 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
12/09/06, 17:34:22
|  |
| |||
 problema supuesta barra google hola de nuevo, tengo el siguiente problema: hoy se me actualizo la barra de google y el Spybot me marcaba que se estaba alterando el registro o algo asi y no podia seleccionar denegar cambio (aparte no puedo ver bien los botones...), bueno la cosa es que hice un ad-aware y me encontró: Adware.AdMedia(TAC index:10):3 total references Win32.Trojan.Downloader(TAC index:10):5 total references hice despues el Ewido, nod32, reegseker. el unico que me encontraba cosas era el reegseker. despues reinicie el equipo y volvi a pasar el Ad-aware y me encontro denuevo esas dos cosas... ahora no se si en realidad es la barra de google o algo falso, pero siempre el Ad-aware me encuentra algo. asi que mejor les dejo mi log por si encuentran algun problema: Logfile of HijackThis v1.99.1 Scan saved at 16:17:06, on 12-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe C:\Archivos de programa\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\PV92Tray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\System32\svchost.exe C:\ARCHIV~1\Sony\SONICS~1\SsAAD.exe C:\Archivos de programa\Eset\nod32kui.exe C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe C:\Archivos de programa\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SsAAD.exe] C:\ARCHIV~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\RunOnce: ["C:\Archivos de programa\Creative\Creative WebCam Vista\WebCam Control\Ctimage.dll"] "C:\WINDOWS\system32\REGSVR32.EXE" /s "C:\Archivos de programa\Creative\Creative WebCam Vista\WebCam Control\Ctimage.dll" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.cl O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sabrinita81.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\PACSPTISVR.exe     |
|
12/09/06, 22:32:51
| |
| |||
 no puedo borrar estos malaware me autorespondo para poner los logs del Ad-aware y del Karpesky online (el Ad-aware me detecta siempre un malaware de TAC 10 y el Karpesky no me encontro nada). tambien ejecute el DelPsguard y nada. ahora tambien si quieren puedo poner el log de Spybot pero es muy largo... bueno primero el log de Ad-aware: Ad-Aware SE Build 1.06r1 Logfile Created on:Martes, 12 de Septiembre de 2006 21:08:28 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R123 12.09.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» » References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.AdMedia(TAC index:10):3 total references Alexa(TAC index:5):1 total references MRU List(TAC index:0):4 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-09-2006 21:08:28 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\El Carlos\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-3499916212-1809067083-516276246-1006\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3499916212-1809067083-516276246-1006\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3499916212-1809067083-516276246-1006\software\microsoft\windows\currentversion\exp lorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 572 ThreadCreationTime : 13-09-2006 1:05:13 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : 13-09-2006 1:05:14 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\SYSTEM32\ ProcessID : 808 ThreadCreationTime : 13-09-2006 1:05:15 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 852 ThreadCreationTime : 13-09-2006 1:05:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicación de servicios y controlador InternalName : services.exe LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 864 ThreadCreationTime : 13-09-2006 1:05:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1028 ThreadCreationTime : 13-09-2006 1:05:19 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1108 ThreadCreationTime : 13-09-2006 1:05:20 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1276 ThreadCreationTime : 13-09-2006 1:05:21 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1332 ThreadCreationTime : 13-09-2006 1:05:22 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1496 ThreadCreationTime : 13-09-2006 1:05:22 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1712 ThreadCreationTime : 13-09-2006 1:05:25 BasePriority : Normal FileVersion : 8.29 ProductVersion : 8.29 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:12 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1752 ThreadCreationTime : 13-09-2006 1:05:25 BasePriority : Normal FileVersion : 8.29 ProductVersion : 8.29 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1760 ThreadCreationTime : 13-09-2006 1:05:25 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2044 ThreadCreationTime : 13-09-2006 1:05:31 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorador de Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : EXPLORER.EXE #:15 [guard.exe] FilePath : C:\Archivos de programa\ewido anti-spyware 4.0\ ProcessID : 256 ThreadCreationTime : 13-09-2006 1:05:38 BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright © 2005 Anti-Malware Development a.s. OriginalFilename : guard.exe #:16 [nod32krn.exe] FilePath : C:\Archivos de programa\Eset\ ProcessID : 304 ThreadCreationTime : 13-09-2006 1:05:39 BasePriority : Normal FileVersion : 2, 51, 30 ProductVersion : 2, 51, 30 ProductName : NOD32 Antivirus System CompanyName : Eset FileDescription : NOD32 Kernel Service InternalName : NOD32 Kernel LegalCopyright : Copyright (c) 1992-2005 Eset LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset OriginalFilename : nod32krn.exe #:17 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 380 ThreadCreationTime : 13-09-2006 1:05:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:18 [pctspk.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 408 ThreadCreationTime : 13-09-2006 1:05:41 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : pctvoice Application CompanyName : Conexant Systems, Inc. FileDescription : pctvoice MFC Application InternalName : pctvoice LegalCopyright : Copyright© Conexant Systems, Inc. 2003 OriginalFilename : pctvoice.EXE #:19 [pv92tray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 428 ThreadCreationTime : 13-09-2006 1:05:41 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : PTV92Tray Application CompanyName : Conexant Systems, Inc. FileDescription : PTV92Tray Application InternalName : PTV92Tray LegalCopyright : Copyright© Conexant Systems, Inc. 2003 OriginalFilename : PTV92Tray.EXE #:20 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 436 ThreadCreationTime : 13-09-2006 1:05:41 BasePriority : Normal FileVersion : 3.50.31a CompanyName : Sonic Solutions FileDescription : Direct Access Component LegalCopyright : Copyright © 2002 Sonic Solutions #:21 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 448 ThreadCreationTime : 13-09-2006 1:05:41 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [msgplus.exe] FilePath : C:\Archivos de programa\MessengerPlus! 3\ ProcessID : 456 ThreadCreationTime : 13-09-2006 1:05:41 BasePriority : Normal #:23 [ssaad.exe] FilePath : C:\ARCHIV~1\Sony\SONICS~1\ ProcessID : 528 ThreadCreationTime : 13-09-2006 1:05:42 BasePriority : Normal FileVersion : 3.0.00.13241 FileDescription : SonicStage Atrac Hard Disk Monitor InternalName : SonicStage Atrac Hard Disk Monitor LegalCopyright : Copyright 2005 Sony Corporation #:24 [nod32kui.exe] FilePath : C:\Archivos de programa\Eset\ ProcessID : 668 ThreadCreationTime : 13-09-2006 1:05:42 BasePriority : Normal FileVersion : 2, 51, 30 ProductVersion : 2, 51, 30 ProductName : NOD32 Antivirus System CompanyName : Eset FileDescription : NOD32 Control Center GUI InternalName : NOD32 Control Center GUI LegalCopyright : Copyright (c) 1992-2005 Eset LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset OriginalFilename : nod32kui.exe #:25 [teatimer.exe] FilePath : C:\Archivos de programa\Spybot - Search & Destroy\ ProcessID : 696 ThreadCreationTime : 13-09-2006 1:05:43 BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. #:26 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1428 ThreadCreationTime : 13-09-2006 1:06:08 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:27 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2300 ThreadCreationTime : 13-09-2006 1:06:15 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:28 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3428 ThreadCreationTime : 13-09-2006 1:06:41 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Actualizaciones automáticas InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : wuauclt.exe #:29 [ad-aware.exe] FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal2\ ProcessID : 2588 ThreadCreationTime : 13-09-2006 1:08:15 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.AdMedia Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Adware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-3499916212-1809067083-516276246-1006\software\microsoft\windows\currentversion\ext \stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "Alexa Toolbar" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform Value : Alexa Toolbar Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 6 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 6 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.AdMedia Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net Adware.AdMedia Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 8 21:16:50 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:08:21.922 Objects scanned:161176 Objects identified:4 Objects ignored:0 New critical objects:4 *nota* lo de alexa es solo un registro creado, no instale la barra. ---------------------------------------------------------------------- log de Karspeky: Tuesday, September 12, 2006 8:13:23 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 13/09/2006 Kaspersky Anti-Virus database records: 209844 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ Scan Statistics Total number of scanned objects 63727 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 00:39:19 Infected Object Name Virus Name Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{987817 01-8ABF-49BC-AC2F-02396F4C3544}.bin Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\El Carlos\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\El Carlos\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\El Carlos\Configuración local\Historial\History.IE5\MSHist0120060912200609 13\index.dat Object is locked skipped C:\Documents and Settings\El Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\El Carlos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\El Carlos\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\El Carlos\Cookies\index.dat Object is locked skipped C:\Documents and Settings\El Carlos\ntuser.dat Object is locked skipped C:\Archivos de programa\ESET\logs\virlog.dat Object is locked skipped C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked skipped C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked skipped Scan process completed. a se me olvidaba, ya actualize el windows hoy, pero despues del log de hijackthis, si quieren pego uno nuevo. bueno ojalá que puedan ayudarme. cya. Última edición por el_carlos fecha: 12/09/06 a las 22:38:19. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| barra google...(Solucionado) | micalama | Ayuda General | 3 | 09/01/07 17:14:56 |
| Firefox Con Barra Google | neyo | Foro de Virus y Spywares | 3 | 04/09/06 15:59:49 |
| Problema con un aviso en la barra de tareas | shogou | Foro Oficial de HijackThis en español | 1 | 08/12/05 18:54:13 |
| Problema Con Barra De C2.lop Que No Se Quita Con Nada | maquina_azul | Foro Oficial de HijackThis en español | 3 | 08/08/05 12:35:04 |
| problema con una barra azul (solucionado) | redskin | Temas Solucionados | 3 | 19/07/05 05:02:29 |
Todas las horas son GMT -4. La hora es 05:03:45.
