Ordenador demasiado lento

[shawn_akk]

Hola hacia mucho q no recurria a ustedes,pero como siempre q me pasa algo recurro aca

hoy no va a ser la exepcion.



El ordenador me anda muy lento le pase un anti spyware (msn cleaner)

y me detecto un solo spyware. y cuando lo scaneo con el nod32.

me aparece un lista larga y sospechosa de cosas en azul que dicen "El archivo no puede ser abierto"

,los problemas son lentitud extrema tengo 1gb25 de ram y 512 de placa de video y me anda terriblemente mal

el msn se me cierra solo ya no se que hacer :(



asi que recurro, y confio en que ustedes me puedan ayudar,

desde ya,como siempre, muchisimas gracias



Juan Cruz-Argentina

[msc hotline sat]

Desactiva la restauracion de sistema, luego arranca en modo seguro y lanza tu NOD32, y si algo no puedes eliminar, nos envias muestra, la analizaremos y, si procede, implementaremos su control y eliminacion en nuestras utilidades, de lo cual informaremos



saludos



ms, 16-12-2008

[shawn_akk]

mas explicitamente los pasos para hacer eso?

si es mucha molestia, le paso el hjt, y les envio el log y se fijan







muchisimas gracias

se agradece eternamente su buena onda

[julibaga]

Lo que sale en azul suelen ser archivos de sistema que están en uso.
De todas formas, aparte de lo que te sugiere msc, bájate el Elistara y el Elitriip y postea el log.

http://www.zonavirus.com/descargas/elistara.asp
http://www.zonavirus.com/descargas/elitriip.asp

Desactivar Restaurar Sistema= Botón derecho sobre MiPc -> Propiedades -> Restaurar Sistema
Marca la casilla Desactivar Restaurar Sistema
Salu2

[msc hotline sat]

Gracias julibaga !



Sí, windows no deja eliminar los ficheros que tiene en uso, por ello decimos lo de arrancar en modo seguro



Y como que probablemente se hayan hecho copias en el SYSTEM VOLUME INFORMATION/RESTORE, carpeta inaccesible normalmente que guarda ficheros para restaurarlos si se accede a traves de restaurar el sistema a un punto de restauracion, para eliminar los que haya alli se debe desactivar la restauracion de sistema y arrancando en modo seguro el antivirus ya puede acceder a ella y eliminarlos si procede.



Confio que lo realizará sin problemas.



saludos



ms, 16-12-2008

[shawn_akk]

Wed Dec 17 02:10:49 2008

EliStartPage v17.63 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 16 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek

Entrada Eliminada [HKLM\...\Run] "Alcmtr"="ALCMTR.EXE"

Eliminada Class, "{183643C8-EE67-4574-9A38-927852E34163}" -> NULL1

Eliminada Class, "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" -> C:\ARCHIV~1\Crawler\Toolbar\ctbr.dll

Eliminada Class, "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" -> C:\ARCHIV~1\Crawler\Toolbar\ctbr.dll

Eliminada Class, "{4D25FB7A-8902-4291-960E-9ADA051CFBBF}" -> C:\ARCHIV~1\Crawler\Toolbar\ctbr.dll

Eliminada Class, "{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}" -> NULL1

Eliminada Class, "{86A44EF7-78FC-4E18-A564-B18F806F7F56}" -> C:\Archivos de programa\ActivationManager\ActivationManager.dll

Eliminada Class, "{8736C681-37A0-40C6-A0F0-4C083409151C}" -> NULL1

No detectado SP3 de Windows XP

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



Wed Dec 17 02:13:50 2008

EliStartPage v17.63 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 16 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\Digital Guitar Tuner\DGT.EXE --> Eliminado, Spy.Banker.FJB

C:\Archivos de programa\Realtek\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek

C:\WINDOWS\system32\CMDLINEEXT03.DLL --> Acceso Denegado, Spy-CmdLineExt (Reiniciar para Completar la Limpieza)



Nº Total de Directorios: 3761

Nº Total de Ficheros: 60812

Nº de Ficheros Analizados: 10125

Nº de Ficheros Infectados: 3

Nº de Ficheros Limpiados: 2









Sigue andando mal :(

[msc hotline sat]

No está mal lo que has hecho, pero cuentanos si hiciste ademas lo que deciamos inciialmente:

Desactiva la restauración de sistema, luego arranca en modo seguro y lanza tu NOD32, y si algo no puedes eliminar, nos envías muestra, la analizaremos y, si procede, implementaremos su control y eliminacion en nuestras utilidades, de lo cual informaremos

saludos

ms, 17-12-2008

[shawn_akk]

Hice todos los pasos y sigue andando igual, directamente en modo seguro no me deja arrancarla,

desactive la restauracion y todo como me dijeron

pase el elistara y el elitrip pero sigue andando lenta,

Se me cuelga mucho un ej,

un programa para mixear temas,

q hace 4 dias me andaba a la perfeccion

ahora anda terriblemente mal

se me cuelga demasiado y asi conlas demas cosas



muchas gracias

[msc hotline sat]

Pues veamos si tienes algo que pueda colisionar o que sospechemos pueda tratarse de nuevo malware no controlado:

Descarga el SPROCES y pruebalo:
SPROCES (herramienta de investigación)
http://www.zonavirus.com/descargas/sproces.asp


Y tras pulsar en SALIR, posteanos el contenido del C:\SPROCLOG.TXT con un copiar y pegar

saludos

ms, 17-12-2008

[shawn_akk]

Wed Dec 17 15:52:04 2008
SProces v3.3 (c)2008 S.G.H. / Satinfo S.L.
-------------------------------------------
Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2
Internet Explorer: (v6.0.2900.2180) ;SP2;
Nombre Equipo: SHAWN
Nombre Usuario: shawn_akk

Procesos Activos:

Código: Seleccionar todo

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\ARCHIVOS DE PROGRAMA\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
E:\ALCOHOL120_1.9.7.6022_RETAIL_INCL_KEY\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE
C:\ARCHIVOS DE PROGRAMA\ESET\NOD32KUI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\ARCHIVOS DE PROGRAMA\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\WINDOWS LIVE\MESSENGER\USNSVC.EXE
C:\ARCHIVOS DE PROGRAMA\WINAMP\WINAMP.EXE
C:\ARCHIVOS DE PROGRAMA\MOZILLA FIREFOX 3 BETA 5\FIREFOX.EXE
E:\PHOTO\SPROCES.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: Hook de búsqueda de direcciones URL de Microsoft - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\System32\shdocvw.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\flash\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\flash\getflash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Alcohol120_1.9.7.6022_Retail_Incl_Key\Alcohol 120\axcmd.exe" /automount
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [Flashget] "E:\flash\FlashGet.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Download All with FlashGet - E:\flash\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\flash\jc_link.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\flash\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/ar/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WGALOGON - (no file)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\System32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Precargador Browseui - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demonio de caché de las categorías de componente - %SystemRoot%\System32\browseui.dll

Información Adicional:
----------------------

Listado de Servicios (Carga Automatica):
----------------------------------------
O23 - Service: AMON - Eset  - C:\WINDOWS\system32\drivers\amon.sys
**O23 - Service: Iniciador de procesos de servidor DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)
O23 - Service: EAMON (eamon) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: npkcrypt - Unknown owner - E:\games\system\npkcrypt.sys (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
**O23 - Service: Llamada a procedimiento remoto(RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)
O23 - Service: Secdrv - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Alcohol120_1.9.7.6022_Retail_Incl_Key\Alcohol 120\StarWind\StarWindServiceAE.exe

Listado de Servicios (Carga Manual):
------------------------------------
O23 - Service: C-Media WDM Audio Interface (cmuda) - C-Media Inc - C:\WINDOWS\SYSTEM32\drivers\cmuda.sys
**O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Microsoft Corp., VERITAS Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Controlador para NT del adaptador Fast Ethernet VIA PCI 10/100Mb (FETNDIS) - VIA Technologies, Inc.               - C:\WINDOWS\SYSTEM32\DRIVERS\fetnd5.sys
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - Windows (R) Server 2003 DDK provider - C:\WINDOWS\SYSTEM32\DRIVERS\HDAudBus.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RtkHDAud.sys
O23 - Service: Sony Ericsson K310 Driver driver (WDM) (k310bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k310bus.sys
O23 - Service: Sony Ericsson K310 USB WMC Modem Filter (k310mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k310mdfl.sys
O23 - Service: Sony Ericsson K310 USB WMC Modem Driver (k310mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k310mdm.sys
O23 - Service: Sony Ericsson K310 USB WMC Device Management Drivers (WDM) (k310mgmt) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k310mgmt.sys
O23 - Service: Sony Ericsson K310 USB WMC OBEX Interface (k310obex) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\k310obex.sys
O23 - Service: nv - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
O23 - Service: Controlador de vínculo paralelo directo (Ptilink) - Parallel Technologies, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys
O23 - Service: S3Psddr - S3 Graphics, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys
O23 - Service: S3SavageNB - S3 Graphics, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys
O23 - Service: SAMSUNG Mobile USB Device 1.0 driver (WDM) (ss_bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\ss_bus.sys
O23 - Service: SAMSUNG Mobile USB Modem 1.0 Filter (ss_mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\ss_mdfl.sys
O23 - Service: SAMSUNG Mobile USB Modem 1.0 Drivers (ss_mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\ss_mdm.sys
*O23 - Service: Servicios de Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost -k DComLaunch (file missing)
O23 - Service: Vinyl Sensaura WDM 3D Audio Driver (VIASens) - Sensaura Ltd - C:\WINDOWS\SYSTEM32\drivers\viasens.sys
O23 - Service: Vinyl AC'97 Audio Controller (WDM) (VIAudio) - VIA Technologies, Inc. - C:\WINDOWS\SYSTEM32\drivers\viaudios.sys
O23 - Service: Sony Ericsson W200 driver (WDM) (w200bus) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w200bus.sys
O23 - Service: Sony Ericsson W200 USB WMC Modem Filter (w200mdfl) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w200mdfl.sys
O23 - Service: Sony Ericsson W200 USB WMC Modem Driver (w200mdm) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w200mdm.sys
O23 - Service: Sony Ericsson W200 USB WMC Device Management Drivers (WDM) (w200mgmt) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w200mgmt.sys
O23 - Service: Sony Ericsson W200 USB WMC OBEX Interface (w200obex) - MCCI - C:\WINDOWS\SYSTEM32\DRIVERS\w200obex.sys
O23 - Service: XDva032 - Unknown owner - C:\WINDOWS\system32\XDva032.sys (file missing)

Listado de Servicios (Deshabilitados):
--------------------------------------
**O23 - Service: dmboot - Microsoft Corp., Veritas Software - C:\WINDOWS\SYSTEM32\drivers\dmboot.sys

 38 Servicios.
  9 de Carga Automatica.
 28 de Carga Manual.
  1 Deshabilitados.

Ahi esta el log, muchas gracias

[msc hotline sat]

Y como vas por internet aun sin el SP3 !!!

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2

Internet Explorer: (v6.0.2900.2180) ;SP2;


Venga, lanza un widnowsupdate e instala el SP3 y posteriores, especialmente el MS08-067 que tanto avisamos en Octubre y el de mañana, el MS08-078 para el peligroso nuevo agujero

Y ademas de la seguridad, las 1073 mejoras que implementa el SP3 sobre el SP2 aumentan las prestaciones en un 10 % comprobado, y te quejas de lentitud...

Aparte, si aun con ello no va todo lo rapido que debería, lanza este AV ONLINE y posteanos el informe resultante:

Kaspersky Security Scan

NOTA: Y escojer la opcion de MIPC para escanearlo todo. Dicho AV ONLINE no limpia, solo testea, asi que lo que pretendemos con ello es solo el informe, ya obraremos en consecuencia. ms.

NOTA: Parece ser que ultimamente este link da LICENCIA CADUCADA, probar este otro:

http://www.kaspersky.com/kos/english/kavwebscan.html

y seleccionar MY COMPUTER. Si no se tiene la version de Java actualizada, a la izquierda de la ventana que presenta dicho acceso, ofrecen link de descarga...

saludos

ms, 17-12-2008

[shawn_akk]

ahi estoy instalando las actualizaciones de windows...

cuando termine, les aviso y vemos q hacemos



muchas gracias

[msc hotline sat]

Pues como que ya me voy, recuerda lo que te he dicho, si no te parece lo sucientemente rapido, lanza el AV ONLINE indicado y posteanos el informe resultante. Siempre ven mas 4 ojos que 2, y aunque el NOD32 no es malo, ninguno lo detecta todo, ni el kaspersky tampoco, pero a veces entre uno y otro y el de mas allá, porque luego nos quedarían los Rootkits, para lo que lanzariamos el ROotKitDetective y nos posterias el resultado, claro ...

MCAFEE ROOTKITDETECTIBE (Acceso al link de descarga)
http://www.zonavirus.com/descargas/mcaf ... ective.asp

y adios, que ya hace casi una hora que ha cerrado SATINFO y estamos solo 4 gatos, los "currantes" de siempre...

Quizas en casa podré ver lo que has dicho a continuacion

saludos

ms, 17-12-2008

[msc hotline sat]

Pues me he pasado por tu Tema, a ver si habias dicho algo mas, pero veo que aun estas en ello ... :roll:



Pues hasta mañana, si pegas los informes cuando termines, veras mi analisis cuando despiertes :wink:



saludos



ms, 17-12-2008

[shawn_akk]

con el karpesky no me deja sacar el log...

:S:S:S

y con el rookit no se como...





perdon por mi ignorancia :(

[shawn_akk]

ahii taa

el del rookit



sorryyy









McAfee(R) Rootkit Detective 1.1 scan report

On 18-12-2008 at 14:41:09

OS-Version 5.1.2600

Service Pack 3.0

====================================



Object-Type: SSDT-hook

Object-Name: ZwClose

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwCreateKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwCreatePagingFile

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwEnumerateKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwEnumerateValueKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwOpenKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwQueryKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwQueryValueKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwSetSystemPowerState

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwSetValueKey

Object-Path: \SystemRoot\System32\drivers\spcv.sys



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_POWER

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_READ

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE

Object-Path:



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04v.sys

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-key

Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: khjeh

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: hj34z0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: a0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: p0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: s1

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: s2

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: g0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000001ontrolSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-key

Object-Name: 0Jf40M\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: khjeh

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: hj34z0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: a0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: p0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: s1

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: s2

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: g0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-key

Object-Name: DataEM\ControlSet002\Services\sptd\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data

Status: Hidden



Object-Type: Registry-key

Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Status: Hidden



Object-Type: Registry-key

Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}

Status: Hidden



Object-Type: Registry-value

Object-Name: Item Data

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}

Status: Hidden



Object-Type: Registry-value

Object-Name: Display String

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Status: Hidden



Object-Type: Registry-value

Object-Name: Display String

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Status: Hidden



Object-Type: Registry-key

Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2

Status: Hidden



Object-Type: Registry-key

Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows

Status: Hidden



Object-Type: Registry-value

Object-Name: Value

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows

Status: Hidden



Object-Type: Process

Object-Name: RTHDCPL.exe

Pid: 2572

Object-Path: C:\windows\RTHDCPL.EXE

Status: Visible



Object-Type: Process

Object-Name: System Idle Process

Pid: 0

Object-Path:

Status: Visible



Object-Type: Process

Object-Name: smss.exe

Pid: 468

Object-Path: C:\windows\System32\smss.exe

Status: Visible



Object-Type: Process

Object-Name: services.exe

Pid: 592

Object-Path: C:\windows\system32\services.exe

Status: Visible



Object-Type: Process

Object-Name: usnsvc.exe

Pid: 1492

Object-Path: C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe

Status: Visible



Object-Type: Process

Object-Name: System

Pid: 4

Object-Path:

Status: Visible



Object-Type: Process

Object-Name: WgaTray.exe

Pid: 720

Object-Path: C:\windows\system32\WgaTray.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 1000

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: nvsvc32.exe

Pid: 1468

Object-Path: C:\windows\system32\nvsvc32.exe

Status: Visible



Object-Type: Process

Object-Name: firefox.exe

Pid: 2772

Object-Path: C:\Archivos de programa\Mozilla Firefox 3 Beta 5\firefox.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 912

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 820

Object-Path: C:\windows\system32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: Rootkit_Detecti

Pid: 3828

Object-Path: E:\photo\Rootkit_Detective.exe

Status: Visible



Object-Type: Process

Object-Name: lsass.exe

Pid: 604

Object-Path: C:\windows\system32\lsass.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 1100

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: TraktorDJStudio

Pid: 2960

Object-Path: E:\Mis documentos\Traktor3\TraktorDJStudio3.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 760

Object-Path: C:\windows\system32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: alg.exe

Pid: 388

Object-Path: C:\windows\System32\alg.exe

Status: Visible



Object-Type: Process

Object-Name: ctfmon.exe

Pid: 2652

Object-Path: C:\windows\system32\ctfmon.exe

Status: Visible



Object-Type: Process

Object-Name: winlogon.exe

Pid: 548

Object-Path: C:\windows\system32\winlogon.exe

Status: Visible



Object-Type: Process

Object-Name: mdm.exe

Pid: 1416

Object-Path: C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

Status: Visible



Object-Type: Process

Object-Name: nod32krn.exe

Pid: 1448

Object-Path: C:\Archivos de programa\Eset\nod32krn.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 1572

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: realsched.exe

Pid: 2440

Object-Path: C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

Status: Visible



Object-Type: Process

Object-Name: wdfmgr.exe

Pid: 1604

Object-Path: C:\WINDOWS\system32\wdfmgr.exe

Status: Visible



Object-Type: Process

Object-Name: msnmsgr.exe

Pid: 3960

Object-Path: C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe

Status: Visible



Object-Type: Process

Object-Name: StarWindService

Pid: 1512

Object-Path: E:\Alcohol120_1.9.7.6022_Retail_Incl_Key\Alcohol 120\StarWind\StarWindServiceAE.exe

Status: Visible



Object-Type: Process

Object-Name: explorer.exe

Pid: 768

Object-Path: C:\windows\Explorer.EXE

Status: Visible



Object-Type: Process

Object-Name: winamp.exe

Pid: 3280

Object-Path: C:\Archivos de programa\Winamp\winamp.exe

Status: Visible



Object-Type: Process

Object-Name: nod32kui.exe

Pid: 2476

Object-Path: C:\Archivos de programa\Eset\nod32kui.exe

Status: Visible



Object-Type: Process

Object-Name: winampa.exe

Pid: 2600

Object-Path: C:\Archivos de programa\Winamp\winampa.exe

Status: Visible



Object-Type: Process

Object-Name: csrss.exe

Pid: 524

Object-Path: C:\windows\system32\csrss.exe

Status: Visible



Object-Type: Process

Object-Name: spoolsv.exe

Pid: 1176

Object-Path: C:\windows\system32\spoolsv.exe

Status: Visible



Scan complete. Hidden registry keys/values: 58

McAfee(R) Rootkit Detective 1.1 scan report

On 18-12-2008 at 14:46:03

OS-Version 5.1.2600

Service Pack 3.0

====================================



Object-Type: SSDT-hook

Object-Name: ZwClose

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwCreateKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwCreatePagingFile

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwEnumerateKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwEnumerateValueKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwOpenKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwQueryKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwQueryValueKey

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwSetSystemPowerState

Object-Path: C:\WINDOWS\system32\drivers\d347bus.sys



Object-Type: SSDT-hook

Object-Name: ZwSetValueKey

Object-Path: \SystemRoot\System32\drivers\spcv.sys



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_POWER

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_READ

Object-Path:



Object-Type: IRP-hook

Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE

Object-Path:



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04v.sys

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-key

Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: khjeh

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: hj34z0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: a0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: p0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: s1

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: s2

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: g0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000001ontrolSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000001ontrolSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-key

Object-Name: 0Jf40M\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: khjeh

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: hj34z0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\d347prt\Cfg\0Jf40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Unable to access registry key



Object-Type: Registry-key

Object-Name: jdgg40\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Status: Hidden



Object-Type: Registry-key

Object-Name: jdgg41\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: (Default)

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Unable to access registry key



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41

Status: Hidden



Object-Type: Registry-value

Object-Name: a0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Status: Hidden



Object-Type: Registry-value

Object-Name: p0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: ujdew

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Status: Hidden



Object-Type: Registry-value

Object-Name: s1

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: s2

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: g0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-value

Object-Name: h0

Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg

Status: Hidden



Object-Type: Registry-key

Object-Name: DataEM\ControlSet002\Services\sptd\Cfg

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data

Status: Hidden



Object-Type: Registry-key

Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Status: Hidden



Object-Type: Registry-key

Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Status: Hidden



Object-Type: Registry-key

Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}

Status: Hidden



Object-Type: Registry-value

Object-Name: Item Data

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}

Status: Hidden



Object-Type: Registry-value

Object-Name: Display String

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000

Status: Hidden



Object-Type: Registry-value

Object-Name: Display String

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Status: Hidden



Object-Type: Registry-key

Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2

Status: Hidden



Object-Type: Registry-key

Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows

Status: Hidden



Object-Type: Registry-value

Object-Name: Value

Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows

Status: Hidden



Object-Type: Process

Object-Name: RTHDCPL.exe

Pid: 2572

Object-Path: C:\windows\RTHDCPL.EXE

Status: Visible



Object-Type: Process

Object-Name: System Idle Process

Pid: 0

Object-Path:

Status: Visible



Object-Type: Process

Object-Name: services.exe

Pid: 592

Object-Path: C:\windows\system32\services.exe

Status: Visible



Object-Type: Process

Object-Name: smss.exe

Pid: 468

Object-Path: C:\windows\System32\smss.exe

Status: Visible



Object-Type: Process

Object-Name: usnsvc.exe

Pid: 1492

Object-Path: C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe

Status: Visible



Object-Type: Process

Object-Name: System

Pid: 4

Object-Path:

Status: Visible



Object-Type: Process

Object-Name: WgaTray.exe

Pid: 720

Object-Path: C:\windows\system32\WgaTray.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 1000

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: nvsvc32.exe

Pid: 1468

Object-Path: C:\windows\system32\nvsvc32.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 912

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: firefox.exe

Pid: 2772

Object-Path: C:\Archivos de programa\Mozilla Firefox 3 Beta 5\firefox.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 820

Object-Path: C:\windows\system32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: lsass.exe

Pid: 604

Object-Path: C:\windows\system32\lsass.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 1100

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: Rootkit_Detecti

Pid: 3828

Object-Path: E:\photo\Rootkit_Detective.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 760

Object-Path: C:\windows\system32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: alg.exe

Pid: 388

Object-Path: C:\windows\System32\alg.exe

Status: Visible



Object-Type: Process

Object-Name: ctfmon.exe

Pid: 2652

Object-Path: C:\windows\system32\ctfmon.exe

Status: Visible



Object-Type: Process

Object-Name: mdm.exe

Pid: 1416

Object-Path: C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

Status: Visible



Object-Type: Process

Object-Name: winlogon.exe

Pid: 548

Object-Path: C:\windows\system32\winlogon.exe

Status: Visible



Object-Type: Process

Object-Name: nod32krn.exe

Pid: 1448

Object-Path: C:\Archivos de programa\Eset\nod32krn.exe

Status: Visible



Object-Type: Process

Object-Name: svchost.exe

Pid: 1572

Object-Path: C:\windows\System32\svchost.exe

Status: Visible



Object-Type: Process

Object-Name: realsched.exe

Pid: 2440

Object-Path: C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

Status: Visible



Object-Type: Process

Object-Name: wdfmgr.exe

Pid: 1604

Object-Path: C:\WINDOWS\system32\wdfmgr.exe

Status: Visible



Object-Type: Process

Object-Name: msnmsgr.exe

Pid: 3960

Object-Path: C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe

Status: Visible



Object-Type: Process

Object-Name: StarWindService

Pid: 1512

Object-Path: E:\Alcohol120_1.9.7.6022_Retail_Incl_Key\Alcohol 120\StarWind\StarWindServiceAE.exe

Status: Visible



Object-Type: Process

Object-Name: explorer.exe

Pid: 768

Object-Path: C:\windows\Explorer.EXE

Status: Visible



Object-Type: Process

Object-Name: winamp.exe

Pid: 3280

Object-Path: C:\Archivos de programa\Winamp\winamp.exe

Status: Visible



Object-Type: Process

Object-Name: nod32kui.exe

Pid: 2476

Object-Path: C:\Archivos de programa\Eset\nod32kui.exe

Status: Visible



Object-Type: Process

Object-Name: winampa.exe

Pid: 2600

Object-Path: C:\Archivos de programa\Winamp\winampa.exe

Status: Visible



Object-Type: Process

Object-Name: csrss.exe

Pid: 524

Object-Path: C:\windows\system32\csrss.exe

Status: Visible



Object-Type: Process

Object-Name: spoolsv.exe

Pid: 1176

Object-Path: C:\windows\system32\spoolsv.exe

Status: Visible



Scan complete. Hidden registry keys/values: 58

[msc hotline sat]

No hay ficheros procesandose en tareas ocultas, colo claves:



[b][i]Scan complete. Hidden registry keys/values: 58[/i][/b]



Por tanto no parece que haya RootKits...





Solo falta el informe del AV ONLINE para descartar que sea debido a virus conocido.



Otra cuestion es que elimine temprales de windows y de internet, reduzca ventanas abiertas innecesarias, y si adolece de poca memoria (no sé si es el caso), ampliela a 1 o 2 GB si no los hay ya, por ejemplo...



Y nos comenta elr esultado, gracias



saludos



ms, 18-12-2008

[shawn_akk]

tengo 1 gb 25 de ram,

y la pc me sigue andando lenta...

no se que hacer ya,



ahora voy a intentar de nuevo el analisis del kapersky haber q dice y aver si puedo sacar el log

muchas gracias

[shawn_akk]

Aca esta el log del kaspersky al fin lo pude hacer andar

(Y)





--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, December 18, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, December 18, 2008 15:31:18

Records in database: 1476913

--------------------------------------------------------------------------------



Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes



Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

H:\

I:\



Scan statistics:

Files scanned: 81995

Threat name: 3

Infected objects: 3

Suspicious objects: 0

Duration of the scan: 01:03:26





File name / Threat name / Threats count

C:\Archivos de programa\ESET\infected\XJTEP3CA.NQF Infected: Trojan-GameThief.Win32.WOW.ask 1

C:\WINDOWS\boot.Vwin Infected: Backdoor.Win32.ControlTotal.aj 1

E:\Mis documentos\Guitarra\DGT230.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1



The selected area was scanned.









Muchas gracias...



Espero tu respuesta...

[lucl]

Estos dos



C:\WINDOWS\boot.Vwin Infected: Backdoor.Win32.ControlTotal.aj 1

E:\Mis documentos\Guitarra\DGT230.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1





renombralos a .VIR cambiales la extension final con el boton derecho del raton y envianoslos para analizarlos y darte la herramienta necesaria saludos





https://foros.zonavirus.com/viewtopic.php?f=2&t=45334

[shawn_akk]

mas precisamente como se hace, por q el link ese no anda :S





Gracias

[shawn_akk]

Not Found

The requested URL /envio-de-muestras-de-virus-a-satinfo-t14253.html was not found on this server.



Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/1.3.36 Server at foros.zonavirus.com Port 80





; (

[julibaga]

Prueba este:



https://foros.zonavirus.com/viewtopic.php?f=5&t=14253



Salu2

[msc hotline sat]

gracias julibaga !



Aviso a lucl en privado que revise su link



saludos



ms, 19-12-2008

[lucl]

Tranquilos que ya se lo que pasa le envio respuesta en mp a Msc saludos

[msc hotline sat]

enterado, pues mientras usa este https://foros.zonavirus.com/viewtopic.php?f=5&t=14253





ms.

[shawn_akk]

C:\WINDOWS\boot.Vwin Infected: Backdoor.Win32.ControlTotal.aj<- este es el q desaparecio, de x si el ordenador sigue lento, se que tengo un virus o algo bastante grave..



les estoy enviando dgt .muestra x mail,

el otro cuando le fui a cambiar el nombre,

desaparecio de la carpeta de windows,

cuando le cambia la extension a .VIR

se me abrio el nod

y me dijo "codigo malicioso detectado"

puede ser q lo haya eliminado. o no?

[flacoroo]

bajate estos archivos, deshabilitas restaurar sistemas, los ejecutas y cuando diga explorar le das click; hasta que termine; despues nos pegas el resultado de C:infosat.txt (si no puedes ejecutarlos en forma normal hazlo reiniciando tu compu en modo seguro)



[url=http://www.zonavirus.com/descargas/elistara.asp]Descargar Elistara[/url]

[url=http://www.zonavirus.com/descargas/elinotif.asp]Descargar Elinotiff[/url] (complemento del elistara, no se ejecuta pero deben estar en la misma carpeta)

[msc hotline sat]

Y por lo que dices, ademas de lo que indica flacoroo, pruebalo arrancado en modo segurp



saludos



ms, 19-12-2008

[shawn_akk]

Wed Dec 17 02:26:45 2008

EliStartPage v17.63 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 16 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado SP3 de Windows XP

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



Wed Dec 17 02:28:20 2008

EliTriIP v5.38 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 16 de Diciembre del 2008)

---------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\MSCONFIG.DAT --> Eliminado

C:\WINDOWS\SYSTEM.WIN --> Eliminado

No detectado SP3 de Windows XP



Wed Dec 17 02:28:33 2008

EliTriIP v5.38 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 16 de Diciembre del 2008)

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\WinRAR\WinRAR.win --> Eliminado, BackDoor.ControlTotal.AJ



Nº Total de Directorios: 3763

Nº Total de Ficheros: 60820

Nº de Ficheros Analizados: 9403

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1



Thu Dec 18 17:35:39 2008

EliStartPage v17.63 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 16 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



Fri Dec 19 20:41:28 2008

EliStartPage v17.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 19 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



Fri Dec 19 20:41:31 2008

EliStartPage v17.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 19 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\WINDOWS\system32\CMDLINEEXT03.DLL.VIR --> Eliminado, Spy-CmdLineExt



Nº Total de Directorios: 3967

Nº Total de Ficheros: 67593

Nº de Ficheros Analizados: 14708

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1





la 2da.



Fri Dec 19 21:58:05 2008

EliStartPage v17.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 19 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE







Nº Total de Directorios: 3965

Nº Total de Ficheros: 67594

Nº de Ficheros Analizados: 14705

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0



Fri Dec 19 22:11:38 2008

EliStartPage v17.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 19 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



Fri Dec 19 22:11:41 2008

EliStartPage v17.66 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 19 de Diciembre del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"



Nº Total de Directorios: 3962

Nº Total de Ficheros: 67578

Nº de Ficheros Analizados: 14702

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0





igual sigue lento. :(