Atacado brutalmente por un virus

Tema en 'Logs HijackThis' comenzado por stratosman, 28/7/08.

Estado del tema:
No está abierto para más respuestas.
  1. stratosman

    stratosman Nuevo Miembro Miembro

    Estoy en medio de un trabajo a entregar el martes y voy atrasado...



    socorro necesito un alma caritativa que me ayude!



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:05: VIRUS ALERT!, on 28/07/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Boot mode: Normal



    Running processes:

    D:\WINDOWS\System32\smss.exe

    D:\WINDOWS\system32\winlogon.exe

    D:\WINDOWS\system32\services.exe

    D:\WINDOWS\system32\lsass.exe

    D:\WINDOWS\system32\svchost.exe

    D:\WINDOWS\System32\svchost.exe

    D:\WINDOWS\system32\WgaTray.exe

    D:\WINDOWS\Explorer.EXE

    D:\WINDOWS\System32\svchost.exe

    D:\WINDOWS\system32\svchost.exe

    D:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe

    D:\WINDOWS\system32\RunDll32.exe

    D:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

    D:\WINDOWS\system32\lphcl6pj0e175.exe

    D:\Archivos de programa\rhcg6pj0e175\rhcg6pj0e175.exe

    D:\WINDOWS\WebCam\M1000\M1000Mnt.exe

    D:\WINDOWS\system32\ctfmon.exe

    D:\Archivos de programa\BitTorrent\bittorrent.exe

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe

    D:\WINDOWS\system32\pphcl6pj0e175.exe

    D:\WINDOWS\system32\wscntfy.exe

    D:\Archivos de programa\Mozilla Firefox\firefox.exe

    D:\WINDOWS\system32\rundll32.exe

    D:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

    D:\WINDOWS\system32\rundll32.exe

    D:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...=MjI6Ojg5&lid=2

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O3 - Toolbar: fdkowvbp - {BF53502D-3BEF-4273-9925-89D7526A5F87} - D:\WINDOWS\fdkowvbp.dll

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [egui] "D:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [TkBellExe] "D:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

    O4 - HKLM\..\Run: [lphcl6pj0e175] D:\WINDOWS\system32\lphcl6pj0e175.exe

    O4 - HKLM\..\Run: [SMrhcg6pj0e175] D:\Archivos de programa\rhcg6pj0e175\rhcg6pj0e175.exe

    O4 - HKLM\..\Run: [lanmanwrk.exe clean] D:\WINDOWS\System32\lanmanwrk.exe clean

    O4 - HKLM\..\Run: [c860b0f4] rundll32.exe "D:\WINDOWS\system32\kuhxksdv.dll",b

    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [BitTorrent] "D:\Archivos de programa\BitTorrent\bittorrent.exe"

    O4 - HKCU\..\Run: [s9201] "D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Archivos de programa\Yahoo!\Common\yinsthelper.dll

    O20 - AppInit_DLLs: D:\ARCHIV~1\Google\GOOGLE~4\GOEC62~1.DLL

    O21 - SSODL: eqvwamkl - {4C25E7C4-0BC6-4ACB-BB01-DC07A641B04B} - D:\WINDOWS\eqvwamkl.dll

    O21 - SSODL: wnslvxtf - {1C306F18-2150-42FA-8F57-C445810A37B6} - D:\WINDOWS\wnslvxtf.dll

    O23 - Service: Adobe LM Service - Adobe Systems - D:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe



    --

    End of file - 5483 bytes
     
  2. Caito

    Caito Nuevo Miembro Miembro

    Flor de infección :eek:

    Baja este programa:Malwarebytes Anti-Malware

    MalwareBytes Anti-Malware - Descargas Trucos Windows

    Si lo ubicas en el escritorio aparecerá este archivo:

    mbam-setup.exe

    le damos doble click y se abrirá , elegimos el idioma , aceptamos las condiciones de uso y comenzará la instalación.

    Actualizamos la base de datos y ya tendremos el ícono para hacer la limpieza :

    doble click a Malwarebytes Anti-Malware, en la siguiente ventana elegimos Escaner "realizar un examen completo" y hacemos click en "Examinar".

    Luego del proceso de scaneo nos aparecerá este mensaje:

    "El exámen ha terminado con éxito.Click en mostrar resultados para ver todos los objetos hallados".

    Nos encontraremos con el resumen de lo hallado y hacemos click en "Mostrar Resultados"(abajo a la derecha)

    Luego en la siguiente pantalla hacemos click en "Quitar lo seleccionado"(abajo a la izquierda).

    Por último se nos mostrará el reporte del análisis y lo realizado por el programa, ese reporte lo debes copiar y pegar junto a un nuevo log del Hijack.

    Saludos

    Caito
     
  3. stratosman

    stratosman Nuevo Miembro Miembro

    Bueno... gracias por contestar tan rapido... ahí va el report del mawarebytes y el hijack... aunque no he hecho el reeboot ?



    Malwarebytes' Anti-Malware 1.23

    Versión de la Base de Datos: 1001

    Windows 5.1.2600 Service Pack 3



    19:20:18 28/07/2008

    mbam-log-7-28-2008 (19-20-18).txt



    Tipo de examen : Examen Completo (C:\|D:\|)

    Objetos examinados: 91219

    Tiempo transcurrido: 53 minute(s), 0 second(s)



    Procesos en Memoria Infectados: 0

    Módulos en Memoria Infectados: 0

    Claves del Registro Infectadas: 6

    Valores del Registro Infectados: 7

    Elementos de Datos del Registro Infectados: 16

    Carpetas Infectadas: 20

    Ficheros Infectados: 28



    Procesos en Memoria Infectados:

    (No se han detectado elementos maliciosos)



    Módulos en Memoria Infectados:

    (No se han detectado elementos maliciosos)



    Claves del Registro Infectadas:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6cfcf29-e855-420d-9a72-5b69f0f93746} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\rhcg6pj0e175 (Rogue.Multiple) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.



    Valores del Registro Infectados:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e6cfcf29-e855-420d-9a72-5b69f0f93746} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.



    Elementos de Datos del Registro Infectados:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76460-640-4396517-23418) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.



    Carpetas Infectadas:

    D:\WINDOWS\system32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175 (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175 (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\rhcg6pj0e175\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.



    Ficheros Infectados:

    D:\System Volume Information\_restore{1EFB8A34-0160-41CD-A21C-C7E8B7BA05E4}\RP97\A0027778.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    D:\System Volume Information\_restore{1EFB8A34-0160-41CD-A21C-C7E8B7BA05E4}\RP97\A0027781.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    D:\System Volume Information\_restore{1EFB8A34-0160-41CD-A21C-C7E8B7BA05E4}\RP97\A0027779.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Configuración local\Archivos temporales de Internet\Content.IE5\5ROERB9K\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

    D:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\LOG\20080728144537656.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Documents and Settings\All Users\Datos de programa\SecuriSoft SARL\WinSpywareProtect\LOG\20080728145434953.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\rhcg6pj0e175.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Archivos de programa\rhcg6pj0e175\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\Microsoft\dtsc\id (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\KernelDrv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\Dll.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\ksvcl.dll (Stolen.Data) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\kcopt.dll (Stolen.Data) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\blphcl6pj0e175.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\qmopt.dll (Malware.Trace) -> Quarantined and deleted successfully.

    D:\WINDOWS\system32\lanmanwrk.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Configuración local\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Configuración local\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

    D:\Documents and Settings\Stratosmate\Configuración local\Temp\vistasp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.







    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:22:24, on 28/07/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Boot mode: Normal



    Running processes:

    D:\WINDOWS\System32\smss.exe

    D:\WINDOWS\system32\winlogon.exe

    D:\WINDOWS\system32\services.exe

    D:\WINDOWS\system32\lsass.exe

    D:\WINDOWS\system32\svchost.exe

    D:\WINDOWS\System32\svchost.exe

    D:\WINDOWS\system32\WgaTray.exe

    D:\WINDOWS\Explorer.EXE

    D:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe

    D:\WINDOWS\system32\RunDll32.exe

    D:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

    D:\WINDOWS\WebCam\M1000\M1000Mnt.exe

    D:\WINDOWS\system32\ctfmon.exe

    D:\Archivos de programa\BitTorrent\bittorrent.exe

    D:\WINDOWS\system32\svchost.exe

    D:\WINDOWS\system32\wscntfy.exe

    D:\Archivos de programa\Mozilla Firefox\firefox.exe

    D:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

    D:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe

    D:\Archivos de programa\Google Video\gupload.exe

    D:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE

    D:\WINDOWS\SYSTEM32\NOTEPAD.EXE

    D:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trucoswindows.net/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {307FF64D-BAFC-4FEE-992D-931B6A7136B5} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [BitTorrent] "D:\Archivos de programa\BitTorrent\bittorrent.exe"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Archivos de programa\Yahoo!\Common\yinsthelper.dll

    O20 - AppInit_DLLs: D:\ARCHIV~1\Google\GOOGLE~4\GOEC62~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - D:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

    O20 - Winlogon Notify: ddcCRJDU - ddcCRJDU.dll (file missing)

    O20 - Winlogon Notify: nnnmjKde - nnnmjKde.dll (file missing)

    O23 - Service: Adobe LM Service - Adobe Systems - D:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe



    --

    End of file - 5084 bytes
     
  4. Caito

    Caito Nuevo Miembro Miembro

    Ejecuta el hijack :

    Scan y luego Fix a estas:



    O2 - BHO: (no name) - {307FF64D-BAFC-4FEE-992D-931B6A7136B5} - (no file)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O20 - Winlogon Notify: ddcCRJDU - ddcCRJDU.dll (file missing)

    O20 - Winlogon Notify: nnnmjKde - nnnmjKde.dll (file missing)



    Reinicia y pon un nuevo log

    saludos

    caito
     
Estado del tema:
No está abierto para más respuestas.

Comparte esta página