| dead_soldier |  |
|
2006-03-19 16:26 - Respuestas: 5 - Tema nº: 2409934
Hola que tal, hace una semana creo que tengo un virus que me ha dado muchos problemas, puse el hijackthis y pongo el log aver si me pueden hechar la mano:
Logfile of HijackThis v1.99.1
Scan saved at 03:21:09 p.m., on 19/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
C:\Archivos de programa\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCClient.exe
D:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\sp2fwxp.exe
D:\Archivos de programa\NoAds\NoAds.exe
D:\WCESCOMM.EXE
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\WINDOWS\System32\shell386.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msidle.exe
D:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pc-cillin9.antivirus.com/en/90/PccReg/wcoRegister.asp?SN=PCEA%2D9998%2D5605%2D4981%2D4043&GUID=8F8D8D888D888D8A8D898D8D8D8FBD
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)
O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)
O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\System32\winapi32.dll
O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)
O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)
O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)
O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)
O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)
O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)
O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)
O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [sp2fwxp] C:\WINDOWS\System32\sp2fwxp.exe
O4 - HKLM\..\Run: [cme] C:\WINDOWS\System32\cme.exe
O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\System32\cmesys.exe
O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\System32\cmeupd.exe
O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\System32\cd_clint.dll
O4 - HKLM\..\Run: [Gator] C:\WINDOWS\System32\cme.exe
O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\System32\ddm_d.exe
O4 - HKLM\..\Run: [Personal AntiSpy keylogger] C:\WINDOWS\System32\systemwb.dll
O4 - HKCU\..\Run: [NoAds] "D:\Archivos de programa\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: wupdmgr.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:default.mht!http://get-access.host.sk/pd-od/qxxx1.chm::/qxxx1.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload451a.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{68BD9350-57BE-4990-A09C-9A25AB442B9E}: NameServer = 85.255.115.234,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F30F8B8-29EF-4D6D-A2EF-1DB8738B5B28}: NameServer = 85.255.115.234,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{B113CAC9-E8D8-4F61-B585-E9AFCE8706F4}: NameServer = 85.255.115.234,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{D37F3316-DD4E-4908-8DA6-50E840C11699}: NameServer = 85.255.115.234,85.255.112.154
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Tambien se me cambia el fondo del escritorio a uno rojo que dice:
Warning your computer might be infected... bla bla bla
y y el la barra a un lado del reloj de windows salen 2 iconos que dicen que mi computadora puede estar infectada con quien sabe que, pero no son de windows.
Tambien hay muchos procesos raros en el sistema como:
msidle.exe
shell386.exe
osaupd.exe
MDM.exe
SVCHOST.exe
etc etc..
espero me puedan ayudar por favor
| |
|
|
| tordanxa |  |
|
Re: Ayuda con posibles virus - 2006-03-19 16:47 - Respuesta 2
Antes de pegar el log debes de hacer esto:
Pasa a tu ordenador tu antivirus y los siguientes programas actualizados y en modo a prueba de fallos:
Spybot S&D
Ad-aware (pack de lenguajes )
CwShredder
El Ad-Aware pásalo con la opción Realizar exploración completa del sistema
Limpia el ordenador de archivos y entradas de registro innecesarias
EasyCleaner
Regcleaner
Si no se ha solucionado pega el log (ahora sí)
Saludos | |
|
|
| dead_soldier | |
|
Re: Ayuda con posibles virus - 2006-03-19 18:16 - Respuesta 3
Bueno, ya hice lo que me dijiste, el spybot salio muy bueno, y ya limpie algunas cosillas que salieron ahi, solo que con el esasy cleaner ya me salen las entradas , pero la verdad no se muy bien cuales son las que debo eliminar, te pongo lo que salio aver si me puedes ayudar, no vaya a borrar unas que ni al caso y va a salir peor:
Raiz Clave del registro Modificado Variable de la cadena Referencia del archivo/destino
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\WINDOWS\wupdmgr.exe Balloon
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\WINDOWS\wupdmgr.exe Balloon
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Extensions 07/05/2005 05:59:47 a.m. xls C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/msexcel C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/xlc C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Extensions 07/05/2005 05:59:47 a.m. xls C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/msexcel C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/xlc C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Extensions 07/05/2005 05:59:47 a.m. mda C:\ARCHIV~1\MICROS~2\Office10\MSACCESS.EXE
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Extensions 07/05/2005 05:59:47 a.m. mdb C:\ARCHIV~1\MICROS~2\Office10\MSACCESS.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Extensions 07/05/2005 05:59:47 a.m. mda C:\ARCHIV~1\MICROS~2\Office10\MSACCESS.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Extensions 07/05/2005 05:59:47 a.m. mdb C:\ARCHIV~1\MICROS~2\Office10\MSACCESS.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/pot C:\ARCHIV~1\MICROS~2\Office10\POWERPNT.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/pps C:\ARCHIV~1\MICROS~2\Office10\POWERPNT.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/ppt C:\ARCHIV~1\MICROS~2\Office10\POWERPNT.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/pot C:\ARCHIV~1\MICROS~2\Office10\POWERPNT.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/pps C:\ARCHIV~1\MICROS~2\Office10\POWERPNT.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/ppt C:\ARCHIV~1\MICROS~2\Office10\POWERPNT.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/msword C:\ARCHIV~1\MICROS~2\Office10\WINWORD.EXE
HKEY_CURRENT_USER Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/rtf C:\ARCHIV~1\MICROS~2\Office10\WINWORD.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/msword C:\ARCHIV~1\MICROS~2\Office10\WINWORD.EXE
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Netscape\Netscape Navigator\Viewers 20/12/2005 12:02:37 p.m. application/rtf C:\ARCHIV~1\MICROS~2\Office10\WINWORD.EXE
HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. Log File Name c:\divx.log
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. Log File Name c:\divx.log
HKEY_CURRENT_USER Software\Microsoft\Office\11.0\PowerPoint\Recent File List 23/02/2006 02:49:56 p.m. File3 C:\DOCUME~1\CHAVAR~1\CONFIG~1\TEMP\EXHIBICIONESDECASCOVIEJOENCHEDRAUITORRESLANDA.ppt
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Office\11.0\PowerPoint\Recent File List 23/02/2006 02:49:56 p.m. File3 C:\DOCUME~1\CHAVAR~1\CONFIG~1\TEMP\EXHIBICIONESDECASCOVIEJOENCHEDRAUITORRESLANDA.ppt
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File7 C:\DOCUME~1\CHAVAR~1\CONFIG~1\TEMP\lesson183.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File7 C:\DOCUME~1\CHAVAR~1\CONFIG~1\TEMP\lesson183.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File8 C:\DOCUME~1\CHAVAR~1\CONFIG~1\TEMP\lesson377.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File8 C:\DOCUME~1\CHAVAR~1\CONFIG~1\TEMP\lesson377.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File5 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.017\staind-outside2.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File5 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.017\staind-outside2.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File1 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.096\trapt-hollowman.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File1 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.096\trapt-hollowman.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File6 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.529\polmetro-guerras_eternas.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File6 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.529\polmetro-guerras_eternas.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File2 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.677\system_of_a_down-hypnotize.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File2 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.677\system_of_a_down-hypnotize.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File4 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.678\kondo_koji-the_legend_of_zelda_-_ocarina_of_time_-_bolero_of_fire.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File4 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.678\kondo_koji-the_legend_of_zelda_-_ocarina_of_time_-_bolero_of_fire.ptb
HKEY_CURRENT_USER Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File3 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.705\thrice-image_of_the_invisible.ptb
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Power Tab Software\Power Tab Editor 1.7\Recent File List 03/12/2005 07:14:54 p.m. File3 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\Rar$DI00.705\thrice-image_of_the_invisible.ptb
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 0 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb0.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 0 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb0.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 1 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb1.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 1 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb1.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 2 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb2.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 2 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb2.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 3 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb3.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 3 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb3.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 4 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb4.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 4 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb4.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 5 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb5.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 5 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb5.tmp
HKEY_CURRENT_USER Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 6 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb6.tmp
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\MediaPlayer\Setup\FileMoveCache\Source 09/05/2005 01:47:56 a.m. 6 C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\setb6.tmp
HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. MV File Name c:\mvinfo.bin
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. MV File Name c:\mvinfo.bin
HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. Nth Pass debug file name c:\newrc.txt
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. Nth Pass debug file name c:\newrc.txt
HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. MP4 File Name c:\test.divx
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. MP4 File Name c:\test.divx
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main 03/12/2005 05:12:05 p.m. Local Page C:\WINDOWS\System32\blank.htm
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Internet Explorer\Main 03/12/2005 05:12:05 p.m. Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. YUV Dir Name c:\yuv
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\DivXNetworks\DivX4Windows 20/12/2005 09:41:50 a.m. YUV Dir Name c:\yuv
HKEY_CURRENT_USER Software\Ahead\Nero - Burning Rom\General 31/07/2005 11:05:43 p.m. RegisteredTypesNeroPath D:\ARCHIV~1\Ahead\nero\nero.exe
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Ahead\Nero - Burning Rom\General 31/07/2005 11:05:43 p.m. RegisteredTypesNeroPath D:\ARCHIV~1\Ahead\nero\nero.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\LocalServer32 08/08/2005 07:47:43 a.m. D:\ARCHIV~1\GLOBAL~1\CUTEFT~1\ftpte.exe
HKEY_CURRENT_USER Software\Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\LocalServer32 08/08/2005 07:47:43 a.m. D:\ARCHIV~1\GLOBAL~1\CUTEFT~1\ftpte.exe
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\LocalServer32 08/08/2005 07:47:43 a.m. D:\ARCHIV~1\GLOBAL~1\CUTEFT~1\ftpte.exe
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\LocalServer32 08/08/2005 07:47:43 a.m. D:\ARCHIV~1\GLOBAL~1\CUTEFT~1\ftpte.exe
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003_Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\LocalServer32 08/08/2005 07:47:43 a.m. D:\ARCHIV~1\GLOBAL~1\CUTEFT~1\ftpte.exe
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{02172B7A-11D6-42b6-9550-41B281804714}\LocalServer32 08/08/2005 07:47:43 a.m. D:\ARCHIV~1\GLOBAL~1\CUTEFT~1\ftpte.exe
HKEY_CURRENT_USER Software\Microsoft\Office\10.0\Common\Internet 29/08/2005 11:07:06 a.m. UseRWHlinkNavigation D:\Kazaa2\Music/mens/ex.3.rm
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Office\10.0\Common\Internet 29/08/2005 11:07:06 a.m. UseRWHlinkNavigation D:\Kazaa2\Music/mens/ex.3.rm
HKEY_CURRENT_USER AppEvents\Schemes\Apps\Wcescomm\PegConnectConfirm\.current 09/05/2005 05:16:48 a.m. d:\pegconn.wav
HKEY_CURRENT_USER AppEvents\Schemes\Apps\Wcescomm\PegConnectConfirm\.default 09/05/2005 05:16:48 a.m. d:\pegconn.wav
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\AppEvents\Schemes\Apps\Wcescomm\PegConnectConfirm\.current 09/05/2005 05:16:48 a.m. d:\pegconn.wav
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\AppEvents\Schemes\Apps\Wcescomm\PegConnectConfirm\.default 09/05/2005 05:16:48 a.m. d:\pegconn.wav
HKEY_LOCAL_MACHINE Software\Blizzard Entertainment\Starcraft\DelOpt1 15/09/2005 01:18:19 a.m. Path1 D:\Starcraft\maps\save
HKEY_LOCAL_MACHINE Software\Blizzard Entertainment\Starcraft\DelOpt1 15/09/2005 01:18:19 a.m. Path3 D:\Starcraft\maps\save
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\is-6NGA0.tmp\is-CL165.tmp Setup/Uninstall
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\is-P5IJV.tmp\is-6IG4G.tmp Setup/Uninstall
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\is-6NGA0.tmp\is-CL165.tmp Setup/Uninstall
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\is-P5IJV.tmp\is-6IG4G.tmp Setup/Uninstall
HKEY_CURRENT_USER Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\is-9AOO9.tmp\spybotsd_includes.exe spybotsd_includes
HKEY_USERS S-1-5-21-1202660629-2111687655-1060284298-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache 19/03/2006 11:52:01 p.m. C:\DOCUME~1\CHAVAR~1\CONFIG~1\Temp\is-9AOO9.tmp\spybotsd_includes.exe spybotsd_includes
| |
|
|
| tordanxa | |
|
Re: Ayuda con posibles virus - 2006-03-19 18:22 - Respuesta 4
Borra todas las que salen, el programa es de fiar, en caso de error siempre se puede deshacer.
Saludos | |
|
|
| dead_soldier | |
|
Re: Ayuda con posibles virus - 2006-03-19 18:42 - Respuesta 5
Bueno, pues parece que ya todo regresó a la normalidad.
Muchas gracias por la ayuda Rahel, fue de mucha utilidad. La vemos | |
|
|
|
