Un virus no me deja ejecutar nada

Iniciado por Dacan, 21 Agosto 2010, 18:43 PM

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario

Dacan

21 Agosto 2010, 18:43 PM
No me deja ejecutar nada pero nada, solo el internet explorer.

Ni CMD, ni .exe, ni .bat, absolutamente nada!

Por lo menos ya estoy mandando todos los archivos importantes a la otra pc mediante una USB pero igual no quiero formatear porque es una laptod y me han dicho que es medio liado.

Quien me puede ayudar?? Nota: Estoy en otra pc y si descargo algo la PC infectada lo puede abrir pero normalmente se cierra luego el programa, no tengo antivirus y si la prendo en Safe Mode no me deja usar el mouse pad.

Saludos, Dacan  :D

Dacan

#1
21 Agosto 2010, 19:15 PM
Log del HiJackThis Logre instalarlo y ejecutarlo exitosamente :D

CitarLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:12:22 p.m., on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Jose Daniel\Jose Daniel1\winlogon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\37b13d.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Jose Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://c-5-t-7-3-3-q-r-i-d-w-f-8-w-e-c-e-8-a-8-4-4-.i-k-r-g-1-0-u-5-1-f-3-g-li-9-p-1-x-t-6-g-l-8-m-q-y-s-k-6-l.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://0-2-2-4-g-w-p-3-g-4-4-4-x-d-j-u-.a-l-v-d-z-o0-n-x-6-v-0-q-q-m-7-g-d-z-7-7-o-b-m-7-z-4-a-q-0.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://5-g-x-k-2-j-g-1-9-x-v-y-7-3-9-3-8-v-s-u-5-5-.5-b-e-n-t-f-p-p-7-1-1-0-7-c-q-0-3-00-6-u-7-t-1-n-y-q-u-f-u.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://8-9-3-1-5-2-.j-z-0-3-0-u-u-x-f-1l-3-l-h-w-b-q-z-u-5-n-l-l-m-s-5-v-s-z-g.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-6-2-0-5-u-2-u-8-4-.j-z-0-3-0-u-u-x-f-1l-3-l-h-w-b-q-z-u-5-n-l-l-m-s-5-v-s-z-g.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://6-n-1-i-.u-l-c-6-e-p-a-a-0-z-m-s-m-00-v-2-i-7-5-f-l-7-7-l-t-j-h-h-9.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://s-6-o-5-r-7-2-e-o-4-5-4-8-5-g-1-8-1-d-4-t-0-8-g-3-b-4-.j-z-0-3-0-u-u-x-f-1l-3-l-h-w-b-q-z-u-5-n-l-l-m-s-5-v-s-z-g.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://p-n-i-c-8-8-1-2-7-3-6-h-t-1-g-n-9-6-j-.i-k-r-g-1-0-u-5-1-f-3-g-li-9-p-1-x-t-6-g-l-8-m-q-y-s-k-6-l.info
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 208.109.220.95 viabcp.com
O1 - Hosts: 208.109.220.95 www.viabcp.com
O1 - Hosts: 208.109.220.95 bcpzonasegura.viabcp.com
O1 - Hosts: 208.109.220.95 www.bcpzonasegura.viabcp.com
O1 - Hosts: 74.117.56.5 bn.com.pe
O1 - Hosts: 74.117.56.5 www.bn.com.pe
O1 - Hosts: 74.117.56.5 zonasegura1.bn.com.pe
O1 - Hosts: 74.117.56.5 www.zonasegura1.bn.com.pe
O1 - Hosts: 92.48.69.20 pichincha.com
O1 - Hosts: 92.48.69.20 www.pichincha.com
O1 - Hosts: 92.48.69.20 wwwp2.pichincha.comefender.com
O1 - Hosts: com
O1 - Hosts: 0
O1 - Hosts: 74.117.56.5 viabcp.com
O1 - Hosts: 74.117.56.5 www.viabcp.com
O1 - Hosts: 74.117.56.5 bcpzonasegura.viabcp.com
O1 - Hosts: 74.117.56.5 www.bcpzonasegura.viabcp.com
O1 - Hosts: 74.117.56.5 bn.com.pe
O1 - Hosts: 74.117.56.5 www.bn.com.pe
O1 - Hosts: 74.117.56.5 zonasegura1.bn.com.pe
O1 - Hosts: 74.117.56.5 www.zonasegura1.bn.com.pe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\37b13d.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVIDIA Media Center Library] C:\Documents and Settings\Jose Daniel\Jose Daniel1\winlogon.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Jose Daniel\Local Settings\Temporary Internet Files\Content.IE5\ESCNZOMQ\RRT[1].exe auto
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\JOSEDA~1\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [wesspell] C:\WINDOWS\system32\qazbrnn.exe
O4 - HKCU\..\Run: [zmmclr] C:\WINDOWS\system32\xcllsx.exe
O4 - HKCU\..\Run: [mqlwindl] C:\WINDOWS\system32\lsprcxs.exe
O4 - HKCU\..\Run: [crsmons] C:\WINDOWS\system32\iomssls.exe
O4 - HKCU\..\Run: [opqlsys] C:\WINDOWS\system32\velplsme.exe
O4 - HKCU\..\Run: [xisbcom] C:\WINDOWS\system32\lmssspr.exe
O4 - HKCU\..\Run: [qplsec] C:\WINDOWS\system32\qwmmmse.exe
O4 - HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe
O4 - HKCU\..\Run: [shccde] C:\WINDOWS\system32\winssled.exe
O4 - HKCU\..\Run: [cdmmslpo] C:\WINDOWS\system32\klpllsm.exe
O4 - HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe
O4 - HKCU\..\Run: [sqlpdro] C:\WINDOWS\system32\providd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wiue32] C:\WINDOWS\system32\oissdmmp.exe
O4 - HKCU\..\Run: [pcfmssl] C:\WINDOWS\system32\dgcbkm.exe
O4 - HKCU\..\Run: [qscmdll] C:\WINDOWS\system32\ssmcdsw.exe
O4 - HKCU\..\Run: [aslcomm] C:\WINDOWS\system32\wallmsp.exe
O4 - HKCU\..\Run: [kvmspls] C:\WINDOWS\system32\bchdikms.exe
O4 - HKCU\..\Run: [itjdnssm] C:\WINDOWS\system32\qppsmcw.exe
O4 - HKCU\..\Run: [poewei32] C:\WINDOWS\system32\eiemdolc.exe
O4 - HKCU\..\Run: [zsmecdp] C:\WINDOWS\system32\olwsdd9.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [jncontmon] C:\WINDOWS\system32\ssjitsys32.exe
O4 - HKCU\..\Run: [ncstatsc] C:\WINDOWS\system32\lsnccq.exe
O4 - HKCU\..\Run: [udccndw2] C:\WINDOWS\system32\psiomcp.exe
O4 - HKCU\..\Run: [prodcmmp] C:\WINDOWS\system32\ikddmch.exe
O4 - HKCU\..\Run: [iejdsmm] C:\WINDOWS\system32\yhsgmmw.exe
O4 - HKCU\..\Run: [pqezlr32] C:\WINDOWS\system32\eyclcm.exe
O4 - HKCU\..\Run: [mndpro32] C:\WINDOWS\system32\primndd.exe
O4 - HKCU\..\Run: [qisdrmss] C:\WINDOWS\system32\qodesnaq.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=es-DO
O4 - HKCU\..\Run: [NVIDIA Media Center Library] C:\Documents and Settings\Jose Daniel\Jose Daniel1\winlogon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jose Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\JOSEDA~1\LOCALS~1\Temp\dsoqq.exe
O4 - Startup: 02cs5j0.exe
O4 - Startup: 03a0brx.exe
O4 - Startup: 03aavmc.exe
O4 - Startup: 0eezqql.exe
O4 - Startup: 0fbww6i.exe
O4 - Startup: 0ggbssn.exe
O4 - Startup: 0hdyy6k.exe
O4 - Startup: 0iiduup.exe
O4 - Startup: 0kka3cc.exe
O4 - Startup: 0lbh66y.exe
O4 - Startup: 0ssneez.exe
O4 - Startup: 1uqqlcs.exe
O4 - Startup: 1wsi0ee.exe
O4 - Startup: 26no70p.exe
O4 - Startup: 26qvrmm.exe
O4 - Startup: 2bww6ii.exe
O4 - Startup: 2dyy6kk.exe
O4 - Startup: 2pkk6ww.exe
O4 - Startup: 2too6aa.exe
O4 - Startup: 2too769.exe
O4 - Startup: 2vlmhxy.exe
O4 - Startup: 2vqq6cc.exe
O4 - Startup: 2xss6ee.exe
O4 - Startup: 2zzavlh.exe
O4 - Startup: 3aavrrn.exe
O4 - Startup: 3avlmhx.exe
O4 - Startup: 3ccxooj.exe
O4 - Startup: 3e0fvb6.exe
O4 - Startup: 3eezqql.exe
O4 - Startup: 3iiduup.exe
O4 - Startup: 3kkfwwr.exe
O4 - Startup: 3mmhyyt.exe
O4 - Startup: 3qqlccx.exe
O4 - Startup: 3ssneep.exe
O4 - Startup: 3uupggb.exe
O4 - Startup: 3y86k91.exe
O4 - Startup: 3yytkkf.exe
O4 - Startup: 5cnnoo6.exe
O4 - Startup: 5rnijo8.exe
O4 - Startup: 5u2klq8.exe
O4 - Startup: 6kk6ww6.exe
O4 - Startup: 6mm6yy6.exe
O4 - Startup: 6nieezq.exe
O4 - Startup: 6ojp2g5.exe
O4 - Startup: 6qq6cc6.exe
O4 - Startup: 6qw70xt.exe
O4 - Startup: 6ss6ee6.exe
O4 - Startup: 6ufa1ws.exe
O4 - Startup: 6uu6gg6.exe
O4 - Startup: 70bbxnt.exe
O4 - Startup: 70bwrii.exe
O4 - Startup: 70bxss6.exe
O4 - Startup: 70fbww6.exe
O4 - Startup: 70hdyy6.exe
O4 - Startup: 70lhcc6.exe
O4 - Startup: 70lhciy.exe
O4 - Startup: 86c8708.exe
O4 - Startup: 86g870d.exe
O4 - Startup: 86m81yj.exe
O4 - Startup: 8wsn2zu.exe
O4 - Startup: 91ufgbh.exe
O4 - Startup: 9703o1f.exe
O4 - Startup: 9k1gccx.exe
O4 - Startup: 9kvrhhd.exe
O4 - Startup: 9s1okvq.exe
O4 - Startup: 9y1uqql.exe
O4 - Startup: a1qrw81tez.exe
O4 - Startup: a1wssnee.exe
O4 - Startup: a69m1iy1.exe
O4 - Startup: a6r0nnjzzv.exe
O4 - Startup: a81mxytz2fg.exe
O4 - Startup: aavmmhyyj2.exe
O4 - Startup: aavmmhyytk.exe
O4 - Startup: b0xc86o81al.exe
O4 - Startup: bc7tejfaa6.exe
O4 - Startup: bssneezq.exe
O4 - Startup: bssneezqqlc.exe
O4 - Startup: bw1soojaav.exe
O4 - Startup: bwmc0dtz66q.exe
O4 - Startup: bwsn2zuu6.exe
O4 - Startup: bxnnjzfaqr.exe
O4 - Startup: bxnnjzzv.exe
O4 - Startup: c1yuupgg.exe
O4 - Startup: c3eezqqlccx.exe
O4 - Startup: c3s9o1kgg.exe
O4 - Startup: ccxoojaa.exe
O4 - Startup: chn5do3k1r.exe
O4 - Startup: cxd66u81g3.exe
O4 - Startup: cyytkkflhc.exe
O4 - Startup: cyytkkfwwr.exe
O4 - Startup: dez081grsn.exe
O4 - Startup: duupggbs.exe
O4 - Startup: dyy6kk6ww6i.exe
O4 - Startup: dzpplbbx.exe
O4 - Startup: e1v2hsc6.exe
O4 - Startup: e3ggbssneez.exe
O4 - Startup: evv2bcx0.exe
O4 - Startup: f0lhcc6oz.exe
O4 - Startup: f0lhcido5.exe
O4 - Startup: f66w3s1j.exe
O4 - Startup: faa6mm6yy.exe
O4 - Startup: fbb2hxytup0.exe
O4 - Startup: ff2lmh03y1u.exe
O4 - Startup: ffbrrnddzpp.exe
O4 - Startup: fk81hcs1j.exe
O4 - Startup: fqbxx2dzz.exe
O4 - Startup: fvvlr2xyt.exe
O4 - Startup: fwwriidu.exe
O4 - Startup: g1cyyt3f.exe
O4 - Startup: g1nn081u.exe
O4 - Startup: g6w81itup.exe
O4 - Startup: g9c1yuupgg.exe
O4 - Startup: gg6ss6ee6.exe
O4 - Startup: gw0xnt66k8.exe
O4 - Startup: gw1nty3u1q.exe
O4 - Startup: h0njee6qq.exe
O4 - Startup: h703o1f70b.exe
O4 - Startup: hc1yuupggb.exe
O4 - Startup: hcc6oo6aa.exe
O4 - Startup: hdttpffb.exe
O4 - Startup: hdttpp2vlmh.exe
O4 - Startup: hdyy70k6.exe
O4 - Startup: hhdttpffbrr.exe
O4 - Startup: hxttu70vrc.exe
O4 - Startup: i0eezqql.exe
O4 - Startup: i70jk6abb.exe
O4 - Startup: i9e1awm0nn.exe
O4 - Startup: i9e1awwrii.exe
O4 - Startup: iduupggbss.exe
O4 - Startup: ieezqqlccx.exe
O4 - Startup: ijze3glhm70.exe
O4 - Startup: jaavmmh2jee.exe
O4 - Startup: jaavmmhyytk.exe
O4 - Startup: jaq0mmhy.exe
O4 - Startup: jee6qq6cc6o.exe
O4 - Startup: jffbrrnddzp.exe
O4 - Startup: jjkk6ww6ii6.exe
O4 - Startup: jkfvwrhidtu.exe
O4 - Startup: jo81almh.exe
O4 - Startup: jplgwmcdyo9.exe
O4 - Startup: k1gccxooja.exe
O4 - Startup: k6a81mxo1.exe
O4 - Startup: k70lhcc6o.exe
O4 - Startup: kabg81sdez.exe
O4 - Startup: kfwmriid.exe
O4 - Startup: kk6wmnitj.exe
O4 - Startup: kv2hcc6o.exe
O4 - Startup: lbbxnnjz.exe
O4 - Startup: lbcxnojk.exe
O4 - Startup: lbh66y86.exe
O4 - Startup: lccx3uupggb.exe
O4 - Startup: lccxoojaavm.exe
O4 - Startup: lg1cyyt3qq.exe
O4 - Startup: lg1cyytkkf.exe
O4 - Startup: lhxxtjjf.exe
O4 - Startup: lmhn60pvfbw.exe
O4 - Startup: lrnii6uu6gg.exe
O4 - Startup: lwhidj60l.exe
O4 - Startup: m1itpkk6.exe
O4 - Startup: m30tpkk6.exe
O4 - Startup: m3o1efk81w.exe
O4 - Startup: m6yy6kk6.exe
O4 - Startup: mcdi81ufgb.exe
O4 - Startup: mhn2tjkf.exe
O4 - Startup: miiduupggb.exe
O4 - Startup: nddzpplb.exe
O4 - Startup: nddzppll2rh.exe
O4 - Startup: neezqqlc.exe
O4 - Startup: neezqqlccxo.exe
O4 - Startup: ni1eaavmmh.exe
O4 - Startup: nii1e9a1wss.exe
O4 - Startup: nii6uklgg6s.exe
O4 - Startup: nii6uu6gg.exe
O4 - Startup: njzzvllhxx.exe
O4 - Startup: nnjzzvllhxx.exe
O4 - Startup: o5f0w70xd0.exe
O4 - Startup: o9k1gccxoo.exe
O4 - Startup: op3ggbxx.exe
O4 - Startup: plgg6ss6.exe
O4 - Startup: pq70rnii1e.exe
O4 - Startup: q1ghm86y.exe
O4 - Startup: q1miiduu.exe
O4 - Startup: q1miiduupg.exe
O4 - Startup: qg1x70eeua.exe
O4 - Startup: qlccxooj.exe
O4 - Startup: qmmhnjee6q.exe
O4 - Startup: qqlccxoo.exe
O4 - Startup: qvgbssnee.exe
O4 - Startup: r0xtoo6aa.exe
O4 - Startup: r875e70f.exe
O4 - Startup: rcnojzavl.exe
O4 - Startup: rhn60pvfbwx.exe
O4 - Startup: riiduupg.exe
O4 - Startup: rmm6yy6kk6w.exe
O4 - Startup: rnddzppl.exe
O4 - Startup: rriiduup.exe
O4 - Startup: rs70tpkk6w.exe
O4 - Startup: s1okkfww.exe
O4 - Startup: s3uupggbssn.exe
O4 - Startup: s6ee6a9w.exe
O4 - Startup: s6ee6qq6.exe
O4 - Startup: s70tpkk6w.exe
O4 - Startup: s75e70fbw.exe
O4 - Startup: s9o1kggbss.exe
O4 - Startup: sdzuu6gg6ss.exe
O4 - Startup: sn6zppfl.exe
O4 - Startup: snejfvvr.exe
O4 - Startup: snejfvvrhh.exe
O4 - Startup: snt60vqr.exe
O4 - Startup: ssiy1pk5.exe
O4 - Startup: t5kk1gchd.exe
O4 - Startup: te1uva86.exe
O4 - Startup: toefaa6mm.exe
O4 - Startup: tt0zvlgccx.exe
O4 - Startup: tu70vrmm6i.exe
O4 - Startup: tupql081.exe
O4 - Startup: u1qmmhyy.exe
O4 - Startup: uupggbss.exe
O4 - Startup: va81xsty81.exe
O4 - Startup: vblhcdi86k.exe
O4 - Startup: vllmss1o.exe
O4 - Startup: vmmhyjee.exe
O4 - Startup: vmmhyytkkfw.exe
O4 - Startup: vq1miiduup.exe
O4 - Startup: vrhhdttpff.exe
O4 - Startup: w1soojaa.exe
O4 - Startup: w1soojaavm.exe
O4 - Startup: w1soojffbr.exe
O4 - Startup: w69i1eaa.exe
O4 - Startup: w81itupfg.exe
O4 - Startup: w9s1zj03q1h.exe
O4 - Startup: wriiduup.exe
O4 - Startup: wriiduupgl.exe
O4 - Startup: wrx3yekva3.exe
O4 - Startup: xoojaavm.exe
O4 - Startup: xss6ee6qq.exe
O4 - Startup: xtjjfvvr.exe
O4 - Startup: xtoo6aa6.exe
O4 - Startup: xxtjjfvvr3n.exe
O4 - Startup: y70zvqq6c.exe
O4 - Startup: ytkkfwwrii.exe
O4 - Startup: yuupggbssn.exe
O4 - Startup: yy6kk6ww6.exe
O4 - Startup: yytkkfww.exe
O4 - Startup: z0fbwc70i.exe
O4 - Startup: za70g70nje.exe
O4 - Startup: zavb2hxytz2.exe
O4 - Startup: zfk81whidj.exe
O4 - Startup: zpplbbxn.exe
O4 - Startup: zppvrms70tp.exe
O4 - Startup: zqqlcs6d.exe
O4 - Startup: zvllhxxtjj.exe
O4 - Startup: zzvllhxxtjj.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Mostrar u ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 25371 bytes

Dznp

#2
21 Agosto 2010, 19:26 PM
Estas totalmente infectado, yo te recomendaria ejecutar un antivirus booteable que te limpie todo o formatear, si tenes lector de CD es lo mismo que formatear una pc.



Suerte

Novlucker

#3
21 Agosto 2010, 19:40 PM
Eso mismo iba a recomendar, tienes un zoológico de "bichos" :o

Los live-cd AV los puedes encontrar por aquí ...
http://foro.elhacker.net/software/cds_autoarrancables_para_casos_de_emergencia-t204137.0.html

Saludos
Contribuye con la limpieza del foro, reporta los "casos perdidos" a un MOD XD

"Hay dos cosas infinitas: el Universo y la estupidez  humana. Y de la primera no estoy muy seguro."
Albert Einstein

Dacan

#4
21 Agosto 2010, 19:48 PM Ultima modificación: 21 Agosto 2010, 20:00 PM por Dacan
Gracias a ambos pero tengo una duda, cual descargo de todos y luego de tenerlos en uso (BOOT) a que le doy para eliminar los BICHOS! :huh:

Se puede usar memory?? de cuantos mb el cd el blanco?? o se necesita un dvd??
Saludos, Dacan  :D

simorg

#5
22 Agosto 2010, 05:10 AM
Si tienes el CD del Sistema y los drivers de tu maquina, lo más drastico es que formatees y procedas a instalación limpia. :P

Y despues ponte un buen antivirus....




salu2.
Imprimir
Ir Arriba Páginas1
Acciones del Usuario