Ultimate defender ?? (Solucionado)

Buscar

		Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Ultimate defender ?? (Solucionado)

Para evitar Virus, Spyware y ventanas emergentes, en InfoSpyware recomendamos navegar con: FIREFOX

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Herramientas

post #1 (permalink)

25/09/06, 00:27:47

anagriselda anagriselda está offline

Usuario

Registrado: sep 2006

Ubicación: chile

Mensajes: 5

Ultimate defender ?? (Solucionado)

Hola gente !!! Como estan ??
Recurro a ustedes ya que segui todos los pasos que citan en este foro excelente, pero no puedo sacar el ultimate defender (?)

(tengo dudas ya a esta altura de que virus o spy tengo...

)
Ya no se me ocurre nada mas que hacer...por lo que asumo que me falta borrar algo o arreglar algun archivo.. Por favor espero su ayuda !!!!

Les mando el Log :

Logfile of HijackThis v1.99.1
Scan saved at 10:53:57 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
O4 - HKLM\..\Run: [uhvjsul.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: .protected
O4 - Startup: Inicio rápido de Microsoft Office OneNote 2007 (Beta).lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140740615707
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143158356328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Eso es todo....Muchas Gracias...

Saludos.

Anita

post #2 (permalink)

25/09/06, 20:40:35

ElPiedra

FS-Admin

Registrado: ene 2005

Ubicación: Miami

Mensajes: 29.324

Re: Ultimate defender ??

Hola anagriselda, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga estas herramientas pero no las ejecutes aun:

Paso 2- Reinicia eh inicia en "Modo a prueba de fallos" (modo seguro)

Paso 3- Con todos los programas cerrados ejecuta HijackThis y dale a estas entradas:

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)

O4 - HKLM\..\Run: [uhvjsul.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf

O4 - Startup: .protected
O4 - Global Startup: .protected

O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

Paso 4- Ejecuta estas herramientas, de a una:

DelPSGuard.exe <- Guarda su reporte.
Spy Sweeper 5.0

Paso 5- Usa el Disk Cleaner para limpiar cookies y temporales y RegSeeker para limpiar el registro de Win.

Paso 6- Reinicia y hacele un escaneo online con "Panda ActiveScan Online"

Reinicia y nos contas los resultados junto a un nuevo reporte de HJT y DelPSGuard.

Salu2

Hablándole al mundo en "Twitter""

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

post #3 (permalink)

26/09/06, 17:20:12

anagriselda anagriselda está offline

Usuario

Registrado: sep 2006

Ubicación: chile

Mensajes: 5

Re: Ultimate defender ??

Hola El piedra....gracias por ayudarme....
Te cuento que hice todos los pasos y no pude borrar las siguientes entradas :

O4 - Startup: .protected
O4 - Global Startup: .protected

Ahora igualmente no me sale el mensaje de error que me salida antes

.

Una cosita nomas....ahora como pagina de inicio me quedo la de ustedes, pero si la cambio no me hace caso...sigue la de ustedes, como lo podre solucionar ??

Bueno, te mando lo pedido, con la salvedad que por esas cosas de la vida, tuve q pasar dos veces el DelPSguard, la primera vez me salio que habia borrado una carpeta .protected en la carpeta del Windows...
La segunda pasada me dio lo siguiente :
DelPSGuard v 4.1.7
Escaneo a las: 15:02:49.90, Tue 09/26/2006
SO: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»

»»»»»»»»»»»» FIN »»»»»»»»»»»»
Creado por www.forospyware.com

Y ahora te mando el HJT

Logfile of HijackThis v1.99.1
Scan saved at 4:09:32 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: .protected
O4 - Startup: Inicio rápido de Microsoft Office OneNote 2007 (Beta).lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1140740615707
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143158356328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Ademas luego de todo esto, volvi a pasar el SpySweepwer ( q te comento q no te permite limpiar ya q hay que pagar...) y me salio esto :

3:40 PM: Traces Found: 10
3:40 PM: Full Sweep has completed. Elapsed time 00

28
3:40 PM: File Sweep Complete, Elapsed Time: 00:09:02
3:40 PM: Warning: Failed to access drive F:
3:40 PM: Warning: Failed to access drive E:
3:36 PM: iesafe.exe (ID = 351700)
3:31 PM: ucleaner.pkg (ID = 351960)
3:31 PM: uninstall.exe (ID = 351701)
3:31 PM: ultimate cleaner (2 subtraces) (ID = 2147529467)
3:31 PM: ultimate cleaner (3 subtraces) (ID = 2147529431)
3:31 PM: Found Adware: ultimate cleaner
3:31 PM: Starting File Sweep
3:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3:31 PM: Starting Cookie Sweep
3:31 PM: Registry Sweep Complete, Elapsed Time:00:01:05
3:30 PM: Memory Sweep Complete, Elapsed Time: 00:00:00
3:30 PM: Starting Registry Sweep
3:30 PM: Starting Memory Sweep
3:29 PM: Sweep initiated using definitions version 769
3:29 PM: Spy Sweeper 5.0.7.1608 started
3:29 PM: | Start of Session, Tuesday, September 26, 2006 |
********
3:29 PM: | End of Session, Tuesday, September 26, 2006 |
3:29 PM: Program Version 5.0.7.1608 Using Spyware Definitions 769
3:00 PM: Spy Sweeper 5.0.7.1608 started
2:38 PM: | End of Session, Tuesday, September 26, 2006 |
2:37 PM: Your spyware definitions have been updated.
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:36 PM: Shield States
2:36 PM: Spyware Definitions: 734
2:35 PM: Spy Sweeper 5.0.7.1608 started
Operation: File Access
Target:
Source: C:\WINDOWS\SYSTEM32\LOGONUI.EXE
2:29 PM: Tamper Detection
2:14 PM: Access to Hosts file allowed for C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
1:51 PM: Tamper Detection
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:54 PM: Shield States
12:53 PM: Spyware Definitions: 734
12:53 PM: Spy Sweeper 5.0.7.1608 started
12:33 PM: Spy Sweeper 5.0.7.1608 started
12:02 PM: | End of Session, Tuesday, September 26, 2006 |
12:02 PM: Program Version 5.0.7.1608 Using Spyware Definitions 734
12:02 PM: Spy Sweeper 5.0.7.1608 started
12:02 PM: | Start of Session, Tuesday, September 26, 2006 |
********
12:12 PM: Traces Found: 4
12:12 PM: Full Sweep has completed. Elapsed time 00:09:45
12:12 PM: File Sweep Complete, Elapsed Time: 00:08:42
12:12 PM: Warning: Failed to access drive F:
12:12 PM: Warning: Failed to access drive E:
12:03 PM: Starting File Sweep
12:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:03 PM: ana@statcounter[1].txt (ID = 3447)
12:03 PM: Found Spy Cookie: statcounter cookie
12:03 PM: ana@m.webtrends[2].txt (ID = 3669)
12:03 PM: Found Spy Cookie: webtrends cookie
12:03 PM: ana@ad.yieldmanager[1].txt (ID = 3751)
12:03 PM: Found Spy Cookie: yieldmanager cookie
12:03 PM: Starting Cookie Sweep
12:03 PM: Registry Sweep Complete, Elapsed Time:00:00:16
12:03 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
12:03 PM: Found Trojan Horse: trojan agent winlogonhook
12:03 PM: Starting Registry Sweep
12:03 PM: Memory Sweep Complete, Elapsed Time: 00:00:38
12:02 PM: Starting Memory Sweep
12:02 PM: Sweep initiated using definitions version 734
12:02 PM: Spy Sweeper 5.0.7.1608 started
12:02 PM: | Start of Session, Tuesday, September 26, 2006 |
********
2:54 PM: Traces Found: 12
2:54 PM: Full Sweep has completed. Elapsed time 00:15:17
2:54 PM: File Sweep Complete, Elapsed Time: 00:12:04
2:54 PM: Warning: Failed to access drive F:
2:54 PM: Warning: Failed to access drive E:
2:49 PM: C:\Program Files\Ultimate Cleaner\IeSafe.exe (ID = 351700)
2:42 PM: C:\Program Files\Ultimate Cleaner\ucleaner.pkg (ID = 351960)
2:42 PM: C:\Program Files\Ultimate Cleaner\Uninstall.exe (ID = 351701)
2:42 PM: C:\Program Files\Ultimate Cleaner (3 subtraces) (ID = 2147529431)
2:42 PM: C:\Documents and Settings\Ana\Application Data\Ultimate Cleaner (2 subtraces) (ID = 2147529467)
2:42 PM: Found Adware: ultimate cleaner
2:42 PM: Starting File Sweep
2:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:42 PM: c:\documents and settings\ana\cookies\ana@ad.yieldmanager[2].txt (ID = 3751)
2:42 PM: Found Spy Cookie: yieldmanager cookie
2:42 PM: Starting Cookie Sweep
2:42 PM: Registry Sweep Complete, Elapsed Time:00:00:19
2:41 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
2:41 PM: Found Trojan Horse: trojan agent winlogonhook
2:41 PM: Starting Registry Sweep
2:41 PM: Memory Sweep Complete, Elapsed Time: 00:02:45
2:38 PM: Starting Memory Sweep
2:38 PM: Sweep initiated using definitions version 769
2:38 PM: Spy Sweeper 5.0.7.1608 started
2:38 PM: | Start of Session, Tuesday, September 26, 2006 |
********

Bueno, espero que me digas si todo esta ok o no si???
editado : te cuento que reinicie por enesima vez mi compu, y me sale el cartelito de q mi computadora esta en riesgo porque no tengo firwalll...extranio no ???
fin editado
Muchisimas Gracias

..

Anita.

Última edición por anagriselda fecha: 26/09/06 a las 17:31:17. Razón: me salio algo nuevo que quizas ayude

post #4 (permalink)

26/09/06, 18:15:52

ElPiedra

FS-Admin

Registrado: ene 2005

Ubicación: Miami

Mensajes: 29.324

Re: Ultimate defender ??

Hola anagriselda,

Bien vamos por partes:

1.- Si el Spy Sweeper no te permite borrar lo que encuentra es porque ya has tenido este programa en el pasado y el mismo cuanta únicamente con 15 días de uso completo free, luego si hay que pagarlo si uno lo quiere.

2.- El tema de la pagina de inicio que no puedas cambiar es justamente porque Spy Sweeper esta protegiéndote de cualquier cambio, por lo que cuando lo desinstales proba y vas a ver que si podes.

3.- En cuanto al log esta relativamente limpio, aunque todavía están estas entradas:

O4 - Startup: .protected
O4 - Global Startup: .protected

Fíjate si con el HJT en modo a prueba de fallos las podes sacar y antes si no tenes ningún proceso con nombre similar corriendo.

Descarga y ejecuta el programa Ewido Anti-Malware 4.0 y si el Panda Online te encuentra algo nos dejas su informe acá.

SAlu2

Hablándole al mundo en "Twitter""

post #5 (permalink)

26/09/06, 21:37:06

anagriselda anagriselda está offline

Usuario

Registrado: sep 2006

Ubicación: chile

Mensajes: 5

Re: Ultimate defender ??

hola el piedra...yo de nuevo..

pase el ewido y panda...
Me salio una cookie que se reparo :

Incidencia Estado Elemento

Spyware:Cookie/Statcounter No desinfectado C:\Documents and Settings\Ana\Cookies\ana@statcounter[1].txt

Lo raro es que cuando reinicio me sale un globo en la esquina derecha inferior que me dice que mi sistema esta en riesgo porque no tengo firewalls activos...dura unos segundos, desaparece y aparezco otra vez con los firewalls activos....raro

te mando el reporte del HJT...no pude limpiar las entradas ni en modo seguro ni en modo normal

... ahi va..

Logfile of HijackThis v1.99.1
Scan saved at 8:30:10 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SigmaTel StacMon] "C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: .protected
O4 - Startup: Inicio rápido de Microsoft Office OneNote 2007 (Beta).lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140740615707
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143158356328
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Bueno, muchas gracias...

Saludos.

Anita.

post #6 (permalink)

28/09/06, 16:46:23

ElPiedra

FS-Admin

Registrado: ene 2005

Ubicación: Miami

Mensajes: 29.324

Re: Ultimate defender ??

Hola, el log salvo por esas entradas sale limpio, por lo que usa otros Antivirus online a ver si te encuentran algo.

Lo otro ya puede ser algun problema de Windows por lo que inicia el PC con el CD de Win y usar la opción de "Reparar Errores"

Salu2

Hablándole al mundo en "Twitter""

post #7 (permalink)

03/10/06, 16:06:16

anagriselda anagriselda está offline

Usuario

Registrado: sep 2006

Ubicación: chile

Mensajes: 5

Re: Ultimate defender ??

Hola elpiedra...
Perdon por la tardanza pero estaba de viaje....

Trate de borrar los archivos estos, pero son muy rebeldes

Pase el kaspersky y aparentemente no tengo nada grave....Te lo mando y si no escontras nada raro, demos por cerrado el tema si ??

Agradecerte muchisimo y mucha suerte en la votacion

(yo ya vote

)

Ahi va el reporte

KASPERSKY ONLINE SCANNER REPORT
Monday, October 02, 2006 7:45:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/10/2006
Kaspersky Anti-Virus database records: 215173

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 55071
Number of viruses found 4
Number of infected objects 13 / 0
Number of suspicious objects 4
Duration of the scan process 01:48:24

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-09232006-191017.log Object is locked skipped

C:\Documents and Settings\Ana\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Carpetas personales/Bandeja de entrada/17 May 2006 23:27 from Mail Delivery System:Mail delivery failed.eml/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Carpetas personales/Bandeja de entrada/17 May 2006 23:27 from Mail Delivery System:Mail delivery failed.eml/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Carpetas personales/Bandeja de entrada/17 May 2006 23:27 from Mail Delivery System:Mail delivery failed.eml/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Carpetas personales/Bandeja de entrada/17 May 2006 23:27 from Mail Delivery System:Mail delivery failed.eml/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Carpetas personales/Bandeja de entrada/17 May 2006 23:27 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 3, suspicious - 2 skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ana\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ana\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ana\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ana\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\05FC38D8.tmp Infected: Trojan.Win32.Dialer.qs skipped

C:\Program Files\Norton AntiVirus\Quarantine\1FCF0549.tmp Infected: Trojan.Win32.Dialer.qs skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8EC4936A-5899-49E8-B3EA-BE7C199DBAB2}\RP2\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

D:\almacen\Deleted Items.dbx/[From alegatita@hotmail.com][Date Wed, 23 Nov 2005 19:29:36 GMT]/UNNAMED/mailtext.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped

D:\almacen\Deleted Items.dbx/[From alegatita@hotmail.com][Date Wed, 23 Nov 2005 19:29:36 GMT]/UNNAMED/mailtext.zip Infected: Email-Worm.Win32.Sober.y skipped

D:\almacen\Deleted Items.dbx/[From alegatita@hotmail.com][Date Wed, 23 Nov 2005 19:29:36 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.y skipped

D:\almacen\Deleted Items.dbx Mail MS Outlook 5: infected - 3 skipped

D:\almacen 2\Inbox.dbx/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\almacen 2\Inbox.dbx/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\almacen 2\Inbox.dbx/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped

D:\almacen 2\Inbox.dbx/[From ana.g.rodriguez@gmail.com][Date Wed, 17 May 2006 21:22:37 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

D:\almacen 2\Inbox.dbx Mail MS Outlook 5: infected - 2, suspicious - 2 skipped

D:\RECYCLER\NPROTECT\00000000.exe Object is locked skipped

Scan process completed.

post #8 (permalink)

04/10/06, 14:22:12

ElPiedra

FS-Admin

Registrado: ene 2005

Ubicación: Miami

Mensajes: 29.324

Re: Ultimate defender ??

Hola bien sobre lo que encuentra Kaspersky no es nada grabe pero igual te conviene seguir las rutas de lo qeu te marca como infectado y sacarlo manualmente.

Salu2

Hablándole al mundo en "Twitter""

post #9 (permalink)

04/10/06, 16:21:14

anagriselda anagriselda está offline

Usuario

Registrado: sep 2006

Ubicación: chile

Mensajes: 5

Re: Ultimate defender ??

si elpiedra, eso ya lo hice..
El tema queda cerrado..

Muchisimas Gracias Por todo...

« Tema Anterior | Próximo Tema »

Herramientas
Mostrar Versión Imprimible Enviar por Correo

Reglas del foro
No puedes crear nuevos temas No puedes responder temas No puedes subir adjuntos No puedes editar tus mensajes BB code is activado Las caritas están activado Código [IMG] está activado Código HTML está desactivado Trackbacks are desactivado Pingbacks are desactivado Refbacks are desactivado

Ir a

Temas Similares

Tema	Autor	Foro	Respuestas	Último mensaje
problemas con ultimate defender.... (Solucionado)	Hector velazque	Temas Solucionados	3	27/09/06 22:39:28
varios problemas de popups (Solucionado)	rhapsody	Temas Solucionados	2	12/07/06 16:29:38
Miren a ver si lo he solucionado!!!! (solucionado)	Nesta	Temas Solucionados	4	14/12/05 06:46:00
no puedo recuperar pagina de inicio (solucionado)	conceti	Temas Solucionados	12	14/07/05 15:45:46
vroomsearch, creo que solucionado (solucionado)	Edgardo	Temas Solucionados	4	23/02/05 20:46:18

Todas las horas son GMT -4. La hora es 05:33:18.

InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals