Antes de nada decir que soy usuario de Windows XP Professional y como antivirus uso el Kaspersky Antivirus 7.
Pues bien, hace unos dias, mi padre estaba trasteando el ordenador, se metio en vete a saber que pagina y salto el antivirus diciendome:
Bien, me daba 2 opciones, Autorizar o Denegar y le di a Denegar.
Despues de esto, y como no se si me infecte, hice un analisis con el Kaspersky y tambien con el Spybot Search & Destroy y con el Malwarebytes. Ninguno de ellos me encontraron nada.
No obstante, despues hice un analisis con el Panda Active Online Scanner y me encontro un virus, un tal "A0011352.exe" que pude desinfectar. Despues de esto, volvi a pasar el Panda Online y ya no me lo detecto. Despues pase tambien el ESET Online Scanner y no me detecto nada.
Os copio aqui el reporte del primer analisis del Panda (donde me detecto ese virus) y tambien os copio un log de Hijackthis.
Lo que quiero es saber si estoy infectado aun o no, haber si me podriais sacar de la duda.
Ahi va el Log del
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-16 15:14:34
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 7.0.1.325 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.tribalfusion.com/]
00162852 Bck/Sensive.51 Virus/Trojan No 0 Yes No C:\X-CRiPt\Uninstal.exe
00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@xiti[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@adtech[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@overture[2].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.terra.com.br/]
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.adultfriendfinder.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Cookies\cesar@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cesar\Datos de programa\Mozilla\Firefox\Profiles\ug4qrzgq.default\cookies.txt[.smartadserver.com/]
03074964 Trj/CI.A Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{46F95846-8637-4C54-909D-AD5E16106301}\RP77\A0011542.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Archivos de programa\Alcohol Soft\Alcohol 120\alcohol.exe
No C:\BEAUTIFUL GARBAGE\MSN_Polygamy_DelMessengerCom.exe
No C:\System Volume Information\_restore{46F95846-8637-4C54-909D-AD5E16106301}\RP77\A0011352.exe
No C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203806 HIGH MS08-078
203508 HIGH MS08-073
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194861 HIGH MS08-031
194860 HIGH MS08-030
191618 HIGH MS08-025
191617 HIGH MS08-024
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187735 HIGH MS08-010
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
176382 HIGH MS07-057
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93454 MEDIUM MS05-049
;===================================================================================================================================================================================
Y ahi va el Log del
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:29, on 18/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
C:\Archivos de programa\Archivos comunes\Logitech\KHAL\KHALMNPR.EXE
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5873 bytes
msc hotline sat Virus Research Engineer