- d-----w- c:\usuarios\Teikirisi\Configuración local\Datos de programa\HP
      2012-11-15 03:19 . 2012-11-27 18:53 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\Notepad++
      2012-11-15 01:08 . 2012-11-21 21:17 -------- d-----w- c:\usuarios\Teikirisi\Datos de programa\Songbird2
      2012-11-14 02:35 . 2008-04-14 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe.backup
      2012-11-14 02:34 . 2012-11-14 02:34 -------- d-----w- c:\archivos de programa\MSECache
      2012-11-14 02:02 . 2007-04-09 20:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
      2012-11-14 02:02 . 2007-04-09 20:23 28040 ----a-w- c:\windows\system32\mdimon.dll
      2012-11-14 01:58 . 2012-11-14 01:58 -------- d-----w- c:\archivos de programa\Microsoft Works
      2012-11-14 01:55 . 2012-11-14 01:55 -------- d-----w- c:\windows\SHELLNEW
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-22 17:20 . 2012-11-12 20:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-11-22 17:20 . 2012-11-12 20:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-11-14 02:35 . 2008-04-14 10:00 24064 ----a-w- c:\windows\system32\ctfmon.exe
      2012-11-12 20:01 . 2012-11-12 20:01 1199175 ----a-w- c:\windows\unins001.exe
      2012-11-12 19:59 . 2012-11-12 19:59 709719 ----a-w- c:\windows\unins000.exe
      2012-11-12 19:49 . 2012-11-12 19:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-11-12 19:49 . 2012-11-12 19:49 746984 ----a-w- c:\windows\system32\deployJava1.dll
      2012-11-12 19:49 . 2012-11-12 19:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
      2012-11-12 19:49 . 2012-11-12 19:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2012-11-12 18:41 . 2012-11-12 18:41 520528 ----a-w- c:\windows\system32\HHCTRL.OCX
      2012-09-20 22:27 . 2012-11-12 19:25 61440 ----a-w- c:\windows\system32\CleanMem.exe
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      .
      [-] 2009-12-22 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
      .
      .
      [-] 2012-11-14 02:35 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
      .
      .
      .
      .
      c:\windows\System32\drivers\beep.sys ... is missing !!
      c:\windows\System32\wuauclt.exe ... is missing !!
      c:\windows\System32\srsvc.dll ... is missing !!
      c:\windows\System32\wscntfy.exe ... is missing !!
      c:\windows\System32\regsvc.dll ... is missing !!
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoNetConnectDisconnect"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      .
      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NVSvc"=2 (0x2)
      "MozillaMaintenance"=3 (0x3)
      "JavaQuickStarterService"=2 (0x2)
      "idsvc"=3 (0x3)
      "AdobeFlashPlayerUpdateSvc"=3 (0x3)
      "MDM"=2 (0x2)
      "ose"=3 (0x3)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - 10985710
      *NewlyCreated* - 68167530
      *Deregistered* - 10985710
      *Deregistered* - 68167530
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      NETSVCS REQUIRES REPAIRS - current entries shown
      6to4
      AppMgmt
      AudioSrv
      Browser
      CryptSvc
      DMServer
      DHCP
      EventSystem
      FastUserSwitchingCompatibility
      HidServ
      Ias
      Iprip
      Irmon
      LanmanServer
      LanmanWorkstation
      Netman
      Nla
      NWCWorkstation
      Nwsapagent
      Rasauto
      Rasman
      Remoteaccess
      Schedule
      Seclogon
      SENS
      Tapisrv
      Themes
      W32Time
      WZCSVC
      Wmi
      WmdmPmSp
      winmgmt
      xmlprov
      napagent
      hkmsvc
      BITS
      ShellHWDetection
      WmdmPmSN
      .
      Rebuilding ... You need to reboot your machine for this to take effect.
      .
      ntmssvc
      sharedaccess
      ERSvc
      Messenger
      SRService
      TrkWks
      helpsvc
      uploadmgr
      TermService
      wuauserv
      wscsvc
      ip6fwhlp
      mhn
      sacsvr
      trksvr
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-12-13 c:\windows\Tasks\Clean System Memory.job
      - c:\windows\system32\CleanMem.exe [2012-11-12 22:27]
      .
      2012-12-12 c:\windows\Tasks\JetCleanLoginCheckUpdate.job
      - d:\aplicaciones portables\JetClean\AutoUpdate.exe [2012-11-27 19:54]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = about:blank
      IE: E&xportar a Microsoft Excel - d:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
      TCP: DhcpNameServer = 200.115.192.29 200.115.192.30 190.55.60.129
      FF - ProfilePath -
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-12-13 00:39
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
      "A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      Completion time: 2012-12-13 00:40:28
      ComboFix-quarantined-files.txt 2012-12-13 03:40
      .
      Pre-Run: 13,066,760,192 bytes libres
      Post-Run: 13,039,968,256 bytes libres
      .
      - - End Of File - - B00CE9C364CCA4CDF94D7E203445655C
      ¿Ahora que debería hacer?

    5. #5
      FS-Admin
      Avatar de @MarceloRivero
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      40.915

      Re: Mi cuenta de correo manda virus

      Quedan bastantes cosas por hacer, pero para ir por partes ya que tenes varios errores y archivos faltantes, vamos a continuar primero descargando y ejecutando nuestra herramienta N-Repair.exe para reparar los NETSVCS.

      Paso siguiente vamos a ver si tenes remplazo para los archivos faltantes e infectados:

      Paso 1.-: Descargue SystemLook de uno de los siguientes enlaces:






      • Haga doble clic al archivo SystemLook.exe para ejecutarlo.
      • Copie y pege el texto del recuadro de aquí abajo en la ventana del programa y pulsa en Look.
        Código HTML:
        :filefind
        beep.sys
        wuauclt.exe
        srsvc.dll
        wscntfy.exe
        regsvc.dll 
        psched.sys 
      • Espere unos segundos hasta que finalice la búsqueda.
      • Al acabar abrirá un reporte que debe copiar y pegar en este tema.

      Nota: Ese reporte también quedará en el archivo SystemLook.txt de su escritorio.


      Salu2


      PD//También seria interesante que le hagas un nuevo scan con TDSSKiller y nos dejes el reporte, en otro post dentro de este mismo mensaje, pero para que no quede todo junto y entreverado.
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de EL VAGO
      Registrado
      abr 2005
      Ubicación
      Argentina
      Mensajes
      43

      Re: Mi cuenta de correo manda virus

      Muchísimas gracias por tu ayuda, ElPiedra.
      Ya pase el N-Repair.exe y este es el reporte del SystemLook:
      SystemLook 30.07.11 by jpshortstuff
      Log created at 21:29 on 13/12/2012 by Teikirisi
      Administrator - Elevation successful

      ========== filefind ==========

      Searching for "beep.sys"
      No files found.

      Searching for "wuauclt.exe"
      No files found.

      Searching for "srsvc.dll"
      No files found.

      Searching for "wscntfy.exe"
      No files found.

      Searching for "regsvc.dll "
      No files found.

      Searching for "psched.sys "
      No files found.

      -= EOF =-

    7. #7
      Usuario Avatar de EL VAGO
      Registrado
      abr 2005
      Ubicación
      Argentina
      Mensajes
      43

      Re: Mi cuenta de correo manda virus

      Y acá te dejo el reporte del TDSSKiller:
      21:30:09.0093 1384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
      21:30:10.0046 1384 ============================================================
      21:30:10.0046 1384 Current date / time: 2012/12/13 21:30:10.0046
      21:30:10.0046 1384 SystemInfo:
      21:30:10.0046 1384
      21:30:10.0046 1384 OS Version: 5.1.2600 ServicePack: 3.0
      21:30:10.0046 1384 Product type: Workstation
      21:30:10.0046 1384 ComputerName: PC
      21:30:10.0046 1384 UserName: Teikirisi
      21:30:10.0046 1384 Windows directory: C:\WINDOWS
      21:30:10.0046 1384 System windows directory: C:\WINDOWS
      21:30:10.0046 1384 Processor architecture: Intel x86
      21:30:10.0046 1384 Number of processors: 1
      21:30:10.0046 1384 Page size: 0x1000
      21:30:10.0046 1384 Boot type: Normal boot
      21:30:10.0046 1384 ============================================================
      21:30:11.0125 1384 Drive \Device\Harddisk0\DR0 - Size: 0x9962B8000 (38.35 Gb), SectorSize: 0x200, Cylinders: 0x138D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
      21:30:11.0125 1384 ============================================================
      21:30:11.0125 1384 \Device\Harddisk0\DR0:
      21:30:11.0125 1384 MBR partitions:
      21:30:11.0125 1384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x219D1D3
      21:30:11.0140 1384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x219D251, BlocksNum 0x2B110FC
      21:30:11.0140 1384 ============================================================
      21:30:11.0171 1384 D: <-> \Device\Harddisk0\DR0\Partition2
      21:30:11.0218 1384 C: <-> \Device\Harddisk0\DR0\Partition1
      21:30:11.0218 1384 ============================================================
      21:30:11.0218 1384 Initialize success
      21:30:11.0218 1384 ============================================================
      21:30:17.0609 1680 ============================================================
      21:30:17.0609 1680 Scan started
      21:30:17.0609 1680 Mode: Manual; SigCheck; TDLFS;
      21:30:17.0609 1680 ============================================================
      21:30:17.0984 1680 ================ Scan system memory ========================
      21:30:17.0984 1680 System memory - ok
      21:30:17.0984 1680 ================ Scan services =============================
      21:30:18.0140 1680 Abiosdsk - ok
      21:30:18.0187 1680 [ CF2A07E1751A2D612D7E13AA431AB057 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
      21:30:19.0156 1680 ACPI - ok
      21:30:19.0187 1680 [ 1C905333C0B9F3D7C68DDF25E54B00F9 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
      21:30:19.0390 1680 ACPIEC - ok
      21:30:19.0453 1680 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
      21:30:19.0468 1680 AdobeFlashPlayerUpdateSvc - ok
      21:30:19.0515 1680 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
      21:30:19.0718 1680 aec - ok
      21:30:19.0750 1680 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
      21:30:19.0968 1680 AFD - ok
      21:30:20.0000 1680 AliIde - ok
      21:30:20.0046 1680 [ FBCE64D4A59BEFD5565845D82E1CFBEB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
      21:30:20.0265 1680 AmdK7 - ok
      21:30:20.0312 1680 [ 30CD42BFCDAFEFE8567B9E527DD3AE08 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
      21:30:20.0390 1680 AppMgmt - ok
      21:30:20.0546 1680 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
      21:30:20.0546 1680 aspnet_state - ok
      21:30:20.0593 1680 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      21:30:20.0796 1680 AsyncMac - ok
      21:30:20.0828 1680 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
      21:30:21.0046 1680 atapi - ok
      21:30:21.0062 1680 Atdisk - ok
      21:30:21.0109 1680 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      21:30:21.0343 1680 Atmarpc - ok
      21:30:21.0359 1680 [ A37F6480B06C37DB69BBFF045CF9F55B ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
      21:30:21.0578 1680 AudioSrv - ok
      21:30:21.0625 1680 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
      21:30:21.0843 1680 audstub - ok
      21:30:21.0875 1680 Beep - ok
      21:30:21.0953 1680 [ 8EE9639C01B92490E09638CAA1B16C3C ] BITS C:\WINDOWS\system32\qmgr.dll
      21:30:22.0203 1680 BITS - ok
      21:30:22.0234 1680 [ E28818BD591F8AF8FBE9897472B9665E ] Browser C:\WINDOWS\System32\browser.dll
      21:30:22.0437 1680 Browser - ok
      21:30:22.0500 1680 catchme - ok
      21:30:22.0546 1680 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
      21:30:22.0781 1680 Cdaudio - ok
      21:30:22.0812 1680 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
      21:30:23.0046 1680 Cdfs - ok
      21:30:23.0078 1680 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
      21:30:23.0296 1680 Cdrom - ok
      21:30:23.0312 1680 Changer - ok
      21:30:23.0343 1680 CiSvc - ok
      21:30:23.0375 1680 ClipSrv - ok
      21:30:23.0437 1680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      21:30:23.0437 1680 clr_optimization_v2.0.50727_32 - ok
      21:30:23.0468 1680 [ 3FB186A7A9728102181334336B364BE5 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      21:30:23.0500 1680 clr_optimization_v4.0.30319_32 - ok
      21:30:23.0515 1680 CmdIde - ok
      21:30:23.0593 1680 [ E5ADEEF2C0DB43964223F408F1FCC97E ] cmuda C:\WINDOWS\system32\drivers\cmuda.sys
      21:30:23.0703 1680 cmuda - ok
      21:30:23.0718 1680 COMSysApp - ok
      21:30:23.0765 1680 [ E423C9C1946C656E0E4840210A0A8681 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
      21:30:23.0984 1680 CryptSvc - ok
      21:30:24.0046 1680 [ 53D02EFFA72CA5C57687BEE20610ABA6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
      21:30:24.0281 1680 DcomLaunch - ok
      21:30:24.0328 1680 [ 2DDFB3A5679FA02366686ECB1AF622F0 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
      21:30:24.0562 1680 Dhcp - ok
      21:30:24.0593 1680 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
      21:30:24.0843 1680 Disk - ok
      21:30:24.0875 1680 dmadmin - ok
      21:30:24.0921 1680 [ C252A99C0A78B39FAA2E2D1D048B1050 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
      21:30:25.0250 1680 dmboot - ok
      21:30:25.0281 1680 [ 33B4D4039CD2CB25351A7BF13B2988D9 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
      21:30:25.0484 1680 dmio - ok
      21:30:25.0515 1680 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
      21:30:25.0781 1680 dmload - ok
      21:30:25.0828 1680 [ 40D0520DDAA9312C5DDDD8C7C99D8325 ] dmserver C:\WINDOWS\System32\dmserver.dll
      21:30:26.0046 1680 dmserver - ok
      21:30:26.0093 1680 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
      21:30:26.0328 1680 DMusic - ok
      21:30:26.0375 1680 [ 412134C50E2063D882EF1634676E2B25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
      21:30:26.0609 1680 Dot3svc - ok
      21:30:26.0656 1680 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
      21:30:26.0890 1680 drmkaud - ok
      21:30:26.0937 1680 [ FC3FE3654588E597FFF395C305062C46 ] EapHost C:\WINDOWS\System32\eapsvc.dll
      21:30:27.0140 1680 EapHost - ok
      21:30:27.0156 1680 ERSvc - ok
      21:30:27.0203 1680 [ D658A8C2FC7B2AD53D1259741A09EE04 ] Eventlog C:\WINDOWS\system32\services.exe
      21:30:27.0421 1680 Eventlog - ok
      21:30:27.0453 1680 [ 76ABF3BB5A6D684641EC92B28240811D ] EventSystem C:\WINDOWS\system32\es.dll
      21:30:27.0671 1680 EventSystem - ok
      21:30:27.0718 1680 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
      21:30:27.0953 1680 Fastfat - ok
      21:30:28.0000 1680 [ CA70EDBF32032EA53F114CB930741CB5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
      21:30:28.0218 1680 FastUserSwitchingCompatibility - ok
      21:30:28.0250 1680 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
      21:30:28.0484 1680 Fdc - ok
      21:30:28.0515 1680 [ EF88FBDBB2C2AB084DCAE4388921C898 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
      21:30:28.0546 1680 FET5X86V - ok
      21:30:28.0578 1680 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
      21:30:28.0796 1680 FETNDIS - ok
      21:30:28.0859 1680 [ E5E61F2C07344E91DBFB7EAFDE549AB4 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
      21:30:29.0078 1680 Fips - ok
      21:30:29.0093 1680 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
      21:30:29.0312 1680 Flpydisk - ok
      21:30:29.0343 1680 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
      21:30:29.0546 1680 FltMgr - ok
      21:30:29.0593 1680 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      21:30:29.0609 1680 FontCache3.0.0.0 - ok
      21:30:29.0656 1680 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
      21:30:29.0875 1680 Fs_Rec - ok
      21:30:29.0906 1680 [ CC5F3AF5711A1C7C8FA1D43BB16B401A ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      21:30:30.0140 1680 Ftdisk - ok
      21:30:30.0171 1680 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
      21:30:30.0343 1680 gameenum - ok
      21:30:30.0375 1680 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
      21:30:30.0578 1680 Gpc - ok
      21:30:30.0609 1680 HidServ - ok
      21:30:30.0656 1680 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
      21:30:30.0843 1680 hidusb - ok
      21:30:30.0875 1680 [ 8F80B5FB68E1E767D872CB9A8CAD5B5D ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
      21:30:31.0062 1680 hkmsvc - ok
      21:30:31.0093 1680 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
      21:30:31.0296 1680 HTTP - ok
      21:30:31.0328 1680 [ 0406B351908A8C143B6B6BB8834D4920 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
      21:30:31.0546 1680 HTTPFilter - ok
      21:30:31.0593 1680 [ 4A2490A66E8271901E89DD5FB79748AE ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      21:30:31.0781 1680 i8042prt - ok
      21:30:31.0875 1680 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
      21:30:31.0984 1680 idsvc - ok
      21:30:32.0015 1680 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
      21:30:32.0250 1680 Imapi - ok
      21:30:32.0296 1680 IntelIde - ok
      21:30:32.0343 1680 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      21:30:32.0546 1680 IpFilterDriver - ok
      21:30:32.0578 1680 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
      21:30:32.0796 1680 IpInIp - ok
      21:30:32.0812 1680 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
      21:30:33.0046 1680 IpNat - ok
      21:30:33.0078 1680 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
      21:30:33.0281 1680 IPSec - ok
      21:30:33.0312 1680 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
      21:30:33.0375 1680 IRENUM - ok
      21:30:33.0421 1680 [ 0F3D281B0410FE5D482AADA37D20524B ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
      21:30:33.0640 1680 isapnp - ok
      21:30:33.0750 1680 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Archivos de programa\Java\jre7\bin\jqs.exe
      21:30:33.0765 1680 JavaQuickStarterService - ok
      21:30:33.0812 1680 [ 188DDD286BC0DAEA6984858C6A4D7BBF ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      21:30:34.0015 1680 Kbdclass - ok
      21:30:34.0046 1680 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
      21:30:34.0250 1680 kmixer - ok
      21:30:34.0296 1680 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
      21:30:34.0328 1680 KMWDFILTER - ok
      21:30:34.0359 1680 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
      21:30:34.0562 1680 KSecDD - ok
      21:30:34.0609 1680 [ 1814A50472885DB3036CD2097F2BB77C ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
      21:30:34.0812 1680 LanmanServer - ok
      21:30:34.0859 1680 [ 26A6587E6EACD49A77A4AE11AA490493 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
      21:30:35.0046 1680 lanmanworkstation - ok
      21:30:35.0062 1680 lbrtfdc - ok
      21:30:35.0156 1680 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
      21:30:35.0187 1680 MDM - ok
      21:30:35.0234 1680 [ 9024556E739B8469D2B8F5F0E4C9BC9F ] Modem C:\WINDOWS\system32\drivers\Modem.sys
      21:30:35.0453 1680 Modem - ok
      21:30:35.0500 1680 [ 6FD36B4994A2363659A65C9F970CFDB7 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
      21:30:35.0687 1680 Mouclass - ok
      21:30:35.0718 1680 [ 8EE532E516B2D23D686CFC1CC0A15C25 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
      21:30:35.0906 1680 mouhid - ok
      21:30:35.0953 1680 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
      21:30:36.0140 1680 MountMgr - ok
      21:30:36.0171 1680 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      21:30:36.0406 1680 MRxSmb - ok
      21:30:36.0453 1680 [ 975BD2762BF355A572597CC54D97BA93 ] MSDTC C:\WINDOWS\system32\msdtc.exe
      21:30:36.0656 1680 MSDTC - ok
      21:30:36.0718 1680 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
      21:30:37.0000 1680 Msfs - ok
      21:30:37.0000 1680 MSIServer - ok
      21:30:37.0031 1680 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
      21:30:37.0218 1680 MSKSSRV - ok
      21:30:37.0218 1680 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      21:30:37.0406 1680 MSPCLOCK - ok
      21:30:37.0421 1680 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
      21:30:37.0609 1680 MSPQM - ok
      21:30:37.0640 1680 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      21:30:37.0796 1680 mssmbios - ok
      21:30:37.0843 1680 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
      21:30:38.0046 1680 Mup - ok
      21:30:38.0078 1680 [ FD578FCC03BBD76AF1E62202E6670D29 ] napagent C:\WINDOWS\System32\qagentrt.dll
      21:30:38.0265 1680 napagent - ok
      21:30:38.0312 1680 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
      21:30:38.0546 1680 NDIS - ok
      21:30:38.0562 1680 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      21:30:38.0734 1680 NdisTapi - ok
      21:30:38.0750 1680 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      21:30:38.0921 1680 Ndisuio - ok
      21:30:38.0937 1680 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      21:30:39.0109 1680 NdisWan - ok
      21:30:39.0140 1680 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
      21:30:39.0328 1680 NDProxy - ok
      21:30:39.0343 1680 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
      21:30:39.0515 1680 NetBIOS - ok
      21:30:39.0531 1680 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
      21:30:39.0703 1680 NetBT - ok
      21:30:39.0734 1680 [ 671ACA589DA3733FAC878A751C5BF0ED ] Netlogon C:\WINDOWS\system32\lsass.exe
      21:30:39.0937 1680 Netlogon - ok
      21:30:39.0968 1680 [ A48884C9359EE9F1FC8F3F0D93FB1D95 ] Netman C:\WINDOWS\System32\netman.dll
      21:30:40.0125 1680 Netman - ok
      21:30:40.0156 1680 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
      21:30:40.0171 1680 NetTcpPortSharing - ok
      21:30:40.0187 1680 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
      21:30:40.0375 1680 Npfs - ok
      21:30:40.0437 1680 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
      21:30:40.0625 1680 Ntfs - ok
      21:30:40.0640 1680 [ 671ACA589DA3733FAC878A751C5BF0ED ] NtLmSsp C:\WINDOWS\system32\lsass.exe
      21:30:40.0812 1680 NtLmSsp - ok
      21:30:40.0843 1680 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
      21:30:41.0000 1680 Null - ok
      21:30:41.0140 1680 [ BE10DB9AD60D5814AEFF31D976B99448 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
      21:30:41.0359 1680 nv - ok
      21:30:41.0390 1680 [ A3B67AA9F60533557FD9141BCA9FA4A9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
      21:30:41.0406 1680 NVSvc - ok
      21:30:41.0437 1680 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
      21:30:41.0453 1680 ose - ok
      21:30:41.0468 1680 [ E7855CBD8BD1FDA085A3F92CFF7906E2 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
      21:30:41.0625 1680 Parport - ok
      21:30:41.0640 1680 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
      21:30:41.0812 1680 PartMgr - ok
      21:30:41.0843 1680 [ FAD44D704ECD7D39AD01415B8BB34204 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
      21:30:42.0000 1680 ParVdm - ok
      21:30:42.0015 1680 [ F11BC84AE6C7B003B5E0C8EEB4A1F444 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
      21:30:42.0171 1680 PCI - ok
      21:30:42.0171 1680 PCIDump - ok
      21:30:42.0187 1680 PCIIde - ok
      21:30:42.0218 1680 [ F50C27CCA56DC97B3A45E7F0059BD2BA ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
      21:30:42.0375 1680 Pcmcia - ok
      21:30:42.0375 1680 PDCOMP - ok
      21:30:42.0390 1680 PDFRAME - ok
      21:30:42.0406 1680 PDRELI - ok
      21:30:42.0406 1680 PDRFRAME - ok
      21:30:42.0453 1680 [ D658A8C2FC7B2AD53D1259741A09EE04 ] PlugPlay C:\WINDOWS\system32\services.exe
      21:30:42.0593 1680 PlugPlay - ok
      21:30:42.0609 1680 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
      21:30:42.0765 1680 PptpMiniport - ok
      21:30:42.0781 1680 [ 671ACA589DA3733FAC878A751C5BF0ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
      21:30:42.0921 1680 ProtectedStorage - ok
      21:30:42.0937 1680 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
      21:30:43.0093 1680 Ptilink - ok
      21:30:43.0109 1680 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
      21:30:43.0265 1680 RasAcd - ok
      21:30:43.0296 1680 [ 8345C6F52F38A95B950B9B3D064AE3EE ] RasAuto C:\WINDOWS\System32\rasauto.dll
      21:30:43.0453 1680 RasAuto - ok
      21:30:43.0593 1680 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      21:30:43.0734 1680 Rasl2tp - ok
      21:30:43.0750 1680 [ B279F6A9EA3ACB5844C103ED2DB65B44 ] RasMan C:\WINDOWS\System32\rasmans.dll
      21:30:43.0906 1680 RasMan - ok
      21:30:43.0921 1680 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      21:30:44.0062 1680 RasPppoe - ok
      21:30:44.0093 1680 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
      21:30:44.0265 1680 Raspti - ok
      21:30:44.0312 1680 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
      21:30:44.0468 1680 Rdbss - ok
      21:30:44.0531 1680 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      21:30:44.0671 1680 RDPCDD - ok
      21:30:44.0718 1680 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      21:30:44.0875 1680 rdpdr - ok
      21:30:44.0906 1680 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
      21:30:45.0078 1680 RDPWD - ok
      21:30:45.0109 1680 [ 6193E6B05336C277EA4DB39AFA46BC23 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
      21:30:45.0265 1680 RDSessMgr - ok
      21:30:45.0296 1680 [ 20950948970A0EA329B4254052BCF093 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
      21:30:45.0453 1680 redbook - ok
      21:30:45.0484 1680 [ 1B7481D377BD7997452352F82F4CFFED ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
      21:30:45.0640 1680 RemoteAccess - ok
      21:30:45.0687 1680 [ 53D02EFFA72CA5C57687BEE20610ABA6 ] RpcSs C:\WINDOWS\System32\rpcss.dll
      21:30:45.0843 1680 RpcSs - ok
      21:30:45.0875 1680 [ 671ACA589DA3733FAC878A751C5BF0ED ] SamSs C:\WINDOWS\system32\lsass.exe
      21:30:46.0015 1680 SamSs - ok
      21:30:46.0062 1680 [ 51BE25C404D3DD344C6079DE715E4977 ] Schedule C:\WINDOWS\system32\schedsvc.dll
      21:30:46.0234 1680 Schedule - ok
      21:30:46.0265 1680 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
      21:30:46.0328 1680 Secdrv - ok
      21:30:46.0343 1680 [ B62C489373A1E1B949FC0FAA90F3B47A ] seclogon C:\WINDOWS\System32\seclogon.dll
      21:30:46.0484 1680 seclogon - ok
      21:30:46.0515 1680 [ A95A27C874B0931A6F8F656924F4A14A ] SENS C:\WINDOWS\system32\sens.dll
      21:30:46.0656 1680 SENS - ok
      21:30:46.0703 1680 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
      21:30:46.0859 1680 serenum - ok
      21:30:46.0875 1680 [ F41B42B92AE9C1191858C3F80CC24A9C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
      21:30:47.0015 1680 Serial - ok
      21:30:47.0156 1680 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
      21:30:47.0281 1680 Sfloppy - ok
      21:30:47.0312 1680 [ 4A4EF3EE166FAD4A04B1D767AD986329 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
      21:30:47.0484 1680 SharedAccess - ok
      21:30:47.0531 1680 [ CA70EDBF32032EA53F114CB930741CB5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
      21:30:47.0671 1680 ShellHWDetection - ok
      21:30:47.0687 1680 Simbad - ok
      21:30:47.0765 1680 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
      21:30:47.0906 1680 splitter - ok
      21:30:47.0937 1680 [ CDD2DC6AE65084481E723E746C20539A ] Spooler C:\WINDOWS\system32\spoolsv.exe
      21:30:48.0078 1680 Spooler - ok
      21:30:48.0093 1680 srservice - ok
      21:30:48.0156 1680 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
      21:30:48.0296 1680 Srv - ok
      21:30:48.0343 1680 [ B622A432EF02895DE4AA38AC8B85FA4C ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
      21:30:48.0437 1680 SSDPSRV - ok
      21:30:48.0500 1680 [ 7226422C95FDF8AA6092EE964912B0DF ] stisvc C:\WINDOWS\system32\wiaservc.dll
      21:30:48.0656 1680 stisvc - ok
      21:30:48.0687 1680 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
      21:30:48.0828 1680 swenum - ok
      21:30:48.0859 1680 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
      21:30:48.0984 1680 swmidi - ok
      21:30:49.0000 1680 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
      21:30:49.0156 1680 sysaudio - ok
      21:30:49.0187 1680 [ F1F6EE807F0112AAE2259B253B6DDF89 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
      21:30:49.0343 1680 SysmonLog - ok
      21:30:49.0390 1680 [ 04A5B8EA326951DB27DF60A14F2999FF ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
      21:30:49.0515 1680 TapiSrv - ok
      21:30:49.0562 1680 [ ACCF5A9A1FFAA490F33DBA1C632B95E1 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
      21:30:49.0593 1680 Tcpip ( UnsignedFile.Multi.Generic ) - warning
      21:30:49.0593 1680 Tcpip - detected UnsignedFile.Multi.Generic (1)
      21:30:49.0625 1680 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
      21:30:49.0750 1680 TDPIPE - ok
      21:30:49.0796 1680 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
      21:30:49.0953 1680 TDTCP - ok
      21:30:49.0984 1680 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
      21:30:50.0109 1680 TermDD - ok
      21:30:50.0171 1680 [ 288B20D56D5F0EC4BCC77FBFA5A81740 ] TermService C:\WINDOWS\System32\termsrv.dll
      21:30:50.0328 1680 TermService - ok
      21:30:50.0343 1680 [ CA70EDBF32032EA53F114CB930741CB5 ] Themes C:\WINDOWS\System32\shsvcs.dll
      21:30:50.0484 1680 Themes - ok
      21:30:50.0515 1680 TosIde - ok
      21:30:50.0578 1680 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
      21:30:50.0718 1680 uagp35 - ok
      21:30:50.0765 1680 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
      21:30:50.0890 1680 Udfs - ok
      21:30:50.0937 1680 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
      21:30:51.0078 1680 Update - ok
      21:30:51.0109 1680 [ 7594203F459ABDB5FE53C08D6B1BD53B ] upnphost C:\WINDOWS\System32\upnphost.dll
      21:30:51.0187 1680 upnphost - ok
      21:30:51.0203 1680 UPS - ok
      21:30:51.0250 1680 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      21:30:51.0390 1680 usbccgp - ok
      21:30:51.0421 1680 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
      21:30:51.0562 1680 usbehci - ok
      21:30:51.0593 1680 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
      21:30:51.0734 1680 usbhub - ok
      21:30:51.0765 1680 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
      21:30:51.0906 1680 usbprint - ok
      21:30:51.0953 1680 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
      21:30:52.0062 1680 usbscan - ok
      21:30:52.0109 1680 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      21:30:52.0234 1680 USBSTOR - ok
      21:30:52.0265 1680 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      21:30:52.0421 1680 usbuhci - ok
      21:30:52.0453 1680 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
      21:30:52.0593 1680 VgaSave - ok
      21:30:52.0625 1680 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
      21:30:52.0640 1680 viaagp1 - ok
      21:30:52.0671 1680 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
      21:30:52.0796 1680 ViaIde - ok
      21:30:52.0812 1680 [ 79D0DCF683856593309601F4089F758A ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
      21:30:52.0859 1680 viamraid - ok
      21:30:52.0890 1680 [ C147AFA614B9925479D47CD173329789 ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
      21:30:52.0937 1680 videX32 - ok
      21:30:52.0968 1680 [ C71CFACDBFADD819736F61F5738BDDC1 ] W32Time C:\WINDOWS\system32\w32time.dll
      21:30:53.0109 1680 W32Time - ok
      21:30:53.0140 1680 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
      21:30:53.0281 1680 Wanarp - ok
      21:30:53.0296 1680 WDICA - ok
      21:30:53.0328 1680 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
      21:30:53.0484 1680 wdmaud - ok
      21:30:53.0562 1680 [ A5FC75CAB140CF6A78E16C3681001872 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
      21:30:53.0703 1680 winmgmt - ok
      21:30:53.0781 1680 [ 57CF215B0250DE0C4AE36ABC8AE31BE4 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
      21:30:53.0906 1680 WmdmPmSN - ok
      21:30:53.0953 1680 [ 992C944CD2D05BB9919258E48695AF07 ] Wmi C:\WINDOWS\System32\advapi32.dll
      21:30:54.0125 1680 Wmi - ok
      21:30:54.0187 1680 [ CA1A5270ACC0062B13F62CA5A0CD8DA8 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
      21:30:54.0328 1680 WmiApSrv - ok
      21:30:54.0390 1680 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
      21:30:54.0437 1680 WPFFontCache_v0400 - ok
      21:30:54.0484 1680 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
      21:30:54.0609 1680 WS2IFSL - ok
      21:30:54.0625 1680 wscsvc - ok
      21:30:54.0656 1680 wuauserv - ok
      21:30:54.0718 1680 [ D2CAF9FF9DA12F0CC6398C6E331015E4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
      21:30:54.0875 1680 WZCSVC - ok
      21:30:54.0906 1680 [ 14FDADCF05A37582399DAF1DA1DE1C7B ] xmlprov C:\WINDOWS\System32\xmlprov.dll
      21:30:55.0046 1680 xmlprov - ok
      21:30:55.0062 1680 ================ Scan global ===============================
      21:30:55.0093 1680 [ 5E83265291342AE4B13481CA25B115A0 ] C:\WINDOWS\system32\basesrv.dll
      21:30:55.0140 1680 [ F24ABBB52A7895B77CB70AB05F01F2C3 ] C:\WINDOWS\system32\winsrv.dll
      21:30:55.0171 1680 [ F24ABBB52A7895B77CB70AB05F01F2C3 ] C:\WINDOWS\system32\winsrv.dll
      21:30:55.0203 1680 [ D658A8C2FC7B2AD53D1259741A09EE04 ] C:\WINDOWS\system32\services.exe
      21:30:55.0203 1680 [Global] - ok
      21:30:55.0218 1680 ================ Scan MBR ==================================
      21:30:55.0250 1680 [ 792F61657FECE3D17A9122B4EE282847 ] \Device\Harddisk0\DR0
      21:30:55.0500 1680 \Device\Harddisk0\DR0 - ok
      21:30:55.0515 1680 ================ Scan VBR ==================================
      21:30:55.0531 1680 [ 7205F3104FF6B8BE3E1467EDDB0C7595 ] \Device\Harddisk0\DR0\Partition1
      21:30:55.0531 1680 \Device\Harddisk0\DR0\Partition1 - ok
      21:30:55.0562 1680 [ 18D4CA53D24E8014F82B906645D1ACD9 ] \Device\Harddisk0\DR0\Partition2
      21:30:55.0562 1680 \Device\Harddisk0\DR0\Partition2 - ok
      21:30:55.0562 1680 ============================================================
      21:30:55.0562 1680 Scan finished
      21:30:55.0562 1680 ============================================================
      21:30:55.0687 1672 Detected object count: 1
      21:30:55.0687 1672 Actual detected object count: 1
      21:30:59.0406 1672 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
      21:30:59.0406 1672 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
      21:31:01.0265 1600 Deinitialize success
      Espero coordenadas para continuar reparando mi computadora.
      Saludos y Gracias

    8. #8
      Usuario Avatar de EL VAGO
      Registrado
      abr 2005
      Ubicación
      Argentina
      Mensajes
      43

      Re: Mi cuenta de correo manda virus

      Note que cuando quiero abrir el msconfig no me deja y me tira este error
      [IMG]http://i46.*******.com/291ewlf.png[/IMG]

    9. #9
      FS-Admin
      Avatar de @MarceloRivero
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      40.915

      Re: Mi cuenta de correo manda virus

      Hola EL Vago, lamento la demora en mi respuesta, pero se me traspapelo tu tema...

      Si aun continuas con el problema podemos continuarlo en este mismo tema o de lo contrario nos avisas para cerrar el caso.


      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.