He pasado todos los antivirus que me has dicho, pero la cosa sigue igual. Concretamente el último que me dijistes que pasara localizó lo siguiente:
c:\nnctl.exe is infected with Keylogger.Trojan
c:\WINDOWS\SYSTEM\systemie.exe is infected with Keylogger.Trojan
c:\WINDOWS\SYSTEM\sief.dat is infected with Keylogger.Trojan
c:\WINDOWS\SYSTEM\systemie.dll is infected with Keylogger.Trojan
No sé si he hecho lo correcto, pero he borrado nnctl.exe y sief.dat, los otros me decía que no podía eliminarlos. En otro de los antivirus que pasé detectó lo siguiente:
Incident Status Location
Virus:Trj/Narod.B Disinfected Operating system
Virus:Trj/Narod.B Renamed C:\WINDOWS\SYSTEM\sysie.dll
Virus:Trj/Narod.B No disinfected C:\WINDOWS\SYSTEM\systemp.exe
Virus:Trj/Narod.B No disinfected C:\WINDOWS\SYSTEM\sp.dat
Virus:Trj/Narod.B Renamed C:\WINDOWS\SYSTEM\systemp.dll
Virus:Trj/Narod.B Renamed C:\WINDOWS\SYSTEM\sysp.dll
Virus:Trj/Narod.B Disinfected C:\ppdtl.exe
He vuelto a pasar el Ad-Aware bajo las indicaciones que me recomendastes y el último log es este:
Lavasoft Ad-aware Personal Build 6.181
Logfile creado:domingo, 16 de mayo de 2004 15:57:01
Created with Ad-aware Personal, free for private use.
Usando archivo de referencia:01R303 08.05.2004
______________________________________________________
Reffile status:
=========================
archivo de la referencia cargado:
Reference Number : 01R303 08.05.2004
Internal build : 235
File location : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1096786 Bytes
Signature data size : 1078166 Bytes
Reference data size : 18556 Bytes
Signatures total : 24182
Target categories : 10
Target families : 463
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:34 %
Total physical memory:261564 kb
Available physical memory:720 kb
Total page file size:1835584 kb
Available on page file:1733848 kb
Total virtual memory:2093056 kb
Available virtual memory:2048576 kb
OS:Windows (98)
Ad-aware Settings
=========================
Juego : Activar escaneo en profundidad
Juego : Modo seguro (siempre pide una confirmación)
Juego : Escanear procesos activos
Juego : Escanear registro
Juego : Escanear registro a fondo
Juego : Escanear Favorito de IE para los sitios prohibidos
Juego : Escanear dentro de los archivos
Juego : Scan my Hosts file
Extended Ad-aware Settings
=========================
Juego : Unload recognized processes during scanning
Juego : Reanalyze result after scanning, before displaying result list
Juego : Run scan as background process (Low CPU usage)
Juego : Include basic Ad-aware settings in logfile
Juego : Include additional Ad-aware settings in logfile
Juego : Let windows remove files in use at next reboot
Juego : Delete quarantined objects after restoring
Juego : Remember window positions
Juego : Snap windows to desktop border
Juego : Always back up reference file, before updating
Juego : Create and save WebUpdate logfile
Juego : Dump details about unhandled exceptions to disk
16-05-04 15:57:01 - Scan started. (Smart mode)
Listando procesos activos
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291786767
Threads : 4
Priority : High
FileSize : 468 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Componente del n
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Sistema operativo Microsoft(R) Windows(R)
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921375
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Servidor de mensajes VxD de 32 bits de Windows
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Sistema operativo Microsoft(R) Windows(R)
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294949679
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:4 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294955319
Threads : 2
Priority : Normal
FileSize : 116 KB
FileVersion : 4.71.1959.1
ProductVersion : 4.71.1959.1
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Motor de Programador de tareas
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Programador de tareas de Microsoft
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:5 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294852503
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:6 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294843795
Threads : 28
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : (C) Microsoft Corporation 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Sistema operativo Microsoft(R) Windows NT(R)
Created on : 05/05/99 20:22:00
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:7 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294900155
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:8 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294887655
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : Subprograma Bandeja de sistema
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Sistema operativo Microsoft(R) Windows(R)
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:9 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294883651
Threads : 6
Priority : Realtime
FileSize : 32 KB
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 08/12/03 18:19:14
Last accessed : 15/05/04 22:00:00
Last modified : 11/12/02 22:14:32
#:10 [navapw32.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\
ProcessID : 4294880199
Threads : 20
Priority : Normal
FileSize : 77 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 29/04/02 8:53:42
Last accessed : 15/05/04 22:00:00
Last modified : 25/03/02 10:25:26
#:11 [createcd50.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\ADAPTEC SHARED\CREATECD\
ProcessID : 4294875499
Threads : 1
Priority : Normal
FileSize : 112 KB
FileVersion : 5.1 (60)
ProductVersion : 5.1 (60)
Copyright : Copyright (c) 1999-2001 Roxio, Inc.
CompanyName : Roxio
FileDescription : Roxio Create CD
InternalName : createcd.exe
OriginalFilename : createcd.exe
ProductName : Easy CD Creator
Created on : 14/09/01 11:48:08
Last accessed : 15/05/04 22:00:00
Last modified : 14/09/01 11:48:08
#:12 [directcd.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\
ProcessID : 4294810415
Threads : 1
Priority : Normal
FileSize : 640 KB
FileVersion : 5.10 (115)
ProductVersion : 5.10 (115)
Copyright : Copyright
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 14/09/01 9:34:38
Last accessed : 15/05/04 22:00:00
Last modified : 14/09/01 9:34:38
#:13 [rundll32.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294831991
Threads : 1
Priority : Normal
FileSize : 24 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Ejecutar un archivo DLL como una aplicaci
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Sistema operativo Microsoft(R) Windows(R)
Created on : 05/05/99 20:22:00
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:14 [realsched.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\
ProcessID : 4294831227
Threads : 2
Priority : Normal
FileSize : 148 KB
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealOne Player (32-bit)
Created on : 29/12/03 13:12:35
Last accessed : 15/05/04 22:00:00
Last modified : 29/12/03 13:12:36
#:15 [systemie.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294729643
Threads : 1
Priority : Normal
FileSize : 5 KB
Created on : 10/04/04 13:11:07
Last accessed : 15/05/04 22:00:00
Last modified : 10/04/04 13:11:06
#:16 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294664615
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:17 [emule.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\EMULE\
ProcessID : 4294638159
Threads : 3
Priority : Normal
FileSize : 3328 KB
FileVersion : 0.42.4
ProductVersion : 0.42.4
Copyright : Copyright
CompanyName :
http://www.emule-project.org FileDescription : eMule
InternalName : emule.exe
OriginalFilename : emule.exe
ProductName : eMule
Created on : 01/04/04 21:03:26
Last accessed : 15/05/04 22:00:00
Last modified : 01/04/04 21:03:28
#:18 [pstores.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294899587
Threads : 3
Priority : Normal
FileSize : 79 KB
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
OriginalFilename : Protected storage server
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:19 [studio.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\WINAMP3\
ProcessID : 4294470511
Threads : 8
Priority : Normal
FileSize : 611 KB
FileVersion : 1, 0, 0, 454
ProductVersion : 1, 0, 0, 454
Copyright : Copyright
CompanyName : Nullsoft
FileDescription : Winamp3
InternalName : Studio
OriginalFilename : Studio.exe
ProductName : Nullsoft Winamp3
Created on : 28/11/01 19:41:16
Last accessed : 15/05/04 22:00:00
Last modified : 28/11/01 19:41:16
#:20 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294325227
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Servidor de telefon
InternalName : Servicio de telefon
OriginalFilename : TAPISRV.EXE
ProductName : Sistema operativo Microsoft(R) Windows(R)
Created on : 01/01/01
Last accessed : 15/05/04 22:00:00
Last modified : 05/05/99 20:22:00
#:21 [ad-aware.exe]
FilePath : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 6\
ProcessID : 4294333159
Threads : 3
Priority : Idle
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 26/01/04 20:14:08
Last accessed : 15/05/04 22:00:00
Last modified : 12/07/03 19:00:20
Resultados Escaneo de la memoria:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Nuevos objetos: 0
Objetos encontrados hasta ahora: 0
Inicio escaneo del Registro
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Resultados Escaneo del registro:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Nuevos objetos: 0
Objetos encontrados hasta ahora: 0
Inicio escaneo profundo del Registro
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Resultados Escaneo Profundo del registro:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Nuevos objetos: 0
Objetos encontrados hasta ahora: 0
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Escaneando y examinando archivos en profundidad (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Scanning Hosts file(C:\WINDOWS\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
0 entries scanned.
Nuevos objetos:0
Objetos encontrados hasta ahora: 0
16:00:05 Escaneo completo
Resumen Del escaneo
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total tiempo escaneo:00:03:03:890
Objetos Escaneados:35565
Objetos identificados:0
Objetos ignorados:0
Nuevos objetos:0
También instalé el programa a2, lo he actualizado y pasado y no me ha detectado nada.
A ver si por favor me puedes echar una manita. Muchas gracias por todo y un saludo.