[AYUDA] ¿POSIBLE VIRUS?

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Responder
Ibrahaim
Mensajes: 4
Registrado: 01 Mar 2013, 00:07

[AYUDA] ¿POSIBLE VIRUS?

Mensaje por Ibrahaim » 01 Mar 2013, 00:18

Hola, escribo para molestarles porque creo tener un virus en mi computadora... uno piensa... a mi no me pasa ni loco y bueno... si me pasó..



-la cuestion es que anda todo lento... osea todo trabado re repente...

-monto imagenes y no puedo instalarlas

-leí en la ultima descarga que hice "thepirateb..." los comentarios y decian que el juego tenia un "Hupigon"...

-pasé el "Avast (ultima version totalmente actualizado) y no encontró nada...

-pasé el windows defender y nada...

-pasé el malwarebyts...(totalmente actualizado y version pro...) y nada..



Ahora estoy pasando el spaybot search & destr...



bueno espero alguien me sepa decir algo.

PD: MUY COPADO EL FORO LOCO" :D
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Re: [AYUDA] ¿POSIBLE VIRUS?

Mensaje por msc hotline sat » 01 Mar 2013, 09:59

Pues pruebe el ELISTARA:


[quote="para DESCARGAR el ELISTARA, msc"]



http://www.zonavirus.com/descargas/elistara.asp



Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso [/quote]



y si no detectara malwares ni pidiera envio de sospechosos, lanzar el SPROCES y pulsar en SALIR, tras lo cual generará informe en c:\sproclog.txt, que nos puede postear para analizar:


[quote="para DESCARGAR el SPROCES, msc"]



http://www.zonavirus.com/descargas/sproces.asp


[/quote]

saludos



ms, 1-3-2013
Arriba
Ibrahaim
Mensajes: 4
Registrado: 01 Mar 2013, 00:07

Re: [AYUDA] ¿POSIBLE VIRUS?

Mensaje por Ibrahaim » 01 Mar 2013, 19:37

Gracias por la respuesta!... sigo contando lo que pasó despues..



Baje un programa de microsoft lo pasé y nada...

terminó de pasar el spybotsearch y destr... y nada me aparecieron unas porquerias que ni virus eran las elimine.. algo funciono... porque no anda mas "lenta la pc" pero sigue el problema...



Intento instalar imagenes montadas .iso y se cuelga mal... las quemé e intenté instalarlas desde un dvd y se cuelga también...



Probé con un dvd de juego original que tengo y no tube ni un problema...



me parece que me desconfiguro la pc o algo asi porque ahora no me andan las imagenes "truchas" jajaja..



bueno ahora estoy probando con el elistart



gracias!!
Arriba
Ibrahaim
Mensajes: 4
Registrado: 01 Mar 2013, 00:07

Re: [AYUDA] ¿POSIBLE VIRUS?

Mensaje por Ibrahaim » 01 Mar 2013, 20:03

Sproces:

(1-3-2013 18:59:51 GMT)

SProces v7.0 (c)2013 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Ultimate (v6.1.7601)

Internet Explorer: (v9.0.8112.16421) 0

Equipo: ADMIN-PC

Usuario: Admin

Sesión de Usuario: Admin



56 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\HWDEVICESERVICE64.EXE

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAMSCHEDULER.EXE

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAMSERVICE.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\MOTIVE\MCCICMSERVICE.EXE

C:\WINDOWS\SYSTEM32\MCCICMSERVICE.EXE

C:\WINDOWS\SYSTEM32\SMSVCHOST.EXE

C:\WINDOWS\SYSTEM32\TUNEUPUTILITIESSERVICE64.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\WLIDSVC.EXE

C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY\SDWINSEC.EXE

C:\WINDOWS\SYSTEM32\WLIDSVCM.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\MBAMGUI.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\TUNEUPUTILITIESAPP64.EXE

C:\WINDOWS\SYSTEM32\HKCMD.EXE

C:\WINDOWS\SYSTEM32\IGFXPERS.EXE

C:\WINDOWS\SYSTEM32\SYNTPENH.EXE

C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE

C:\WINDOWS\SYSTEM32\MCCITRAYAPP.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\MOTIVE\MCCICONTEXTHOOKSHIM.EXE

C:\WINDOWS\SYSTEM32\SYNTPHELPER.EXE

C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\VOLCTRL.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE

C:\WINDOWS\SYSTEM32\WMIPRVSE.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\SHARED\HPQTOASTER.EXE

C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ARMSVC.EXE

C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\INTEGRATOR.EXE

C:\WINDOWS\SYSTEM32\AUDIODG.EXE

C:\USERS\ADMIN\DESKTOP\ELISARA\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\WOW6432node\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\WOW6432node\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDNSP.DLL

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDNSP.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O22 - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll



Información Adicional:

----------------------

Clave "HKLM\...\Image File Execution Options\ccleaner64.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\dtagent.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\dtimgeditor.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\dtpro.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\excel.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\fixitcenter.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\gamebooster.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\googleearth.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\groove.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\infopath.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\msaccess.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\mspscan.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\mspub.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\mspview.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\mstore.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\offdiag.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\ois.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\onenote.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\outlook.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\powerpnt.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\sptdinst-x64.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\uninst.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\vscontentinstaller.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\vslauncher.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""

Clave "HKLM\...\Image File Execution Options\winword.exe"

"Debugger"=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe""



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: aswMonFlt - AVAST Software - C:\Windows\system32\drivers\aswMonFlt.sys (file missing)

O23 - Service: atksgt - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

**O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted - C:\WINDOWS\SYSTEM32\NULL1 (file missing)

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: lirsgt - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

**O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - %SystemRoot%\System32\svchost.exe -k secsvcs - %ProgramFiles%\Windows Defender\mpsvc.dll (file missing)



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys (file missing)

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys (file missing)

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys (file missing)

O23 - Service: Agere Systems Soft Modem (AgereSoftModem) - LSI Corp - C:\WINDOWS\SYSTEM32\DRIVERS\agrsm64.sys (file missing)

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys (file missing)

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys (file missing)

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys (file missing)

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys (file missing)

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys (file missing)

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbda.sys (file missing)

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys (file missing)

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys (file missing)

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys (file missing)

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys (file missing)

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys (file missing)

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (file missing)

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys (file missing)

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys (file missing)

O23 - Service: EagleX64 - Unknown owner - C:\Windows\system32\drivers\EagleX64.sys (file missing)

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbda.sys (file missing)

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys (file missing)

O23 - Service: Huawei MobileBroadband USB PNP Device (ew_hwusbdev) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ew_hwusbdev.sys (file missing)

O23 - Service: huawei_CompositeFilter (ew_usbenumfilter) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ew_usbenumfilter.sys (file missing)

O23 - Service: HP Hotkey Device (HBtnKey) - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\DRIVERS\cpqbttn.sys (file missing)

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys (file missing)

O23 - Service: HpqKbFilter Driver (HpqKbFiltr) - Hewlett-Packard Development Company, L.P. - C:\WINDOWS\SYSTEM32\DRIVERS\HpqKbFiltr.sys (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys (file missing)

O23 - Service: huawei_cdcacm - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ew_jucdcacm.sys (file missing)

O23 - Service: huawei_enumerator - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ew_jubusenum.sys (file missing)

O23 - Service: huawei_ext_ctrl - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ew_juextctrl.sys (file missing)

O23 - Service: huawei_wwanecm - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ew_juwwanecm.sys (file missing)

O23 - Service: Controladora RAID de Intel para Windows 7 (iaStorV) - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: igfx - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\igdkmd64.sys (file missing)

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys (file missing)

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys (file missing)

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys (file missing)

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys (file missing)

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys (file missing)

O23 - Service: MBAMProtector - Malwarebytes Corporation - C:\Windows\system32\drivers\mbam.sys (file missing)

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys (file missing)

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys (file missing)

O23 - Service: McAfee NDIS Light Filter (mfenlfk) - McAfee, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\mfenlfk.sys (file missing)

O23 - Service: MREMP50 NDIS Protocol Driver (MREMP50) - Printing Communications Assoc., Inc. (PCAUSA) - C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

O23 - Service: MREMP50a64 NDIS Protocol Driver (MREMP50a64) - Unknown owner - C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS (file missing)

O23 - Service: MREMPR5 NDIS Protocol Driver (MREMPR5) - Unknown owner - C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS (file missing)

O23 - Service: MRENDIS5 NDIS Protocol Driver (MRENDIS5) - Unknown owner - C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS (file missing)

O23 - Service: MRESP50 NDIS Protocol Driver (MRESP50) - Printing Communications Assoc., Inc. (PCAUSA) - C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

O23 - Service: MRESP50a64 NDIS Protocol Driver (MRESP50a64) - Unknown owner - C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS (file missing)

O23 - Service: Controlador del adaptador Intel(R) Wireless WiFi Link 5000 Series para Windows Vista de 64 bits (netw5v64) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\netw5v64.sys (file missing)

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys (file missing)

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys (file missing)

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys (file missing)

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys (file missing)

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys (file missing)

O23 - Service: Serial - Brother Industries Ltd. - C:\WINDOWS\system32\drivers\serial.sys (file missing)

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys (file missing)

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys (file missing)

O23 - Service: Synaptics TouchPad Driver (SynTP) - Synaptics, Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys (file missing)

O23 - Service: TuneUpUtilitiesDrv - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys

O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - TuneUp Software - %SystemRoot%\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\uxtuneup.dll

O23 - Service: VGPU - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\rdvgkmd.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys (file missing)

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys (file missing)

O23 - Service: WinRing0_1_2_0 - OpenLibSys.org - C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller (yukonw7) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\yk62x64.sys (file missing)



Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Google Update Servicio (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe



88 Servicios.

13 de Carga Automatica.

70 de Carga Manual.

5 Deshabilitados.









Elis:

(1-3-2013 18:28:54 (GMT))

EliStartPage v27.19 (c)2013 S.G.H. / Satinfo S.L. (Actualizado el 1 de Marzo del 2013)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.7601)

Usuario: Admin

ID de Usuario: S-1-5-21-2789775636-4053206095-2341738312-1000



Lista de Acciones (por Acción Directa):

Sospechosa Clave "HKLM\...\Image File Execution Options\CCLEANER64.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\DTAGENT.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\DTIMGEDITOR.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\DTPRO.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\EXCEL.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\FIXITCENTER.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\GAMEBOOSTER.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\GOOGLEEARTH.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\GROOVE.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\INFOPATH.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\MSACCESS.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\MSPSCAN.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\MSPUB.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\MSPVIEW.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\MSTORE.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\OFFDIAG.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\OIS.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\ONENOTE.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\OUTLOOK.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\POWERPNT.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\SPTDINST-X64.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\UNINST.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\VSCONTENTINSTALLER.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\VSLAUNCHER.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

Sospechosa Clave "HKLM\...\Image File Execution Options\WINWORD.EXE"

"Debugger"=""C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2013\TUAUTOREACTIVATOR64.EXE""

No detectado SP1 de Windows 7



(1-3-2013 18:28:58 (GMT))

EliStartPage v27.19 (c)2013 S.G.H. / Satinfo S.L. (Actualizado el 1 de Marzo del 2013)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.7601)

Usuario: NeroMediaHomeUser.4

ID de Usuario: S-1-5-21-2789775636-4053206095-2341738312-1004



Lista de Acciones (por Acción Directa):

Acceso Denegado al Usuario.



(1-3-2013 18:49:48 (GMT))

EliStartPage v27.19 (c)2013 S.G.H. / Satinfo S.L. (Actualizado el 1 de Marzo del 2013)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.7601)

Usuario: NeroMediaHomeUser.4

ID de Usuario: S-1-5-21-2789775636-4053206095-2341738312-1004



Lista de Acciones (por Exploración):

Explorando "C:\"



Nº Total de Directorios: 29295

Nº Total de Ficheros: 254992

Nº de Ficheros Analizados: 47996

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Re: [AYUDA] ¿POSIBLE VIRUS?

Mensaje por msc hotline sat » 05 Mar 2013, 12:09

Efectivamente, tenia este TUAUTOREACTIVATOR64.EXE interceptando la ejecución de aplicaciones.



El ELISTARA lo ha detectado y corregido.



Reinicie y cuéntenos si ya no persiste el problema, gracias



saludos



ms, 5-3-2013
Arriba
Ibrahaim
Mensajes: 4
Registrado: 01 Mar 2013, 00:07

Re: [AYUDA] ¿POSIBLE VIRUS?

Mensaje por Ibrahaim » 05 Mar 2013, 16:16

Eso era del tune up... dejó de andar lenta pero sigo sin poder instalar imagenes de cd .iso aún si las quemo..



GRACIAS POR LA AYUDA!
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Re: [AYUDA] ¿POSIBLE VIRUS?

Mensaje por msc hotline sat » 05 Mar 2013, 17:10

Pues vemos este fichero que podria ser malware:



C:\WINDOWS\SYSTEM32\WLIDSVCM.EXE



Hay 2 informes al respecto : http://www.precisesecurity.com/files-process/2009/07/05/wlidsvcm-exe/ http://www.cleanallspyware.com/?t202id=214776&t202kw=&OVRAW=what%20is%20wildsvcm.exe&OVKEY=wlidsvcm.exe&OVMTC=advanced&OVADID=53025846522&OVKWID=254843450022&OVCAMPGID=6311360022&OVADGRPID=11763615410&OVNDID=ND1



Si no lo ha instalado voluntariamente, añada .VIR a su extension y envienoslo para analizar.



Para ello, recordar: https://foros.zonavirus.com/viewtopic.php?f=5&t=45334



saludos



ms, 5-3-2013
Arriba
Responder

Volver a “Foro Virus - Cuentanos tu problema”