HectorFM | |
| 2006-10-13 21:07 - Respuestas: 6 - Tema nº: 2423327
Antes de pasar a mi problema...
Comprendo que para muchos sera una sorpresa mayor verme por aqui despues de tanto tiempo. Lamento de verdad no haberme comunicado antes ... pero creanme, no me ha sido posible. No he tenido acceso a una computadora desde hace casi dos meses... hasta hace poco. Tampoco he tenido tiempo o mente para ordenar mis ideas y contarles todo lo que ha pasado ultimamente, durante las semanas que he estado ausente. He pasado por una serie de cambios mayores -e inesperados- en mi vida... todos para bien, no se preocupen. Estoy bien, y soy feliz. Pero me ha costado grandes esfuerzos llegar a donde estoy, y aun hay mucho por hacer antes de que yo pueda sentarme frente a una computadora con razonable regularidad. Por lo pronto les comento, estoy bien, en perfecta salud, y lo mas importante, soy feliz. Tan pronto pueda les contare un poco mas sobre mi situacion -y escribire algunos correos que tengo pendientes. Mientras tanto...
Necesito apoyo para reparar una PC ajena. Aqui les expongo los detalles:
Modelo: COMPAQ Presario 6000
S.O.: Windows XP Home (Version 2002) SP2
Procesador: AMD Athlon XP 1600+, 1.4 GHz
RAM: 224 MB
El problema comenzo la semana pasada. Para variar, no hay pistas de la causa. La propietaria permite a gente de todo tipo usar esta PC. Los sintomas, inundacion masiva de Pop-ups. Antes de intervenir yo, la proteccion existente era AOL Spoyware Protection y Norton Internet Security. Hasta ahora -en modo Normal, previa desactrivacion de Restaurar Sistema- he instalado, actualizado y ejecutado:
Spybot S&D (encontro 143 objetos, fue incapaz de eliminar alrededor de 10)
Ad Aware SE (encontro 209 objetos, incapaz de eliminar +/-15)
SpywareBlaster
MyPopupKiller (para detener la inundacion- buenos resultados)
Ademas, corri el scan online de Ewido, encontro 171 objetos. Aqui les dejo el reporte que guarde:
_______________________
ewido anti-spyware online scanner
http://www.ewido.net
_______________________
Name: TrackingCookie.2o7
Path: C:\Documents and Settings\home user\Cookies\home user@2o7[2].txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\home user\Cookies\home user@ad.yieldmanager[1].txt
Risk: Medium
Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\home user\Cookies\home user@adbrite[2].txt
Risk: Medium
Name: TrackingCookie.Admarketplace
Path: C:\Documents and Settings\home user\Cookies\home user@admarketplace[1].txt
Risk: Medium
Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\home user\Cookies\home user@adopt.euroclick[1].txt
Risk: Medium
Name: TrackingCookie.Specificclick
Path: C:\Documents and Settings\home user\Cookies\home user@adopt.specificclick[1].txt
Risk: Medium
Name: TrackingCookie.Adrevolver
Path: C:\Documents and Settings\home user\Cookies\home user@adrevolver[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\home user\Cookies\home user@anad.tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\home user\Cookies\home user@anat.tacoda[2].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\home user\Cookies\home user@as-us.falkag[1].txt
Risk: Medium
Name: TrackingCookie.Searchingbooth
Path: C:\Documents and Settings\home user\Cookies\home user@banners.searchingbooth[1].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\home user\Cookies\home user@bluestreak[2].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\home user\Cookies\home user@burstnet[2].txt
Risk: Medium
Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\home user\Cookies\home user@c.enhance[1].txt
Risk: Medium
Name: TrackingCookie.Com
Path: C:\Documents and Settings\home user\Cookies\home user@com[1].txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\home user\Cookies\home user@cpvfeed[2].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\home user\Cookies\home user@data2.perf.overture[2].txt
Risk: Medium
Name: TrackingCookie.Starware
Path: C:\Documents and Settings\home user\Cookies\home user@h.starware[2].txt
Risk: Medium
Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\home user\Cookies\home user@image.masterstats[1].txt
Risk: Medium
Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\home user\Cookies\home user@login.tracking101[2].txt
Risk: Medium
Name: TrackingCookie.Top-banners
Path: C:\Documents and Settings\home user\Cookies\home user@media.top-banners[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\home user\Cookies\home user@overture[2].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: C:\Documents and Settings\home user\Cookies\home user@perf.overture[1].txt
Risk: Medium
Name: TrackingCookie.Adjuggler
Path: C:\Documents and Settings\home user\Cookies\home user@rotator.adjuggler[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: C:\Documents and Settings\home user\Cookies\home user@server.iad.liveperson[2].txt
Risk: Medium
Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\home user\Cookies\home user@stats1.reliablestats[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\home user\Cookies\home user@tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\home user\Cookies\home user@trafficmp[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\home user\Cookies\home user@tribalfusion[2].txt
Risk: Medium
Name: TrackingCookie.Starware
Path: C:\Documents and Settings\home user\Cookies\home user@try.starware[1].txt
Risk: Medium
Name: TrackingCookie.Burstbeacon
Path: C:\Documents and Settings\home user\Cookies\home user@www.burstbeacon[2].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\home user\Cookies\home user@www.burstnet[2].txt
Risk: Medium
Name: TrackingCookie.Myaffiliateprogram
Path: C:\Documents and Settings\home user\Cookies\home user@www.myaffiliateprogram[1].txt
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\home user\Cookies\home user@yieldmanager[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\home user\Cookies\home user@zedo[2].txt
Risk: Medium
Name: Adware.DeluxeCommunications
Path: HKU\.DEFAULT\Software\DeluxeCommunications
Risk: Medium
Name: Adware.DeluxeCommunications
Path: HKU\.DEFAULT\Software\DeluxeCommunications\Internet Explorer
Risk: Medium
Name: Adware.DeluxeCommunications
Path: HKU\S-1-5-18\Software\DeluxeCommunications
Risk: Medium
Name: Adware.DeluxeCommunications
Path: HKU\S-1-5-18\Software\DeluxeCommunications\Internet Explorer
Risk: Medium
Name: Adware.Look2Me
Path: [992] C:\WINDOWS\system32\oibcjt32.dll
Risk: Medium
Name: Adware.Look2Me
Path: [1144] C:\WINDOWS\system32\oibcjt32.dll
Risk: Medium
Name: Downloader.Agent.awf
Path: [2112] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
Risk: High
Name: Downloader.Qoologic.bj
Path: [2340] C:\WINDOWS\system32\ulbylgv.dll
Risk: High
Name: Downloader.VB.wz
Path: [2364] C:\WINDOWS\xload.exe
Risk: High
Name: Downloader.Qoologic.bj
Path: [2384] C:\WINDOWS\system32\ulbylgv.dll
Risk: High
Name: Downloader.PurityScan.cx
Path: [2408] C:\DOCUME~1\HOMEUS~1\APPLIC~1\RACLE~1\wuaclt.exe
Risk: High
Name: Downloader.Qoologic.bj
Path: [2416] C:\WINDOWS\system32\ulbylgv.dll
Risk: High
Name: Downloader.Qoologic.bj
Path: [2564] C:\WINDOWS\system32\ulbylgv.dll
Risk: High
Name: Downloader.Qoologic.bj
Path: [2120] C:\WINDOWS\system32\ulbylgv.dll
Risk: High
Name: Downloader.Qoologic.bj
Path: [200] C:\WINDOWS\system32\ulbylgv.dll
Risk: High
Name: Downloader.Dyfuca.fb
Path: C:\919_133.exe
Risk: High
Name: Downloader.Small.cyh
Path: C:\ac3_0003.exe
Risk: High
Name: Hijacker.VB.ly
Path: C:\dfndrff_e21.exe
Risk: High
Name: Downloader.Adload.gg
Path: C:\dfndrff_e24.exe
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061006200150.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011084508.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011084515.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011084527.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011084603.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011085603.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011192150.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011192218.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011194109.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011194203.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061011221017.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061012091236.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061012093435.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061012093510.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061012095044.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Trojan.Qhost.hl
Path: C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20061012095127.zip/WINDOWS/system32/drivers/etc/hosts
Risk: High
Name: Adware.AutoSearch
Path: C:\Documents and Settings\All Users\Application Data\AutoSearch.dll
Risk: Medium
Name: Downloader.PurityScan.cx
Path: C:\Documents and Settings\home user\Application Data\nulo7;racle\wuaclt.exe
Risk: High
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\home user\Local Settings\Temp\Cookies\home user@ad.yieldmanager[1].txt
Risk: Medium
Name: TrackingCookie.Admarketplace
Path: C:\Documents and Settings\home user\Local Settings\Temp\Cookies\home user@admarketplace[1].txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\home user\Local Settings\Temp\Cookies\home user@cpvfeed[2].txt
Risk: Medium
Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\home user\Local Settings\Temp\Cookies\home user@login.tracking101[2].txt
Risk: Medium
Name: TrackingCookie.Reliablestats
Path: C:\Documents and Settings\home user\Local Settings\Temp\Cookies\home user@stats1.reliablestats[2].txt
Risk: Medium
Name: Adware.Mirar
Path: C:\Documents and Settings\home user\Local Settings\Temp\mit84.tmp/NNBar_VCSetup_876056.exe
Risk: Medium
Name: Adware.Mirar
Path: C:\Documents and Settings\home user\Local Settings\Temp\mit84.tmp.cab/NNBar_VCSetup_876056.exe
Risk: Medium
Name: Adware.MediaMotor
Path: C:\Documents and Settings\home user\Local Settings\Temp\mmxsnet.exe
Risk: Medium
Name: Adware.Mirar
Path: C:\Documents and Settings\home user\Local Settings\Temp\NNBar_VCSetup_876056.exe
Risk: Medium
Name: Not-A-Virus.Downloader.Win32.WinFixer.q
Path: C:\Documents and Settings\home user\Local Settings\Temp\SystemDoctor2006FreeInstall.exe
Risk: Low
Name: Adware.Look2Me
Path: C:\Documents and Settings\home user\Local Settings\Temp\temp.fr283F
Risk: Medium
Name: Adware.CommAd
Path: C:\Documents and Settings\home user\Local Settings\Temp\temp.fr4446
Risk: Medium
Name: Adware.CommAd
Path: C:\Documents and Settings\home user\Local Settings\Temp\temp.fr6F97
Risk: Medium
Name: Adware.EliteBar
Path: C:\Documents and Settings\home user\Local Settings\Temp\uninstall.exe
Risk: Medium
Name: Downloader.VB.wz
Path: C:\Documents and Settings\home user\Local Settings\Temp\xload.exe
Risk: High
Name: Adware.Altnet
Path: C:\Documents and Settings\home user\My Documents\My Received Files\kazaa_setup.exe
Risk: Medium
Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
Risk: Medium
Name: TrackingCookie.Enhance
Path: C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt
Risk: Medium
Name: TrackingCookie.Goclick
Path: C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt
Risk: Medium
Name: Adware.SurfSide
Path: C:\DXC9.exe
Risk: Medium
Name: Adware.AutoSearch
Path: C:\InstallerC.exe/AutoSearch.dll
Risk: Medium
Name: Adware.AutoSearch
Path: C:\InstallerC.exe/AutoSearch.dll
Risk: Medium
Name: Downloader.Qoologic.at
Path: C:\installerwnusnewer.exe
Risk: High
Name: Downloader.Adload.gb
Path: C:\kybrdff_e21.exe
Risk: High
Name: Downloader.Adload.gg
Path: C:\kybrdff_e24.exe
Risk: High
Name: Downloader.Adload.gg
Path: C:\nwnmff_e23.exe
Risk: High
Name: Downloader.Adload.gg
Path: C:\nwnmff_e24.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
Risk: High
Name: Adware.CASClient
Path: C:\Program Files\Batty2\Batty2.dll
Risk: Medium
Name: Downloader.Agent.awf
Path: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
Risk: High
Name: Hijacker.Small.jf
Path: C:\Program Files\Common Files\podoc.html
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Risk: High
Name: Adware.DeluxeCommunications
Path: C:\Program Files\DeluxeCommunications
Risk: Medium
Name: Adware.DeluxeCommunications
Path: C:\Program Files\DeluxeCommunications\Dxc.exe
Risk: Medium
Name: Adware.DeluxeCommunications
Path: C:\Program Files\DeluxeCommunications\DxcBho.dll
Risk: Medium
Name: Adware.DeluxeCommunications
Path: C:\Program Files\DeluxeCommunications\DxcCore.dll
Risk: Medium
Name: Hijacker.Small.jf
Path: C:\Program Files\Internet Explorer\mebezaw.html
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Messenger\msmsgs.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\MySpace\IM\MySpaceIM.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\QuickTime\qttask.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Real\RealPlayer\RealPlay.exe
Risk: High
Name: Downloader.Agent.awf
Path: C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
Risk: High
Name: Adware.SaveNow
Path: C:\WINDOWS\876056.exe
Risk: Medium
Name: Downloader.Small.cyh
Path: C:\WINDOWS\ac3_0018.exe
Risk: High
Name: Adware.AutoSearch
Path: C:\WINDOWS\aff_0006.exe/AutoSearch.dll
Risk: Medium
Name: Adware.AutoSearch
Path: C:\WINDOWS\aff_0006.exe/AutoSearch.dll
Risk: Medium
Name: Adware.BookedSpace
Path: C:\WINDOWS\dkorcovs.exe
Risk: Medium
Name: Adware.SurfSide
Path: C:\WINDOWS\DXCecho.exe
Risk: Medium
Name: Dropper.Agent.mu
Path: C:\WINDOWS\hfrgjub.exe
Risk: High
Name: Adware.BookedSpace
Path: C:\WINDOWS\kugedxpq.exe
Risk: Medium
Name: Downloader.Dyfuca.ey
Path: C:\WINDOWS\srvwtpptha.exe
Risk: High
Name: Adware.CASClient
Path: C:\WINDOWS\system32\BattyRun2.dll
Risk: Medium
Name: Adware.AdURL
Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MT6L0JER\AppWrap[1].exe
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\crusapi.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\d8j02i1mg8.dll
Risk: Medium
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\edhyqvhk.dll
Risk: High
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\fpp4037qe.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\gp8ql3l51.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\guard.tmp_tobedeleted
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\hr4m05h1e.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\i660lgjm16oa.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\i8jqli1518.dll
Risk: Medium
Name: Trojan.Pakes
Path: C:\WINDOWS\system32\ib14.dll
Risk: High
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\jieaaryg.dll
Risk: High
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\jtrq0795e.dll
Risk: Medium
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\krbxamcn.dll
Risk: High
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\l26olcj31fo.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\lvpo0973e.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\mrglibnt.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\mv2ml9f11.dll
Risk: Medium
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\ngbujuem.dll
Risk: High
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\nmcfckdb.dll
Risk: High
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\o848lihu1848.dll
Risk: Medium
Name: Logger.VBStat.e
Path: C:\WINDOWS\system32\pbmfumnb.dll
Risk: High
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\pnpnrkmu.dll
Risk: High
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\pprfdisk.dll
Risk: Medium
Name: Adware.Look2Me
Path: C:\WINDOWS\system32\pzrfts.dll
Risk: Medium
Name: Logger.VBStat.e
Path: C:\WINDOWS\system32\rbdcsxkm.dll
Risk: High
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\rtqgesue.dll
Risk: High
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\rvrpipeq.dll
Risk: High
Name: Logger.VBStat.e
Path: C:\WINDOWS\system32\snxypfgv.dll
Risk: High
Name: Logger.VBStat.e
Path: C:\WINDOWS\system32\svmmmvrh.dll
Risk: High
Name: Downloader.Qoologic.bj
Path: C:\WINDOWS\system32\tcqcg.dat
Risk: High
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\uliptesj.dll
Risk: High
Name: Adware.Virtumonde
Path: C:\WINDOWS\system32\vtuurom.dll
Risk: Medium
Name: Adware.Mirar
Path: C:\WINDOWS\system32\WinNB58.dll
Risk: Medium
Name: Trojan.BHO.g
Path: C:\WINDOWS\system32\wiuuicmi.dll
Risk: High
Name: TrackingCookie.Yieldmanager
Path: C:\WINDOWS\Temp\Cookies\home user@ad.yieldmanager[2].txt
Risk: Medium
Name: TrackingCookie.Cpvfeed
Path: C:\WINDOWS\Temp\Cookies\home user@cpvfeed[2].txt
Risk: Medium
Name: Downloader.Agent.awf
Path: C:\WINDOWS\Temp\ja.exe
Risk: High
Name: Adware.SurfSide
Path: C:\WINDOWS\Temp\uA9.tmp
Risk: Medium
Name: Trojan.VB.tg
Path: C:\WINDOWS\uninst108.exe
Risk: High
Name: Downloader.VB.ajh
Path: C:\WINDOWS\winlogon.exe_tobedeleted
Risk: High
Name: Downloader.VB.wz
Path: C:\WINDOWS\xload.exe
Risk: High
Tampoco el Ewido fue capaz de borrar todo. Intente correr el ActiveScan, no funciono. Error en la pagina. .Tengo la corazonada que que hay aqui bichos que requieren tratamiento especial, y se me acabaron las ideas... asi que baje y corri HijackThis. Aaqui les expongo el log, esperando que alguien pueda darme alguna pista
Logfile of HijackThis v1.99.1
Scan saved at 2:13:25 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\oecyux.exe
C:\WINDOWS\system32\fnsdu.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fnsdu.exe
C:\WINDOWS\system32\fnsdu.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\AOL\1127947696\ee\AOLSoftware.exe
C:\WINDOWS\dsrss.exe
C:\Program Files\Slide\Slide.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\home user\Desktop\HECTOR\mpk\mpk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home user\Desktop\HECTOR\HijackThis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EB153D22-F7E5-AD38-B11E-FE7A90EE5898} -
C:\WINDOWS\system32\kttfvpb.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fnsdu.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pjahfek.exe
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL
Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1127947696\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic
Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [wed48d9d] RUNDLL32.EXE w7c3a7c8.dll,n 00548d98000000127c3a7c8
O4 - HKLM\..\Run: [nvgqtv] C:\WINDOWS\system32\oecyux.exe reg_run
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\HOMEUS~1\APPLIC~1\RACLE~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [ksmsv] C:\WINDOWS\system32\oecyux.exe reg_run
O4 - HKCU\..\Run: [Srsub] C:\Documents and Settings\home user\Application
Data\s?curity\n?tepad.exe
O4 - HKCU\..\Run: [MyPopupKiller] C:\Documents and Settings\home user\Desktop\mpk\mpk.exe
O4 - Startup: Slide.exe.lnk = C:\Program Files\Slide\Slide.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online
9.0\aoltray.exe
O4 - Global Startup: hlnab.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program
Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -
C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?111
5271673125
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) -
http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O20 - AppInit_DLLs: BattyRun2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\aG9tZSB1c2Vy\command.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices,
Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -
C:\WINDOWS\wanmpsvc.exe
Acepto cualquier sugerencia...
gracias por su atencion, y nos vemos pronto. | |
|
|
Nosferatus | |
|
Re: Severa infeccion: spyware, troyanos... - 2006-10-13 21:16 - Respuesta 2
Hola Hector, me alegro estés bien, la verdad es que se te echaba de menos, si a sido para bien, perfecto.
En cuanto al problema, menudo problemón xDDD, aparte de meter el pc en un cubo lleno de lejía , se me ocurren varias opciones:
-Crear un disco de rescate de algún antivirus (Norton, Panda, etc) y pasarlo.
-Usar el programa kilbox, aquí te remito a un problema que tuvo el usuario pumi, http://www.configurarequipos.com/tema2423323-8-0.html
-Con regcleaner, eliminar de la lista de inicio todos los bichos, reiniciar y eliminar "a mano" éstos
-Spybot tiene la opción de ejecutarse al reiniciar el sistema para evitar que los bichos se carguen, también puedes usarlo.
Y de momento es lo que se me ocurre.
Saludos
| |
|
|
no_existe | |
|
Re: Severa infeccion: spyware, troyanos... - 2006-10-14 01:38 - Respuesta 3
si tienes una severa infeccion puedes pasarte un antivirus online, para mi el mejor es el de BitDefender. mucha suerte!!!! (www.bitdefender.es) | |
|
|
gilosh | |
|
Re: Severa infeccion: spyware, troyanos... - 2006-10-14 06:05 - Respuesta 4
hola HectorFM.
En primer lugar de nueva cuenta bienvenido,entremos en materia efectivamente existen cuando menos 4 registros infectados según el log del H.T.,sin embargo habrá que esperar un experto lo examine a conciencia para pasar a eliminarlos manualmente,por el momento puedes pasar de nueva cuenta a prueba de fallos el antivirus panda security internet 2007,o el NOD32,posteriormente volver a pegar el log del H:T para poder ahora si reexaminarlo pero ahora con esto creo suficiente sería adecuado que además instales el spybot search&destroyer y pasarlo antes de pegar el log.del H:T,como siempre un cordial saludo. | |
|
|
tordanxa | |
|
Re: Severa infeccion: spyware, troyanos... - 2006-10-14 08:45 - Respuesta 5
¡¡Hombre, Héctor!!! Me alegro de verte por aquí, de que te vayan bien las cosas y de que seas feliz, tu ordenador no debe de pensar lo mismo
En serio, se te echa de menos mucho.
En cuanto a la PC ajena:
Cierra todos los programas y en el HijackThis marca las siguientes entradas y después las eliminas utilizando la opción Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {EB153D22-F7E5-AD38-B11E-FE7A90EE5898} - C:\WINDOWS\system32\kttfvpb.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fnsdu.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pjahfek.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [wed48d9d] RUNDLL32.EXE w7c3a7c8.dll,n 00548d98000000127c3a7c8
O4 - HKLM\..\Run: [nvgqtv] C:\WINDOWS\system32\oecyux.exe reg_run
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\HOMEUS~1\APPLIC~1\RACLE~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [ksmsv] C:\WINDOWS\system32\oecyux.exe reg_run
O4 - HKCU\..\Run: [Srsub] C:\Documents and Settings\home user\Application Data\s?curity\n?tepad.exe
O4 - Global Startup: hlnab.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O20 - AppInit_DLLs: BattyRun2.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aG9tZSB1c2Vy\command.exe (file missing)
Finaliza los siguiente procesos si los tienes abiertos :
oecyux.exe
fnsdu.exe
fnsdu.exe
fnsdu.exe
dsrss.exe
Elimina los siguientes archivos o carpetas si las tienes (Debes de tener la opción mostrar todos los archivos y carpetas habilitada en opciones de carpeta):
C:\WINDOWS\system32\fnsdu.exe
C:\WINDOWS\system32\userinit.exe,pjahfek.exe
C:\Program Files\RXToolBar
C:\WINDOWS\system32\oecyux.exe
dsrss.exe
C:\DOCUME~1\HOMEUS~1\APPLIC~1\RACLE~1\wuaclt.exe
hlnab.exe
Elimina archivos innecesarios como ya te han dicho. Pasa este programa:
Look2me-destroyer
y después los que ya has pasado.
Nos cuentas
Saludos
PD: Tu siempre con tus posts tan estéticos | |
|
|
|