Fallo al instalar el Active Virus Shield
Fallo al instalar el Active Virus Shield
He descargado al active virus shield pero al intentar ejecutarlo me dice que me ponga en contacto con el proveedor de la aplicacion para ver si es un paquete valido para windows installer y no me permite instalarlo, me podeis dar alguna pista de por que ocurre, saludos y gracias. :?: :?: :?:
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Me imagino que te refieres al Kaspersky de AOL...
Pues primero mira que no tengas algun virus en el ordenador, causa evidente para que tengas problemas al queder instalar un antivirus.
Prueba estos AV ONLINE:
[url=https://www.eset.es/analisis-online/][b][color=Darknesred]Antivirus ONLINE aconsejado[/color] [/b] [/url]
y una manera facil y rapida de saber si se tiene virus en memoria es lanzar este escaneo ONLINE que tarda menos de 1 minuto:
testeo ONLINE de virus en memoria
[url=https://www.pandasecurity.com/spain/homeusers/solutions/online-antivirus/][b][color=Darknesred]testeo ONLINE de virus en memoria[/color] [/b] [/url]
y nos comentas el resultado, gracias
saludos
ms, 17-07-2007
Pues primero mira que no tengas algun virus en el ordenador, causa evidente para que tengas problemas al queder instalar un antivirus.
Prueba estos AV ONLINE:
y una manera facil y rapida de saber si se tiene virus en memoria es lanzar este escaneo ONLINE que tarda menos de 1 minuto:
testeo ONLINE de virus en memoria
y nos comentas el resultado, gracias
saludos
ms, 17-07-2007
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
SI quieres posteanos log del HJT a ver si vemos algo raro..., aunque no sea virico
[b]
[color=yellow]HJT : (HiJackThis)[/color] [/b]
[i]¿Como utilizar el Hijackthis ?[/i]
Lo primero que debemos hacer es descargarlo en nuestro ordenador y ubicarlo en una carpeta propia C:\HijackThis\
Ejecútarlo y presionar el botón "[b]Do a system scan and save a logfile[/b]
Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta de este Tema
·[url=http://www.zonavirus.com/descargas/trendmicro-hijackthis.asp][b]Descargar Hijackthis[/b] [/url]
Tras analizarlo, informaremos
saludos
ms, 19-07-2007
[i]¿Como utilizar el Hijackthis ?
Lo primero que debemos hacer es descargarlo en nuestro ordenador y ubicarlo en una carpeta propia C:\HijackThis\
Ejecútarlo y presionar el botón "
Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta de este Tema
·
Tras analizarlo, informaremos
saludos
ms, 19-07-2007
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
He echo un examen con el kaspersky on line y este es el resultado:
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 19, 2007 10:12:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/07/2007
Kaspersky Anti-Virus database records: 365133
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 177502
Number of viruses found: 16
Number of infected objects: 41
Number of suspicious objects: 0
Duration of the scan process: 04:54:23
Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked skipped
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked skipped
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked skipped
C:\Archivos de programa\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Archivos de programa\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Archivos de programa\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows Defender\Support\MPLog-06252007-111016.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Technisat\DVB-PC TV Stars\EPG.ldb Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Technisat\DVB-PC TV Stars\EPG.MDB Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Datos de programa\Microsoft\Windows Defender\FileTracker\{AD22A843-A3B3-499F-9276-5726D645481B} Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET1.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET2.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET7E96.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET8CA0.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Curro Jiménez\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP137\change.log Object is locked skipped
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP41\A0004960.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005279.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\hiberfil.sys Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP137\change.log Object is locked skipped
D:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094531.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
D:\Windows\CSC\v2.0.6\pq Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005280.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
E:\Temp\001.part Object is locked skipped
E:\Temp\002.part Object is locked skipped
E:\Temp\004.part Object is locked skipped
E:\Temp\005.part Object is locked skipped
E:\Temp\006.part Object is locked skipped
E:\Temp\007.part Object is locked skipped
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe/WISE0039.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
F:\Archivo6\Vicen.zip ZIP: infected - 2 skipped
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar/erdc_with_serial__tested_/erdc_with_serial_[tested]/ErrorDoctorSetup.exe Infected: not-a-virus:FraudTool.Win32.ErrorDoctor.a skipped
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar RAR: infected - 1 skipped
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE Gentee: infected - 2 skipped
F:\mesias7\Mesias.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
F:\mesias7\SYSTEM\MENSAJES.INI Infected: Backdoor.IRC.Zapchast skipped
F:\NINIOS\Curro\psv6\psv6\Ps_V6\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
F:\NINIOS\Curro\psv6\psv6.zip/Ps_V6/mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
F:\NINIOS\Curro\psv6\psv6.zip ZIP: infected - 1 skipped
F:\NINIOS\Vicen\AGSetup0608.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
F:\NINIOS\Vicen\AGSetup0608.exe Vise: infected - 1 skipped
F:\NINIOS\Vicen\Documentos\setupx5.exe/mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
F:\NINIOS\Vicen\Documentos\setupx5.exe/portscan.exe Infected: not-a-virus:NetTool.Win32.Scan.12 skipped
F:\NINIOS\Vicen\Documentos\setupx5.exe CreateInstall: infected - 2 skipped
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\eDonkey0.44.exe NSIS: infected - 3 skipped
F:\NINIOS\Vicen\overnet0.46.exe/data0072/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
F:\NINIOS\Vicen\overnet0.46.exe/data0072/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\overnet0.46.exe/data0072 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\overnet0.46.exe NSIS: infected - 3 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP91\A0010849.exe Infected: Trojan.Win32.Autoit.ac skipped
F:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094528.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
F:\Util\Software\RadMin 3.0\RAD30\Famatech.Radmin.Server.3.0.Trial.Stop.and.Tray.Icon.Remove\R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped
F:\Util\VISTA\WVF.Business.Activation.Tool.Genuine.CD-Key\Vista_kms_activation_tool.exe Object is locked skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
Scan process completed.
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 19, 2007 10:12:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/07/2007
Kaspersky Anti-Virus database records: 365133
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 177502
Number of viruses found: 16
Number of infected objects: 41
Number of suspicious objects: 0
Duration of the scan process: 04:54:23
Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked skipped
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked skipped
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked skipped
C:\Archivos de programa\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Archivos de programa\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Archivos de programa\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows Defender\Support\MPLog-06252007-111016.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Technisat\DVB-PC TV Stars\EPG.ldb Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Technisat\DVB-PC TV Stars\EPG.MDB Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Datos de programa\Microsoft\Windows Defender\FileTracker\{AD22A843-A3B3-499F-9276-5726D645481B} Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET1.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET2.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET7E96.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Configuración local\Temp\JET8CA0.tmp Object is locked skipped
C:\Documents and Settings\Curro Jiménez\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Curro Jiménez\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Curro Jiménez\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP137\change.log Object is locked skipped
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP41\A0004960.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005279.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\hiberfil.sys Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP137\change.log Object is locked skipped
D:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094531.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
D:\Windows\CSC\v2.0.6\pq Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005280.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
E:\Temp\001.part Object is locked skipped
E:\Temp\002.part Object is locked skipped
E:\Temp\004.part Object is locked skipped
E:\Temp\005.part Object is locked skipped
E:\Temp\006.part Object is locked skipped
E:\Temp\007.part Object is locked skipped
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe/WISE0039.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
F:\Archivo6\Vicen.zip ZIP: infected - 2 skipped
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar/erdc_with_serial__tested_/erdc_with_serial_[tested]/ErrorDoctorSetup.exe Infected: not-a-virus:FraudTool.Win32.ErrorDoctor.a skipped
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar RAR: infected - 1 skipped
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE Gentee: infected - 2 skipped
F:\mesias7\Mesias.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
F:\mesias7\SYSTEM\MENSAJES.INI Infected: Backdoor.IRC.Zapchast skipped
F:\NINIOS\Curro\psv6\psv6\Ps_V6\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
F:\NINIOS\Curro\psv6\psv6.zip/Ps_V6/mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
F:\NINIOS\Curro\psv6\psv6.zip ZIP: infected - 1 skipped
F:\NINIOS\Vicen\AGSetup0608.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
F:\NINIOS\Vicen\AGSetup0608.exe Vise: infected - 1 skipped
F:\NINIOS\Vicen\Documentos\setupx5.exe/mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
F:\NINIOS\Vicen\Documentos\setupx5.exe/portscan.exe Infected: not-a-virus:NetTool.Win32.Scan.12 skipped
F:\NINIOS\Vicen\Documentos\setupx5.exe CreateInstall: infected - 2 skipped
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\eDonkey0.44.exe NSIS: infected - 3 skipped
F:\NINIOS\Vicen\overnet0.46.exe/data0072/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
F:\NINIOS\Vicen\overnet0.46.exe/data0072/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\overnet0.46.exe/data0072 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
F:\NINIOS\Vicen\overnet0.46.exe NSIS: infected - 3 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP91\A0010849.exe Infected: Trojan.Win32.Autoit.ac skipped
F:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094528.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
F:\Util\Software\RadMin 3.0\RAD30\Famatech.Radmin.Server.3.0.Trial.Stop.and.Tray.Icon.Remove\R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped
F:\Util\VISTA\WVF.Business.Activation.Tool.Genuine.CD-Key\Vista_kms_activation_tool.exe Object is locked skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\Util\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
Scan process completed.
Les mando el log del hijackthis, gracias por su atencion
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:02, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\The Cleaner\tca.exe
C:\Archivos de programa\The Cleaner\tcm.exe
C:\Archivos de programa\Razer\Diamondback\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
C:\Archivos de programa\Razer\Diamondback\razertra.exe
C:\Archivos de programa\Razer\Diamondback\razerofa.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\ESET\nod32kui.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [tcactive] C:\Archivos de programa\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Archivos de programa\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Archivos de programa\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Archivos de programa\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\RunOnce: [gi466851724] "C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\gi3330T8.exe" /resume:"C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\2M332PG0" /exename:"F:\CURRO-JIMENEZ\Criptologia\firmware\PCsat\Elecard_MPEG-2_V-3\EMPG2_Dec_Strm_Pack\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328.exe"
O4 - HKCU\..\RunOnce: [gi1471824114] "C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\gi333TN3.exe" /resume:"C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\2M333OEH" /exename:"F:\CURRO-JIMENEZ\Criptologia\firmware\PCsat\Elecard_MPEG-2_V-3\EMPG2_Dec_Strm_Pack\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328.exe"
O4 - HKCU\..\RunOnce: [gi2095567630] "C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\gi335LMD.exe" /resume:"C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\2M335GF8" /exename:"F:\CURRO-JIMENEZ\Criptologia\firmware\PCsat\Elecard_MPEG-2_V-3\EMPG2_Dec_Strm_Pack\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Server4PC.lnk = C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182688369102
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182751802000
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{032A537D-F1DF-437E-981A-64D88BD00FC8}: NameServer = 194.224.52.36,194.224.52.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{032A537D-F1DF-437E-981A-64D88BD00FC8}: NameServer = 194.224.52.36,194.224.52.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{032A537D-F1DF-437E-981A-64D88BD00FC8}: NameServer = 194.224.52.36,194.224.52.37
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Archivos de programa\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 8251 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:02, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\The Cleaner\tca.exe
C:\Archivos de programa\The Cleaner\tcm.exe
C:\Archivos de programa\Razer\Diamondback\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
C:\Archivos de programa\Razer\Diamondback\razertra.exe
C:\Archivos de programa\Razer\Diamondback\razerofa.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\ESET\nod32kui.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [tcactive] C:\Archivos de programa\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Archivos de programa\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Archivos de programa\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Archivos de programa\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\RunOnce: [gi466851724] "C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\gi3330T8.exe" /resume:"C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\2M332PG0" /exename:"F:\CURRO-JIMENEZ\Criptologia\firmware\PCsat\Elecard_MPEG-2_V-3\EMPG2_Dec_Strm_Pack\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328.exe"
O4 - HKCU\..\RunOnce: [gi1471824114] "C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\gi333TN3.exe" /resume:"C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\2M333OEH" /exename:"F:\CURRO-JIMENEZ\Criptologia\firmware\PCsat\Elecard_MPEG-2_V-3\EMPG2_Dec_Strm_Pack\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328.exe"
O4 - HKCU\..\RunOnce: [gi2095567630] "C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\gi335LMD.exe" /resume:"C:\DOCUME~1\CURROJ~1\CONFIG~1\Temp\2M335GF8" /exename:"F:\CURRO-JIMENEZ\Criptologia\firmware\PCsat\Elecard_MPEG-2_V-3\EMPG2_Dec_Strm_Pack\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.70328.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Server4PC.lnk = C:\Archivos de programa\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{032A537D-F1DF-437E-981A-64D88BD00FC8}: NameServer = 194.224.52.36,194.224.52.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{032A537D-F1DF-437E-981A-64D88BD00FC8}: NameServer = 194.224.52.36,194.224.52.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{032A537D-F1DF-437E-981A-64D88BD00FC8}: NameServer = 194.224.52.36,194.224.52.37
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Archivos de programa\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Archivos de programa\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 8251 bytes
-
msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Pue elimina estas claves:
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
->[b] Para ello recordar[/b] https://foros.zonavirus.com/viewtopic.php?f=2&t=45334
Por otro lado, visto lo indicado por el ONLINE de Kaspersky, que no limpia lo detectado ... vamos a hacer limpieza:
Envianos estos ficheros para analizar:
C:\Archivos de programa\RealVNC\VNC4\vncconfig.exe
C:\Archivos de programa\RealVNC\VNC4\winvnc4.exe
C:\Archivos de programa\RealVNC\VNC4\wm_hooks.dll
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP41\A0004960.exe
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005279.exe
D:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094531.exe
E:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005280.exe
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe/WISE0039.BIN
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe
F:\Archivo6\Vicen.zip
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar/erdc_with_serial__tested_/erdc_with_serial_[tested]/ErrorDoctorSetup.exe
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/raddrv.dll
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/r_server.exe
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE Gentee
F:\mesias7\Mesias.exe
F:\mesias7\SYSTEM\MENSAJES.INI
F:\NINIOS\Curro\psv6\psv6\Ps_V6\mirc32.exe
F:\NINIOS\Curro\psv\psv6.zip/Ps_V6/mirc32.exe
F:\NINIOS\Curro\psv6\psv6.zip
F:\NINIOS\Vicen\AGSetup0608.exe/fsg-ag.exe
F:\NINIOS\Vicen\AGSetup0608.exe
F:\NINIOS\Vicen\Documentos\setupx5.exe/mirc32.exe
F:\NINIOS\Vicen\Documentos\setupx5.exe/portscan.exe
F:\NINIOS\Vicen\Documentos\setupx5.exe CreateInstall
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/UCMIE.DLL
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/IUCMORE.DLL
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076
F:\NINIOS\Vicen\eDonkey0.44.exe NSIS:
F:\NINIOS\Vicen\overnet0.46.exe/data0072/UCMIE.DLL
F:\NINIOS\Vicen\overnet0.46.exe/data0072/IUCMORE.DLL
F:\NINIOS\Vicen\overnet0.46.exe/data0072
F:\NINIOS\Vicen\overnet0.46.exe NSIS:
F:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP91\A0010849.exe
F:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094528.exe
F:\Util\Software\RadMin 3.0\RAD30\Famatech.Radmin.Server.3.0.Trial.Stop.and.Tray.Icon.Remove\R3GOD.DLL
F:\Util\vnc-4_1_2-x86_win32.exe/file1
F:\Util\vnc-4_1_2-x86_win32.exe/file2
F:\Util\vnc-4_1_2-x86_win32.exe/file3
F:\Util\vnc-4_1_2-x86_win32.exe/file5
F:\Util\vnc-4_1_2-x86_win32.exe
Para ello arranca en modo seguro, desactiva la restauracion de sistema y ve copiando todos estos ficheros a una carpeta especial, en la cual a continuacion empaquetes todos los ficheros cpon pasword VIRUS , y envias el ZIP o RAR anaexado a un mail azonavirus@satinfo.es indicando como referencia tu nick en el foro
Tras analizarlos, implementaremos su control y eliminacion en nuestras utilidades, de lo cual informaremos
saludos
ms, 20-07-2007
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
->
Por otro lado, visto lo indicado por el ONLINE de Kaspersky, que no limpia lo detectado ... vamos a hacer limpieza:
Envianos estos ficheros para analizar:
C:\Archivos de programa\RealVNC\VNC4\vncconfig.exe
C:\Archivos de programa\RealVNC\VNC4\winvnc4.exe
C:\Archivos de programa\RealVNC\VNC4\wm_hooks.dll
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP41\A0004960.exe
C:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005279.exe
D:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094531.exe
E:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP43\A0005280.exe
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe/WISE0039.BIN
F:\Archivo6\Vicen.zip/Vicen/BSINSTALLES.exe
F:\Archivo6\Vicen.zip
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar/erdc_with_serial__tested_/erdc_with_serial_[tested]/ErrorDoctorSetup.exe
F:\CURRO-JIMENEZ\Linpiar registro\erdc.rar
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/raddrv.dll
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE/r_server.exe
F:\Kit2\Remote Administrator (Radmin) 2.2 + serial + manual + tools\Remote Administrator (Radmin) 2.2\RADMIN22.EXE Gentee
F:\mesias7\Mesias.exe
F:\mesias7\SYSTEM\MENSAJES.INI
F:\NINIOS\Curro\psv6\psv6\Ps_V6\mirc32.exe
F:\NINIOS\Curro\psv\psv6.zip/Ps_V6/mirc32.exe
F:\NINIOS\Curro\psv6\psv6.zip
F:\NINIOS\Vicen\AGSetup0608.exe/fsg-ag.exe
F:\NINIOS\Vicen\AGSetup0608.exe
F:\NINIOS\Vicen\Documentos\setupx5.exe/mirc32.exe
F:\NINIOS\Vicen\Documentos\setupx5.exe/portscan.exe
F:\NINIOS\Vicen\Documentos\setupx5.exe CreateInstall
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/UCMIE.DLL
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076/IUCMORE.DLL
F:\NINIOS\Vicen\eDonkey0.44.exe/data0076
F:\NINIOS\Vicen\eDonkey0.44.exe NSIS:
F:\NINIOS\Vicen\overnet0.46.exe/data0072/UCMIE.DLL
F:\NINIOS\Vicen\overnet0.46.exe/data0072/IUCMORE.DLL
F:\NINIOS\Vicen\overnet0.46.exe/data0072
F:\NINIOS\Vicen\overnet0.46.exe NSIS:
F:\System Volume Information\_restore{95F4B782-7B0D-4B42-BF3E-351192D58D91}\RP91\A0010849.exe
F:\System Volume Information\_restore{9A8CE9D7-2AF9-4F37-A1AB-441B39396D46}\RP503\A0094528.exe
F:\Util\Software\RadMin 3.0\RAD30\Famatech.Radmin.Server.3.0.Trial.Stop.and.Tray.Icon.Remove\R3GOD.DLL
F:\Util\vnc-4_1_2-x86_win32.exe/file1
F:\Util\vnc-4_1_2-x86_win32.exe/file2
F:\Util\vnc-4_1_2-x86_win32.exe/file3
F:\Util\vnc-4_1_2-x86_win32.exe/file5
F:\Util\vnc-4_1_2-x86_win32.exe
Para ello arranca en modo seguro, desactiva la restauracion de sistema y ve copiando todos estos ficheros a una carpeta especial, en la cual a continuacion empaquetes todos los ficheros cpon pasword VIRUS , y envias el ZIP o RAR anaexado a un mail a
Tras analizarlos, implementaremos su control y eliminacion en nuestras utilidades, de lo cual informaremos
saludos
ms, 20-07-2007
msc hotline sat Virus Research Engineer Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online