"Malware Doctor" & "Adpclient" & "svchosts" Trojans (SOLUCIONADO)
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
"Malware Doctor" & "Adpclient" & "svchosts" Trojans (SOLUCIONADO)
Estimados Amigos,
Tengo un problema, deje mi computador prendido en la noche y cuando llegue en la mañana a mi oficina, encontre muchas pantallas de error de microsoft explorer y ademas un programa instalado llamado "Malware Doctor" indicandome que tengo virus y que comprando ese programa se soluciona todo, he estado tranado de solucionarlo por mi cuenta y descargue un software llamado Spyware Doctos que indican que es uno de los mejores para detectar virus, pero para borrar los siguientes virus me indica que tengo que comprar la licencia 300 US$ (demasiado costosa). Podrian ayudarme con estoi, abajo lkes muestro lo que detecto este programa.
5 tipos de infecciones:
1. Application. TrackingCookies (15 Infecciones) Low - Alojado en Browser Cookie
2. Adware.Advertising (4 Infecciones) Low - Alojado en Browser Cookie
3. Trojan-Downloader.Adpclient (1 Infeccion) Medium - alojado en comsa32.sys
4. Trojan.Generic (5 Infecciones) Medium - Alojadoo en el startup y un valor del Registro
5. Adware.Component.Unrelated (1 infeccion) Low - Alojado en un Valor del Registro
Espero que me puedan ayudar, ademas de esto la computadora esta muy muy lenta
Muchas gracias y espero sus comentarios
Ginna Martinez
Tengo un problema, deje mi computador prendido en la noche y cuando llegue en la mañana a mi oficina, encontre muchas pantallas de error de microsoft explorer y ademas un programa instalado llamado "Malware Doctor" indicandome que tengo virus y que comprando ese programa se soluciona todo, he estado tranado de solucionarlo por mi cuenta y descargue un software llamado Spyware Doctos que indican que es uno de los mejores para detectar virus, pero para borrar los siguientes virus me indica que tengo que comprar la licencia 300 US$ (demasiado costosa). Podrian ayudarme con estoi, abajo lkes muestro lo que detecto este programa.
5 tipos de infecciones:
1. Application. TrackingCookies (15 Infecciones) Low - Alojado en Browser Cookie
2. Adware.Advertising (4 Infecciones) Low - Alojado en Browser Cookie
3. Trojan-Downloader.Adpclient (1 Infeccion) Medium - alojado en comsa32.sys
4. Trojan.Generic (5 Infecciones) Medium - Alojadoo en el startup y un valor del Registro
5. Adware.Component.Unrelated (1 infeccion) Low - Alojado en un Valor del Registro
Espero que me puedan ayudar, ademas de esto la computadora esta muy muy lenta
Muchas gracias y espero sus comentarios
Ginna Martinez
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Disculpen corrijo el costo es 30 US$ y ademas se me olvido indicarles que el scchosts.exe se ve es en el punto 4 Trojan.Generic
Un saludo y quedo a la espera de su pronta respuesta
Un saludo y quedo a la espera de su pronta respuesta
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Hay miles de variantes como esta, y los vamos controlando con el ELISTARA a medida que los vamos conociendo:
[quote][b]ELISTARA:[/b] http://www.zonavirus.com/descargas/elistara.asp
Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso[/quote]
saludos
ms, 3-6-2009
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Gracias mss Hotline,
Te comento que ya corri el ElistarA y te posteo lo que dice el INFOSAT.txt, despues de eso se reinicio y el programa ya no sale, pero sigo teniendo el problema del Internet Explorer, apenas lo abro en unos segundo empiezan a aparecer unos anuncios de error, "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience", y solo me deja apretar dos botones "Send Error Report y Don´t Sent". puedo hacer dos (2) cosas
1. Si apreto cualquiera d elos dos (2) botones se me cierra el Internet Explorer y todo
2. Si aparto el letrero puedo seguir trabajando, pero como cada 5 min siguen apareciendo hasta que todo me colapsa
Por otro lado te comento que vovi a correr el programita ese que les dije que descargue y ahora solo me salen,
4 Infecciones
1. Trojan-Downloader.AdpClient y se encuentra en Comsa32.sys
2. Trojan.Generic y se encuentra ne el Svchosts.exe
Un abrzxo y espero sus prontas respuesta
(3-6-2009 14:14:04)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Key Eliminada [WinLogon\Notify\TPHOTKEY] -> C:\WINDOWS\SYSTEM32\TPHKLOCK.DLL
Por favor, envienos una muestra del fichero
C:\Muestras\TESTABD.EXE.Muestra EliStartPage v18.73
a "virus@satinfo.es ". Gracias.
C:\PROGRAM FILES\THUNMAIL\TESTABD.EXE --> Eliminado
Por favor, envienos una muestra del fichero
C:\Muestras\TESTABD.DLL.Muestra EliStartPage v18.73
a "virus@satinfo.es ". Gracias.
C:\PROGRAM FILES\THUNMAIL\TESTABD.DLL --> Eliminado
Por favor, envienos una muestra del fichero
C:\Muestras\TRUJILLD.EXE.Muestra EliStartPage v18.73
a "virus@satinfo.es ". Gracias.
C:\DOCUMENTS AND SETTINGS\TRUJILLD\TRUJILLD.EXE --> Eliminado
C:\WINDOWS\SYSTEM32\TPHKLOCK.DLL --> Spy-Agent.KJ Renombrado a .VIR
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "svc"="C:\program Files\ThunMail\testabd.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Reinicie para Completar la Limpieza.
(3-6-2009 14:18:31)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
(3-6-2009 14:24:25)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
[WinLogon\Notify\JEUUVHBI]
Por favor, envienos el INFOSAT.TXT y una muestra del fichero
C:\WinLogon\JEUUVHBI.DLL
a "virus@satinfo.es ". Gracias.
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Eliminados Ficheros Temporales del IE
(3-6-2009 14:27:01)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Te comento que ya corri el ElistarA y te posteo lo que dice el INFOSAT.txt, despues de eso se reinicio y el programa ya no sale, pero sigo teniendo el problema del Internet Explorer, apenas lo abro en unos segundo empiezan a aparecer unos anuncios de error, "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience", y solo me deja apretar dos botones "Send Error Report y Don´t Sent". puedo hacer dos (2) cosas
1. Si apreto cualquiera d elos dos (2) botones se me cierra el Internet Explorer y todo
2. Si aparto el letrero puedo seguir trabajando, pero como cada 5 min siguen apareciendo hasta que todo me colapsa
Por otro lado te comento que vovi a correr el programita ese que les dije que descargue y ahora solo me salen,
4 Infecciones
1. Trojan-Downloader.AdpClient y se encuentra en Comsa32.sys
2. Trojan.Generic y se encuentra ne el Svchosts.exe
Un abrzxo y espero sus prontas respuesta
(3-6-2009 14:14:04)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Key Eliminada [WinLogon\Notify\TPHOTKEY] -> C:\WINDOWS\SYSTEM32\TPHKLOCK.DLL
Por favor, envienos una muestra del fichero
C:\Muestras\TESTABD.EXE.Muestra EliStartPage v18.73
a "
C:\PROGRAM FILES\THUNMAIL\TESTABD.EXE --> Eliminado
Por favor, envienos una muestra del fichero
C:\Muestras\TESTABD.DLL.Muestra EliStartPage v18.73
a "
C:\PROGRAM FILES\THUNMAIL\TESTABD.DLL --> Eliminado
Por favor, envienos una muestra del fichero
C:\Muestras\TRUJILLD.EXE.Muestra EliStartPage v18.73
a "
C:\DOCUMENTS AND SETTINGS\TRUJILLD\TRUJILLD.EXE --> Eliminado
C:\WINDOWS\SYSTEM32\TPHKLOCK.DLL --> Spy-Agent.KJ Renombrado a .VIR
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "svc"="C:\program Files\ThunMail\testabd.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Reinicie para Completar la Limpieza.
(3-6-2009 14:18:31)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
(3-6-2009 14:24:25)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
[WinLogon\Notify\JEUUVHBI]
Por favor, envienos el INFOSAT.TXT y una muestra del fichero
C:\WinLogon\JEUUVHBI.DLL
a "
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Eliminados Ficheros Temporales del IE
(3-6-2009 14:27:01)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Envía estas muestras:
Para ello recuerda:
https://foros.zonavirus.com/viewtopic.php?f=5&t=14253
Aparte entra en el Panel de control -> Opciones de Internet -> Opciones Avanzadas y le das al botón Restablecer.
Luego pruebas el Internet Explorer.
Salu2
[quote="Ginna Martinez"]C:\Muestras\TESTABD.EXE.Muestra EliStartPage v18.73
a "virus@satinfo.es ". Gracias.
C:\PROGRAM FILES\THUNMAIL\TESTABD.EXE --> Eliminado
Por favor, envienos una muestra del fichero
C:\Muestras\TESTABD.DLL.Muestra EliStartPage v18.73
a "virus@satinfo.es ". Gracias.
C:\PROGRAM FILES\THUNMAIL\TESTABD.DLL --> Eliminado
Por favor, envienos una muestra del fichero
C:\Muestras\TRUJILLD.EXE.Muestra EliStartPage v18.73
a "virus@satinfo.es ". Gracias.
Por favor, envienos el INFOSAT.TXT y una muestra del fichero
C:\WinLogon\JEUUVHBI.DLL
a "virus@satinfo.es ". Gracias[/quote]
Para ello recuerda:
Aparte entra en el Panel de control -> Opciones de Internet -> Opciones Avanzadas y le das al botón Restablecer.
Luego pruebas el Internet Explorer.
Salu2
Última edición por julibaga el 03 Jun 2009, 20:04, editado 2 veces en total.
Saludos.
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Ya se los envie,
Les comento tambien que yo tengo el antivirus TREND MICROtm Office Scan de la compañia donde trabajo y detecto 45 virus/malware por toda mi maquina y dice que se llama TROJ_RENOS.AWQ y hace referencia al archivo JEUUVHBI.dll, pero me dice que esta imposibilitado para limpiarlo
Espero que me puedan ayudar.
Un abrazo Ginna,
Ya se los envie,
Les comento tambien que yo tengo el antivirus TREND MICROtm Office Scan de la compañia donde trabajo y detecto 45 virus/malware por toda mi maquina y dice que se llama TROJ_RENOS.AWQ y hace referencia al archivo JEUUVHBI.dll, pero me dice que esta imposibilitado para limpiarlo
Espero que me puedan ayudar.
Un abrazo Ginna,
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Añádele la extensión .vir para "aparcarlo" hasta que lo analicen y los puedas eliminar con las utilerías satinfo.
Saludos.
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Listo, ya le agregue la extension .vir, les comento que reinicie la computadora y volvio a aparecer el fastidioso programa "MALWARE DOCTOR" y hice lo que me dijeron del Internet explorer funsiono por unos minutos y ya nuevamente esta saliendo el mensaje de Problemas en el Internet Explorer,
Un abrazo y espero sus comentarios.
nota: El email de los envie desde el correo <INTERCEPTADO>https://foros.zonavirus.com/viewtopic.php?f=1&t=17044
Espero sus comentarios
Ginna
Un abrazo y espero sus comentarios.
nota: El email de los envie desde el correo <INTERCEPTADO>
Espero sus comentarios
Ginna
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Recordar:
[b]¿Como enviar las muestras a zonavirus? - Para ello recordar[/b] :
https://foros.zonavirus.com/viewtopic.php?f=5&t=14253
Tras recibir los ficheros, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos
Tras recibir los ficheros, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Yo envie estos files a SATINFO y ellos me respondieron que habian actualizado el ELISTARA.exe y que lo descargar de su pagian WEB. Pero el problema es que para podrlo descargar desde ali pide User Name y Password, los cuales no tengo:(
Lo pero es que tengo tood el dia tratando de resolver el problema y no logro solucionarlo. La computadora esta muy muy lenta
Muchas gracias por todo y espero su pronta respuesta
Ginna:|
Yo envie estos files a SATINFO y ellos me respondieron que habian actualizado el ELISTARA.exe y que lo descargar de su pagian WEB. Pero el problema es que para podrlo descargar desde ali pide User Name y Password, los cuales no tengo
Lo pero es que tengo tood el dia tratando de resolver el problema y no logro solucionarlo. La computadora esta muy muy lenta
Muchas gracias por todo y espero su pronta respuesta
Ginna
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Saludos.
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigo,
Este no es el ultimo, ya lo pase y no funciono
:( :( :( :( :( :( :(
Este no es el ultimo, ya lo pase y no funciono
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Claro que es el último. Qué es lo que no te funcionó??
Saludos.
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
ejjejeje
No elimino lo que tenia principalmente que eliminar "MALWARE DOCTOR".. SIgue todavia alli duro y no se muere
Ginna
No elimino lo que tenia principalmente que eliminar "MALWARE DOCTOR".. SIgue todavia alli duro y no se muere
Ginna
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
En c:\Archivos de programa mira si tienes la carpeta Malware Doctor y elimínala.
Luego busca c:\Documents and Settings\All Users\Menú Inicio\Programas\Malware Doctor
y la eliminas también.
Posteriormente vas a Inicio -> Ejecutar y escribes "regedit" (sin comillas)
busca las siguientes claves y elimínalas.
HKEY_CURRENT_USER\Software\Malware Doctor
HKEY_CURRENT_USER\Software\Malware Doctor\AntiSpy Knight
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Alcmtr"
Ojo!! no toques nada más que lo que te indico. Fíjate bien!!!!
Luego reinicias y me cuentas.
Luego busca c:\Documents and Settings\All Users\Menú Inicio\Programas\Malware Doctor
y la eliminas también.
Posteriormente vas a Inicio -> Ejecutar y escribes "regedit" (sin comillas)
busca las siguientes claves y elimínalas.
HKEY_CURRENT_USER\Software\Malware Doctor
HKEY_CURRENT_USER\Software\Malware Doctor\AntiSpy Knight
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Doctor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Alcmtr"
Ojo!! no toques nada más que lo que te indico. Fíjate bien!!!!
Luego reinicias y me cuentas.
Saludos.
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
________________________
If it ain't broke, don't fix it. (Si no está roto, no lo arregles)
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Hay varias cosas a comentar:
La pagina dehttp://www.satinfo.es es para los usuarios con contrato de servicio tecnico de SATINFO, y las utilidades son exclusivas para ellos.
En este foro se ofrecen a titulo de evaluacion, algunas de ellas, para probarlas e informar del resultado, y cada día las actualizamos.
Descargue la actual versión del ELISTARA 18.74 y posteenos el infosat.txt resultante, gracias
saludos
ms, 4-6-2009
Ref VE/Ca+10.50-66.91
NOTA : Y muy importante, y que no ha hecho antes, es lo que indicamos[b][i][u]"Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso"[/u] [/i] [/b] Esto debe hacerse siempre, con un copiar y pegar de c:\infosat.txt tras probar cualquiera de dichas utilidades. ms.
La pagina de
En este foro se ofrecen a titulo de evaluacion, algunas de ellas, para probarlas e informar del resultado, y cada día las actualizamos.
Descargue la actual versión del ELISTARA 18.74 y posteenos el infosat.txt resultante, gracias
[quote="para DESCARGAR el ELISTARA, msc"]http://www.zonavirus.com/descargas/elistara.asp
Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso[/quote]
saludos
ms, 4-6-2009
Ref VE/Ca+10.50-66.91
NOTA : Y muy importante, y que no ha hecho antes, es lo que indicamos
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Abajo les respondo los puntos que tocaron, NOTA: SIGUE EL MALWARE DOCTOR--- EL CONDENADO NO SE MUERE
1. En c:\Archivos de programa - NO HAY NADA que diga MALWARE DOCTOR
2. En c:\Documents and Settings\All Users\Menú Inicio\Programas\Malware Doctor - NO HAY NADA que diga MALWARE DOCTOR
3. EL "Inicio -> Ejecutar y escribes "regedit" (sin comillas)" Regedit no se ejecuta y en verdad no se por que, debe ser el mismo MALWARE DOCTOR que no me lo permite ejecutar
4. Por otro lado volvi a descargar el ALISTAR y lo ejecute y no encontro nada, y abajo les poseteo el INFOSAT.TXT
Espero sus comentarios esto me esta volviendo loca.
Ginna, besos:wink: y gracias por todo
(3-6-2009 18:28:06)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Eliminados Ficheros Temporales del IE
(3-6-2009 18:29:59)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
(3-6-2009 18:53:19)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminados Ficheros Temporales del IE
(3-6-2009 18:54:33)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TESTABD.DLL.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, PWS-Wowpa(dll)
C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TESTABD.EXE.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, PWS-Wowpa
C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TRUJILLD.EXE.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, Trojan.Rabbit
(3-6-2009 18:56:02)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
(3-6-2009 18:56:41)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
(4-6-2009 12:23:39)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
(4-6-2009 12:25:00)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Abajo les respondo los puntos que tocaron, NOTA: SIGUE EL MALWARE DOCTOR--- EL CONDENADO NO SE MUERE
1. En c:\Archivos de programa - NO HAY NADA que diga MALWARE DOCTOR
2. En c:\Documents and Settings\All Users\Menú Inicio\Programas\Malware Doctor - NO HAY NADA que diga MALWARE DOCTOR
3. EL "Inicio -> Ejecutar y escribes "regedit" (sin comillas)" Regedit no se ejecuta y en verdad no se por que, debe ser el mismo MALWARE DOCTOR que no me lo permite ejecutar
4. Por otro lado volvi a descargar el ALISTAR y lo ejecute y no encontro nada, y abajo les poseteo el INFOSAT.TXT
Espero sus comentarios esto me esta volviendo loca.
Ginna, besos
(3-6-2009 18:28:06)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Eliminados Ficheros Temporales del IE
(3-6-2009 18:29:59)
EliStartPage v18.73 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
(3-6-2009 18:53:19)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminados Ficheros Temporales del IE
(3-6-2009 18:54:33)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TESTABD.DLL.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, PWS-Wowpa(dll)
C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TESTABD.EXE.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, PWS-Wowpa
C:\Documents and Settings\TRUJILLD\Desktop\Muestras\TRUJILLD.EXE.MUESTRA ELISTARTPAGE V18.73 --> Eliminado, Trojan.Rabbit
(3-6-2009 18:56:02)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
(3-6-2009 18:56:41)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
(4-6-2009 12:23:39)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Entrada Eliminada [HKCU\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKLM\...\Run] "Malware Doctor"="C:\Documents and Settings\LocalService\Application Data\1361538659.exe"
Entrada Eliminada [HKCU\...\Run] "Windows Video Drivers"="C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe"
Eliminada Clave "HKLM\...\Image File Execution Options\a2service.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcacheck.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\arcavir.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashdisp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashenhcd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ashupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\aswupdsv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\autoruns.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avadmin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avcls.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconfig.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avconsol.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avgrssvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avguard.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avmonitor.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.com"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avp32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz4.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\avz_se.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\bdinit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caav.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\caavguiscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\casecuritycenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccenter.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ccupdate.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cfpupdat.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\cmdagent.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwadins.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drweb32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\drwebupw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ekrn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fameh32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\filemon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpavserver.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpscan.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fpwin.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsgk32st.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\fsma32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\gfring3.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardgui.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxservice.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\guardxup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\hijackthis.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kasmain.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kastask.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kav32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavdx.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpf.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavpfw.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kavstart.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\kpfw32x.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapsvc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navapw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navigator.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navstub.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navw32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\navwnt.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\niu.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nod32krn.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\nvcc.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\ollydbg.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\outpost.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\preupd.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\procexp.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\pskdr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regedit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regmon.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\regtool.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\scan32.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\sffnup.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32arkit.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vba32ldr.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\vsserv.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zanda.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zapro.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zlh.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zonealarm.exe"
"Debugger"="NTSD -D"
Eliminada Clave "HKLM\...\Image File Execution Options\zoneband.dll"
"Debugger"="NTSD -D"
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
(4-6-2009 12:25:00)
EliStartPage v18.74 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 3 de Junio del 2009)
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Me acabo de dar cuneta que aparte del computador estar lento y ver el[b][i]b[/i] [/b] endito MALWARE SOFTWARE activandose y desactivandose, acabo de ver4 que el TASK MANAGER (Ctrl + Alt + Supr) el boton esta desactivado, al igual que no puedo accesar al REGEDIT
Esto ya yo no se que es, un VIRUS, TROJAN o Gusano, o todos juntos.
Espero su pronta ayuda, ya no se que hacer
:( :( :( :cry: :cry: :cry: :cry: :cry:
Chau
Me acabo de dar cuneta que aparte del computador estar lento y ver el
Esto ya yo no se que es, un VIRUS, TROJAN o Gusano, o todos juntos.
Espero su pronta ayuda, ya no se que hacer
Chau
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor v1.0"
Aclaro este es el MALWARE DOCTO V1.0, es diferente a uno anterior..... Este como que viene repotenciado y estado investigando, el mismo se empezo a reporstar a partir de la semana pasada.............
Espero su pronta ayuda
Ginna
Espero su pronta ayuda
Ginna
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Es una familia de Fake Alerts, de los que hay cientos y cada día aparecen mas de nuevos.
Los que no te detecte el ELISTARA, envianoslos para analizar, pero posiblemente ya te los pedirá en el infosat, sino, ya sabes...
saludos
ms, 4-6-2009
Los que no te detecte el ELISTARA, envianoslos para analizar, pero posiblemente ya te los pedirá en el infosat, sino, ya sabes...
saludos
ms, 4-6-2009
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
El ELISTRAA no detecta nada mas y los Spyware docts que tengo detenga ahora solamente el bloqueo del TaskManager pero no lo arreglan, No tengo nada mas para ayudarlos.
Este FAKE ALERTS como que es de los duros de Matar.
Un abrazo y quedare a la espera de sus comentarios mis amigos
:D
El ELISTRAA no detecta nada mas y los Spyware docts que tengo detenga ahora solamente el bloqueo del TaskManager pero no lo arreglan, No tengo nada mas para ayudarlos.
Este FAKE ALERTS como que es de los duros de Matar.
Un abrazo y quedare a la espera de sus comentarios mis amigos
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Pues arranca en modo seguro (pulsando repetidamente F8 al arrancar y seleccionando dicha opcion,) y vuelve a probar el SPROCES y postearnos de nuevo el log resultante, lo analizaremos a ver qué queda para obrar en consecuencia
saludos
ms, 4-6-2009
NOTA: Veo que no lo habias probado antes, pues mira esto :
[b]SPROCES[/b] (herramienta de investigación)
http://www.zonavirus.com/descargas/sproces.asp
Y tras pulsar en SALIR, posteanos el contenido del C:\SPROCLOG.TXT con un copiar y pegar
ms.
saludos
ms, 4-6-2009
NOTA: Veo que no lo habias probado antes, pues mira esto :
Y tras pulsar en SALIR, posteanos el contenido del C:\SPROCLOG.TXT con un copiar y pegar
ms.
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Bueno amigos,
Hice lo que ustedes me indicaron y aqui les posteo el C:\SPROCLOG.TXT, espero que esto les pueda ayudar a ayudarme con este gran problema que tengo
Apartando esto les comento que sigo corriendo el Spyware Doctor y sigue detectando lo siguiente
Trojan-Downloader.adpclient, Type medium y lo ubica en el siguiente archivo Comsa32.sys, voy a enviarcelo en un email a SATINFO a ver si eso les ayuda mis amigos
Espero su pronta respuesta:cry: :cry: :cry:
(4-6-2009 15:43:23 GMT)
SProces v3.8 (c)2009 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 3
Parche MS08-067 (Servicio Servidor) Instalado.
Internet Explorer: (v7.0.5730.13) 0
Nombre Equipo: EIMNET
Nombre Usuario: TRUJILLD
Procesos Activos:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
C:\DOCUMENTS AND SETTINGS\TRUJILLD\DESKTOP\SPROCES.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmcd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\1361538659.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\1361538659.exe
O4 - Startup: CCC.lnk
O4 - Startup: desktop.ini
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} -http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) -http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) -http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) -http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220638981956
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2) -http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444563540000} -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -http://getmail.eim-co.com/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -https://linksyssupport.webex.com/client/T26L/support/ieatgpc.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATIEXTEVENT - ATI2EVXX.DLL
O20 - Winlogon Notify: DIMSNTFY - %SYSTEMROOT%\SYSTEM32\DIMSNTFY.DLL
O20 - Winlogon Notify: JEUUVHBI - (no file)
O20 - Winlogon Notify: QCONGINA - QCONGINA.DLL
O20 - Winlogon Notify: WGALOGON - WGALOGON.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll
Información Adicional:
----------------------
Activada Restricción del Administador de Tareas.(DisableTaskMgr)
Listado de Servicios (Carga Automatica):
----------------------------------------
O23 - Service: AEGIS Protocol (IEEE 802.1x) v3.1.6.0 (AegisP) - Meetinghouse Data Communications - C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast!avscontrolservice - Unknown owner - C:\WINDOWS\System32\avast!AVSControlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
**O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: DLABOIOM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLABOIOM.SYS
O23 - Service: DLADResN - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLADResN.SYS
O23 - Service: DLAIFS_M - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAIFS_M.SYS
O23 - Service: DLAOPIOM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAOPIOM.SYS
O23 - Service: DLAPoolM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAPoolM.SYS
O23 - Service: DLAUDFAM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAUDFAM.SYS
O23 - Service: DLAUDF_M - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAUDF_M.SYS
O23 - Service: DRVNDDM - Sonic Solutions - C:\WINDOWS\SYSTEM32\Drivers\DRVNDDM.SYS
O23 - Service: IBM Access Support (EGATHDRV) - IBM Corporation - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fips32cup - Unknown owner - C:\WINDOWS\system32\drivers\fips32cup.sys
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ibmfilter - IBM - C:\WINDOWS\system32\drivers\ibmfilter.sys
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: mdmxsdk - Conexant - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: nicsk32 - Unknown owner - C:\WINDOWS\system32\drivers\nicsk32.sys
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\SYSTEM32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
**O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLAN Transport (s24trans) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: securentm - Unknown owner - C:\WINDOWS\system32\drivers\securentm.sys
O23 - Service: sopidkc Service (sopidkc) - Tin Working Group - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: tmcomm - Trend Micro Inc. - C:\WINDOWS\system32\drivers\tmcomm.sys
O23 - Service: Trend Micro Filter (TmFilter) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Trend Micro PreFilter (TmPreFilter) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\SYSTEM32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Trend Micro VSAPI NT (VSApiNt) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Wireless Zero Configuration WZCSVCtmlisten (wzcsvctmlisten) - Qncjvuu Manhycjkqyc - C:\WINDOWS\system32\3com_dmik.exe
Listado de Servicios (Carga Manual):
------------------------------------
O23 - Service: Intel(r) 82801 Audio Driver Install Service (WDM) (ac97intc) - Intel Corporation - C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys
O23 - Service: aeaudio - Andrea Electronics Corporation - C:\WINDOWS\SYSTEM32\drivers\aeaudio.sys
O23 - Service: ati2mtag - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
O23 - Service: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys
O23 - Service: CmdIde - CMD Technology, Inc. - C:\WINDOWS\system32\DRIVERS\cmdide.sys
**O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel(R) PRO Adapter Driver (E100B) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys
O23 - Service: GEAR ASPI Filter Driver (GEARAspiWDM) - GEAR Software Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
O23 - Service: IEEE-1284.4 Driver HPZid412 (HPZid412) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
O23 - Service: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
O23 - Service: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
O23 - Service: HSFHWICH - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys
O23 - Service: HSF_DPV - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys
O23 - Service: IBMPMDRV - Lenovo. - C:\WINDOWS\SYSTEM32\DRIVERS\ibmpmdrv.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor OneTouch Security Driver (MXOPSWD) - Maxtor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NSC Infrared Device Driver (NSCIRDA) - National Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nscirda.sys
O23 - Service: nv - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
O23 - Service: PCDRNDISUIO Usermode I/O Protocol (PcdrNdisuio) - Windows (R) 2000 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\pcdrndisuio.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PNDIS5 NDIS Protocol Driver (PNDIS5) - Unknown owner - D:\PNDIS5.SYS (file missing)
O23 - Service: Lenovo Parties Service Access Device Driver (psadd) - Lenovo (United States) Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\psadd.sys
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Direct Parallel Link Driver (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys
O23 - Service: QCNDISIF - IBM Corporation. - C:\WINDOWS\SYSTEM32\drivers\qcndisif.SYS
O23 - Service: RIM Virtual Serial Port (RimSerPort) - Research in Motion Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
O23 - Service: BlackBerry Smartphone (RimUsb) - Unknown owner - C:\WINDOWS\SYSTEM32\Drivers\RimUsb.sys (file missing)
O23 - Service: RIM Virtual Serial Port v2 (RimVSerPort) - Research in Motion Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
O23 - Service: smwdm - Analog Devices, Inc. - C:\WINDOWS\SYSTEM32\drivers\smwdm.sys
O23 - Service: Synaptics TouchPad Driver (SynTP) - Synaptics, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys
*O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)
O23 - Service: Trend Micro Common Firewall Service (tmcfw) - Trend Micro Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\TM_CFW.sys
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TPInput - Lenovo, Ltd. and IBM Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\TPInput.sys
O23 - Service: Winbond Trusted Platform Module (TPM) - Winbond Electronics Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\tpm.sys
O23 - Service: NSC Integrated Trusted Platform Module 1.1 (TPM11) - National Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\nsctpm11.sys
O23 - Service: Conexant Setup API (UIUSys) - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\UIUSys.sys (file missing)
O23 - Service: Apple Mobile USB Driver (USBAAPL) - Apple, Inc. - C:\WINDOWS\SYSTEM32\Drivers\usbaapl.sys
O23 - Service: Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP (w29n51) - Intel® Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys
O23 - Service: winachsf - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
Listado de Servicios (Deshabilitados):
--------------------------------------
O23 - Service: AliIde - Acer Laboratories Inc. - C:\WINDOWS\system32\DRIVERS\aliide.sys
O23 - Service: AMD AGP Bus Filter Driver (amdagp) - Advanced Micro Devices, Inc. - C:\WINDOWS\system32\DRIVERS\amdagp.sys
O23 - Service: asc - Advanced System Products, Inc. - C:\WINDOWS\system32\DRIVERS\asc.sys
O23 - Service: asc3550 - Advanced System Products, Inc. - C:\WINDOWS\system32\DRIVERS\asc3550.sys
O23 - Service: avast!antivirus - Unknown owner - (file missing)
O23 - Service: dac2w2k - Mylex Corporation - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys
O23 - Service: mraid35x - American Megatrends Inc. - C:\WINDOWS\system32\DRIVERS\mraid35x.sys
O23 - Service: ql1080 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql1080.sys
O23 - Service: ql12160 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql12160.sys
O23 - Service: ql1280 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql1280.sys
O23 - Service: SIS AGP Bus Filter (sisagp) - Silicon Integrated Systems Corporation - C:\WINDOWS\system32\DRIVERS\sisagp.sys
O23 - Service: Sparrow - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\sparrow.sys
O23 - Service: symc810 - Symbios Logic Inc. - C:\WINDOWS\system32\DRIVERS\symc810.sys
O23 - Service: symc8xx - LSI Logic - C:\WINDOWS\system32\DRIVERS\symc8xx.sys
O23 - Service: sym_hi - LSI Logic - C:\WINDOWS\system32\DRIVERS\sym_hi.sys
O23 - Service: sym_u3 - LSI Logic - C:\WINDOWS\system32\DRIVERS\sym_u3.sys
O23 - Service: ultra - Promise Technology, Inc. - C:\WINDOWS\system32\DRIVERS\ultra.sys
114 Servicios.
52 de Carga Automatica.
44 de Carga Manual.
18 Deshabilitados.
Hice lo que ustedes me indicaron y aqui les posteo el C:\SPROCLOG.TXT, espero que esto les pueda ayudar a ayudarme con este gran problema que tengo
Apartando esto les comento que sigo corriendo el Spyware Doctor y sigue detectando lo siguiente
Trojan-Downloader.adpclient, Type medium y lo ubica en el siguiente archivo Comsa32.sys, voy a enviarcelo en un email a SATINFO a ver si eso les ayuda mis amigos
Espero su pronta respuesta
(4-6-2009 15:43:23 GMT)
SProces v3.8 (c)2009 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 3
Parche MS08-067 (Servicio Servidor) Instalado.
Internet Explorer: (v7.0.5730.13) 0
Nombre Equipo: EIMNET
Nombre Usuario: TRUJILLD
Procesos Activos:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
C:\DOCUMENTS AND SETTINGS\TRUJILLD\DESKTOP\SPROCES.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmcd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\1361538659.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\1361538659.exe
O4 - Startup: CCC.lnk
O4 - Startup: desktop.ini
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} -
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) -
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444563540000} -
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATIEXTEVENT - ATI2EVXX.DLL
O20 - Winlogon Notify: DIMSNTFY - %SYSTEMROOT%\SYSTEM32\DIMSNTFY.DLL
O20 - Winlogon Notify: JEUUVHBI - (no file)
O20 - Winlogon Notify: QCONGINA - QCONGINA.DLL
O20 - Winlogon Notify: WGALOGON - WGALOGON.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll
Información Adicional:
----------------------
Activada Restricción del Administador de Tareas.(DisableTaskMgr)
Listado de Servicios (Carga Automatica):
----------------------------------------
O23 - Service: AEGIS Protocol (IEEE 802.1x) v3.1.6.0 (AegisP) - Meetinghouse Data Communications - C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast!avscontrolservice - Unknown owner - C:\WINDOWS\System32\avast!AVSControlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
**O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: DLABOIOM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLABOIOM.SYS
O23 - Service: DLADResN - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLADResN.SYS
O23 - Service: DLAIFS_M - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAIFS_M.SYS
O23 - Service: DLAOPIOM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAOPIOM.SYS
O23 - Service: DLAPoolM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAPoolM.SYS
O23 - Service: DLAUDFAM - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAUDFAM.SYS
O23 - Service: DLAUDF_M - Sonic Solutions - C:\WINDOWS\SYSTEM32\DLA\DLAUDF_M.SYS
O23 - Service: DRVNDDM - Sonic Solutions - C:\WINDOWS\SYSTEM32\Drivers\DRVNDDM.SYS
O23 - Service: IBM Access Support (EGATHDRV) - IBM Corporation - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fips32cup - Unknown owner - C:\WINDOWS\system32\drivers\fips32cup.sys
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ibmfilter - IBM - C:\WINDOWS\system32\drivers\ibmfilter.sys
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: mdmxsdk - Conexant - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: nicsk32 - Unknown owner - C:\WINDOWS\system32\drivers\nicsk32.sys
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\SYSTEM32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
**O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLAN Transport (s24trans) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: securentm - Unknown owner - C:\WINDOWS\system32\drivers\securentm.sys
O23 - Service: sopidkc Service (sopidkc) - Tin Working Group - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: tmcomm - Trend Micro Inc. - C:\WINDOWS\system32\drivers\tmcomm.sys
O23 - Service: Trend Micro Filter (TmFilter) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Trend Micro PreFilter (TmPreFilter) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\SYSTEM32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Trend Micro VSAPI NT (VSApiNt) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Wireless Zero Configuration WZCSVCtmlisten (wzcsvctmlisten) - Qncjvuu Manhycjkqyc - C:\WINDOWS\system32\3com_dmik.exe
Listado de Servicios (Carga Manual):
------------------------------------
O23 - Service: Intel(r) 82801 Audio Driver Install Service (WDM) (ac97intc) - Intel Corporation - C:\WINDOWS\SYSTEM32\drivers\ac97intc.sys
O23 - Service: aeaudio - Andrea Electronics Corporation - C:\WINDOWS\SYSTEM32\drivers\aeaudio.sys
O23 - Service: ati2mtag - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
O23 - Service: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys
O23 - Service: CmdIde - CMD Technology, Inc. - C:\WINDOWS\system32\DRIVERS\cmdide.sys
**O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Intel(R) PRO Adapter Driver (E100B) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys
O23 - Service: GEAR ASPI Filter Driver (GEARAspiWDM) - GEAR Software Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
O23 - Service: IEEE-1284.4 Driver HPZid412 (HPZid412) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
O23 - Service: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
O23 - Service: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - HP - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
O23 - Service: HSFHWICH - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys
O23 - Service: HSF_DPV - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys
O23 - Service: IBMPMDRV - Lenovo. - C:\WINDOWS\SYSTEM32\DRIVERS\ibmpmdrv.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor OneTouch Security Driver (MXOPSWD) - Maxtor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NSC Infrared Device Driver (NSCIRDA) - National Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nscirda.sys
O23 - Service: nv - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
O23 - Service: PCDRNDISUIO Usermode I/O Protocol (PcdrNdisuio) - Windows (R) 2000 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\pcdrndisuio.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PNDIS5 NDIS Protocol Driver (PNDIS5) - Unknown owner - D:\PNDIS5.SYS (file missing)
O23 - Service: Lenovo Parties Service Access Device Driver (psadd) - Lenovo (United States) Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\psadd.sys
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Direct Parallel Link Driver (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys
O23 - Service: QCNDISIF - IBM Corporation. - C:\WINDOWS\SYSTEM32\drivers\qcndisif.SYS
O23 - Service: RIM Virtual Serial Port (RimSerPort) - Research in Motion Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
O23 - Service: BlackBerry Smartphone (RimUsb) - Unknown owner - C:\WINDOWS\SYSTEM32\Drivers\RimUsb.sys (file missing)
O23 - Service: RIM Virtual Serial Port v2 (RimVSerPort) - Research in Motion Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
O23 - Service: smwdm - Analog Devices, Inc. - C:\WINDOWS\SYSTEM32\drivers\smwdm.sys
O23 - Service: Synaptics TouchPad Driver (SynTP) - Synaptics, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys
*O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)
O23 - Service: Trend Micro Common Firewall Service (tmcfw) - Trend Micro Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\TM_CFW.sys
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: TPInput - Lenovo, Ltd. and IBM Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\TPInput.sys
O23 - Service: Winbond Trusted Platform Module (TPM) - Winbond Electronics Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\tpm.sys
O23 - Service: NSC Integrated Trusted Platform Module 1.1 (TPM11) - National Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\nsctpm11.sys
O23 - Service: Conexant Setup API (UIUSys) - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\UIUSys.sys (file missing)
O23 - Service: Apple Mobile USB Driver (USBAAPL) - Apple, Inc. - C:\WINDOWS\SYSTEM32\Drivers\usbaapl.sys
O23 - Service: Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP (w29n51) - Intel® Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys
O23 - Service: winachsf - Conexant Systems, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
Listado de Servicios (Deshabilitados):
--------------------------------------
O23 - Service: AliIde - Acer Laboratories Inc. - C:\WINDOWS\system32\DRIVERS\aliide.sys
O23 - Service: AMD AGP Bus Filter Driver (amdagp) - Advanced Micro Devices, Inc. - C:\WINDOWS\system32\DRIVERS\amdagp.sys
O23 - Service: asc - Advanced System Products, Inc. - C:\WINDOWS\system32\DRIVERS\asc.sys
O23 - Service: asc3550 - Advanced System Products, Inc. - C:\WINDOWS\system32\DRIVERS\asc3550.sys
O23 - Service: avast!antivirus - Unknown owner - (file missing)
O23 - Service: dac2w2k - Mylex Corporation - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys
O23 - Service: mraid35x - American Megatrends Inc. - C:\WINDOWS\system32\DRIVERS\mraid35x.sys
O23 - Service: ql1080 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql1080.sys
O23 - Service: ql12160 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql12160.sys
O23 - Service: ql1280 - QLogic Corporation - C:\WINDOWS\system32\DRIVERS\ql1280.sys
O23 - Service: SIS AGP Bus Filter (sisagp) - Silicon Integrated Systems Corporation - C:\WINDOWS\system32\DRIVERS\sisagp.sys
O23 - Service: Sparrow - Adaptec, Inc. - C:\WINDOWS\system32\DRIVERS\sparrow.sys
O23 - Service: symc810 - Symbios Logic Inc. - C:\WINDOWS\system32\DRIVERS\symc810.sys
O23 - Service: symc8xx - LSI Logic - C:\WINDOWS\system32\DRIVERS\symc8xx.sys
O23 - Service: sym_hi - LSI Logic - C:\WINDOWS\system32\DRIVERS\sym_hi.sys
O23 - Service: sym_u3 - LSI Logic - C:\WINDOWS\system32\DRIVERS\sym_u3.sys
O23 - Service: ultra - Promise Technology, Inc. - C:\WINDOWS\system32\DRIVERS\ultra.sys
114 Servicios.
52 de Carga Automatica.
44 de Carga Manual.
18 Deshabilitados.
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Sí, claro, este fichero es sospechoso, lo analizaremos e informaremos
y del log posteado, vemos este sospechoso:
jbnmcd.dll
que quizas está en C:\windows\system32\, sino buesquelo con Inicio -> Buscar y envienoslo tambien, con estos otros:
C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe
(muevalo primero a C:\muestras con el ELIMOVER, marcando la casilla de añadir .VIR al original)
y envienos tambien:
C:\Documents and Settings\LocalService\Application Data\1361538659.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\drivers\fips32cup.sys
C:\WINDOWS\system32\drivers\securentm.sys
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
>[b]ENVIO DE MUESTRAS Y
ELIMINACION DE CLAVES - Para ello recordar[/b] :
https://foros.zonavirus.com/viewtopic.php?f=5&t=14253
Tras recibirlos, los analizaremos e implementaremos su control y eliminacion,
si procede, en nuestras utilidades, de lo cual informaremos
saludos
ms, 4-6-2009
y del log posteado, vemos este sospechoso:
jbnmcd.dll
que quizas está en C:\windows\system32\, sino buesquelo con Inicio -> Buscar y envienoslo tambien, con estos otros:
C:\RECYCLER\S-1-5-21-8660541763-0095361018-301810344-4613\winlogon.exe
(muevalo primero a C:\muestras con el ELIMOVER, marcando la casilla de añadir .VIR al original)
y envienos tambien:
C:\Documents and Settings\LocalService\Application Data\1361538659.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\drivers\fips32cup.sys
C:\WINDOWS\system32\drivers\securentm.sys
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys
>
ELIMINACION DE CLAVES - Para ello recordar
Tras recibirlos, los analizaremos e implementaremos su control y eliminacion,
si procede, en nuestras utilidades, de lo cual informaremos
saludos
ms, 4-6-2009
[quote="Descarga de ELIMOVER:"]http://www.zonavirus.com/descargas/elimover.asp [/quote]
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Ya envie las muestras, un saludo y gracias por toda su ayuda
Ginna Besos:D :D :D
Ya envie las muestras, un saludo y gracias por toda su ayuda
Ginna Besos
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
En cuanto el lunes nos reincorporemos al trabajo en SATINFO, los analizaremos y obraremos en consecuencia, de lo cual le informaremos
Mientras, puede añadir .VIR a la extension de dichos ficheros para que no se pongan en uso a partir del proximo reinicio, y si con alguno no hace falta, ya lo veremos y lo restableceremos a su extension original
saludos
ms, 5-6-2009.
Mientras, puede añadir .VIR a la extension de dichos ficheros para que no se pongan en uso a partir del proximo reinicio, y si con alguno no hace falta, ya lo veremos y lo restableceremos a su extension original
saludos
ms, 5-6-2009.
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Estoy a la espera impaciente de su respuesta y solución, un abrazo
Ginna,:wink: :wink:
Estoy a la espera impaciente de su respuesta y solución, un abrazo
Ginna,
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Estamos en ello, son varios ficheros que vamos "colando" entre las muestras de clientes, y esperamos que con el ELISTARA 18.77 de esta tarde, ya se controlarán todos, rootkit, fraudtool malware doctor, ad clicker, trojan agent, downloaders, etc.
Cuando subamos la utilidad en cuestión ya informaremos.
saludos.
ms, 8-6-2009
Cuando subamos la utilidad en cuestión ya informaremos.
saludos.
ms, 8-6-2009
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
- Mensajes: 20
- Registrado: 13 Oct 2006, 17:13
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Amigos,
Muchas gracias por el nuevo ELISTARA , lo descargue hace unos momentos y elimino varias cosas y pareciera que deje de tener el probglema, pero todavia el Spyware Doctor que tengo sigue detectando un TROJAN-Downloader.Adpclient en el archivo comsa32.sys de C:\WINDOWS\SYSTEM32
Nota. Este Spyware Doctor lo detecta lo elimina y al rato vuelve a aparecer, asi sucesivamente, no se si es bueno o malo pero creo que esta muestra los puede ayudar
Les estoy enviando la muestra
Un abrazo besos y muchas gracias
Ginna
Muchas gracias por el nuevo ELISTARA , lo descargue hace unos momentos y elimino varias cosas y pareciera que deje de tener el probglema, pero todavia el Spyware Doctor que tengo sigue detectando un TROJAN-Downloader.Adpclient en el archivo comsa32.sys de C:\WINDOWS\SYSTEM32
Nota. Este Spyware Doctor lo detecta lo elimina y al rato vuelve a aparecer, asi sucesivamente, no se si es bueno o malo pero creo que esta muestra los puede ayudar
Les estoy enviando la muestra
Un abrazo besos y muchas gracias
Ginna
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Re: "Malware Doctor" & "Adpclient" & "svchosts" Trojans
Pues analizaremos la muestra y la pasaremos a controlar, pero si dice que tras eliminarlo vuelve a aparecer, igual hay un dropper o un downloader que lo regenera o un rootkit que lo oculta. Por si acasno pruebe de eliminarlo arrancando en modo seguro y nos comenta el resultado, a ver si asi se elimina del todo...
saludos
ms, 9-6-2009
saludos
ms, 9-6-2009
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online