 |
| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Herramientas |
 | 
12/01/07, 06:00:42
|  |
| |||
| Paginas de IE se abren solas en in idioma asiático (Terminado) Hola tengo un problema que cada vez que abro en Internet Explorer se abren solas paginas en un idioma asiático una tras otra esto ya me tiene muy saturado que no me deja navegar normalmente ya he ejecutado el panda, Spybot - Search & Destroy, Ad-ware y el Disk Cleaner y aun me sigue el problema aquí dejo mi Log HijackThis para haver si me ayudar con este problema y arreglarlo de la manera correcta. * HijackThis v1.99.1 * Written by Merijn - merijn@spywareinfo.com http://www.merijn.org/files/hijackthis.zip http://www.merijn.org/index.html See bottom for version history. The different sections of hijacking possibilities have been separated into the following groups. You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'. R - Registry, StartPage/SearchPage changes R0 - Changed registry value R1 - Created registry value R2 - Created registry key R3 - Created extra registry value where only one should be F - IniFiles, autoloading entries F0 - Changed inifile value F1 - Created inifile value F2 - Changed inifile value, mapped to Registry F3 - Created inifile value, mapped to Registry N - Netscape/Mozilla StartPage/SearchPage changes N1 - Change in prefs.js of Netscape 4.x N2 - Change in prefs.js of Netscape 6 N3 - Change in prefs.js of Netscape 7 N4 - Change in prefs.js of Mozilla O - Other, several sections which represent: O1 - Hijack of auto.search.msn.com with Hosts file O2 - Enumeration of existing MSIE BHO's O3 - Enumeration of existing MSIE toolbars O4 - Enumeration of suspicious autoloading Registry entries O5 - Blocking of loading Internet Options in Control Panel O6 - Disabling of 'Internet Options' Main tab with Policies O7 - Disabling of Regedit with Policies O8 - Extra MSIE context menu items O9 - Extra 'Tools' menuitems and buttons O10 - Breaking of Internet access by New.Net or WebHancer O11 - Extra options in MSIE 'Advanced' settings tab O12 - MSIE plugins for file extensions or MIME types O13 - Hijack of default URL prefixes O14 - Changing of IERESET.INF O15 - Trusted Zone Autoadd O16 - Download Program Files item O17 - Domain hijack O18 - Enumeration of existing protocols and filters O19 - User stylesheet hijack O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key O22 - SharedTaskScheduler autorun Registry key O23 - Enumeration of NT Services Command-line parameters: * /autolog - Automatically scan the system, save a logfile and open it * /ihatewhitelists - ignore all internal whitelists * /uninstall - remove all HijackThis Registry entries, backups and quit * Version history * [v1.99.1] * Added Winlogon Notify keys to O20 listing * Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing * Fixed lots and lots of 'unexpected error' bugs * Fixed lots of inproper functioning bugs (i.e. stuff that didn't work) * Added 'Delete NT Service' function in Misc Tools section * Added ProtocolDefaults to O15 listing * Fixed MD5 hashing not working * Fixed 'ISTSVC' autorun entries with garbage data not being fixed * Fixed HijackThis uninstall entry not being updated/created on new versions * Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list * Added option to scan the system at startup, then show results or quit if nothing found [v1.99] * Added O23 (NT Services) in light of newer trojans * Integrated ADS Spy into Misc Tools section * Added 'Action taken' to info in 'More info on this item' [v1.98] * Definitive support for Japanese/Chinese/Korean systems * Added O20 (AppInit_DLLs) in light of newer trojans * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans * Added O22 (SharedTaskScheduler) in light of newer trojans * Backups of fixed items are now saved in separate folder * HijackThis now checks if it was started from a temp folder * Added a small process manager (Misc Tools section) [v1.96] * Lots of bugfixes and small enhancements! Among others: * Fix for Japanese IE toolbars * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's * Attributes on Hosts file will now be restored when scanning/fixing/restoring it. * Added several files to the LSP whitelist * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list [v1.95] * Added a new regval to check for from Whazit hijack (Start Page_bak). * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap). * New in logfile: Running processes at time of scan. * Checkmarks for running StartupList with /full and /complete in HijackThis UI. * New O19 method to check for Datanotary hijack of user stylesheet. * Google.com IP added to whitelist for Hosts file check. [v1.94] * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems. * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!). * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist. * Fixed a bug where DPF could not be deleted. * Fixed a stupid bug in enumeration of autostarting shortcuts. * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops). * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered. * Added support for backing up F0 and F1 items (d'oh!). [v1.93] * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist. * Fixed a bug in LSP routine for Win95. * Made taborder nicer. * Fixed a bug in backup/restore of IE plugins. * Added UltimateSearch hijack in O17 method (I think). * Fixed a bug with detecting/removing BHO's disabled by BHODemon. * Also fixed a bug in StartupList (now version 1.52.1). [v1.92] * Fixed two stupid bugs in backup restore function. * Added DiamondCS file to LSP files safelist. * Added a few more items to the protocol safelist. * Log is now opened immediately after saving. * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow). * Updated integrated StartupList to v1.52. * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted. * Rudimentary proxy support for the Check for Updates function. [v1.91] * Added rd.yahoo.com to the Nonstandard But Safe Domains list. * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18). * Added listing of programs/links in Startup folders (O4). * Fixed 'Check for Update' not detecting new versions. [v1.9] * Added check for Lop.com 'Domain' hijack (O17). * Bugfix in URLSearchHook (R3) fix. * Improved O1 (Hosts file) check. * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys. * Added AutoConfigURL and proxyserver checks (R1). * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected. * Added check for extra protocols (O18). [v1.81] * Added 'ignore non-standard but safe domains' option. * Improved Winsock LSP hijackers detection. * Integrated StartupList updated to v1.4. [v1.8] * Fixed a few bugs. * Adds detecting of free.aol.com in Trusted Zone. * Adds checking of URLSearchHooks key, which should have only one value. * Adds listing/deleting of Download Program Files. * Integrated StartupList into the new 'Misc Tools' section of the Config screen! [v1.71] * Improves detecting of O6. * Some internal changes/improvements. [v1.7] * Adds backup function! Yay! * Added check for default URL prefix * Added check for changing of IERESET.INF * Added check for changing of Netscape/Mozilla homepage and default search engine. [v1.61] * Fixes Runtime Error when Hosts file is empty. [v1.6] * Added enumerating of MSIE plugins * Added check for extra options in 'Advanced' tab of 'Internet Options'. [v1.5] * Adds 'Uninstall & Exit' and 'Check for update online' functions. * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service) [v1.4] * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer * A few bugfixes/enhancements [v1.3] * Adds detecting of extra MSIE context menu items * Added detecting of extra 'Tools' menu items and extra buttons * Added 'Confirm deleting/ignoring items' checkbox [v1.2] * Adds 'Ignorelist' and 'Info' functions [v1.1] * Supports BHO's, some default URL changes [v1.0] * Original release A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes. * HijackThis v1.99.1 * Written by Merijn - merijn@spywareinfo.com http://www.merijn.org/files/hijackthis.zip http://www.merijn.org/index.html See bottom for version history. The different sections of hijacking possibilities have been separated into the following groups. You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'. R - Registry, StartPage/SearchPage changes R0 - Changed registry value R1 - Created registry value R2 - Created registry key R3 - Created extra registry value where only one should be F - IniFiles, autoloading entries F0 - Changed inifile value F1 - Created inifile value F2 - Changed inifile value, mapped to Registry F3 - Created inifile value, mapped to Registry N - Netscape/Mozilla StartPage/SearchPage changes N1 - Change in prefs.js of Netscape 4.x N2 - Change in prefs.js of Netscape 6 N3 - Change in prefs.js of Netscape 7 N4 - Change in prefs.js of Mozilla O - Other, several sections which represent: O1 - Hijack of auto.search.msn.com with Hosts file O2 - Enumeration of existing MSIE BHO's O3 - Enumeration of existing MSIE toolbars O4 - Enumeration of suspicious autoloading Registry entries O5 - Blocking of loading Internet Options in Control Panel O6 - Disabling of 'Internet Options' Main tab with Policies O7 - Disabling of Regedit with Policies O8 - Extra MSIE context menu items O9 - Extra 'Tools' menuitems and buttons O10 - Breaking of Internet access by New.Net or WebHancer O11 - Extra options in MSIE 'Advanced' settings tab O12 - MSIE plugins for file extensions or MIME types O13 - Hijack of default URL prefixes O14 - Changing of IERESET.INF O15 - Trusted Zone Autoadd O16 - Download Program Files item O17 - Domain hijack O18 - Enumeration of existing protocols and filters O19 - User stylesheet hijack O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key O22 - SharedTaskScheduler autorun Registry key O23 - Enumeration of NT Services Command-line parameters: * /autolog - Automatically scan the system, save a logfile and open it * /ihatewhitelists - ignore all internal whitelists * /uninstall - remove all HijackThis Registry entries, backups and quit * Version history * [v1.99.1] * Added Winlogon Notify keys to O20 listing * Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing * Fixed lots and lots of 'unexpected error' bugs * Fixed lots of inproper functioning bugs (i.e. stuff that didn't work) * Added 'Delete NT Service' function in Misc Tools section * Added ProtocolDefaults to O15 listing * Fixed MD5 hashing not working * Fixed 'ISTSVC' autorun entries with garbage data not being fixed * Fixed HijackThis uninstall entry not being updated/created on new versions * Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list * Added option to scan the system at startup, then show results or quit if nothing found [v1.99] * Added O23 (NT Services) in light of newer trojans * Integrated ADS Spy into Misc Tools section * Added 'Action taken' to info in 'More info on this item' [v1.98] * Definitive support for Japanese/Chinese/Korean systems * Added O20 (AppInit_DLLs) in light of newer trojans * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans * Added O22 (SharedTaskScheduler) in light of newer trojans * Backups of fixed items are now saved in separate folder * HijackThis now checks if it was started from a temp folder * Added a small process manager (Misc Tools section) [v1.96] * Lots of bugfixes and small enhancements! Among others: * Fix for Japanese IE toolbars * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's * Attributes on Hosts file will now be restored when scanning/fixing/restoring it. * Added several files to the LSP whitelist * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list [v1.95] * Added a new regval to check for from Whazit hijack (Start Page_bak). * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap). * New in logfile: Running processes at time of scan. * Checkmarks for running StartupList with /full and /complete in HijackThis UI. * New O19 method to check for Datanotary hijack of user stylesheet. * Google.com IP added to whitelist for Hosts file check. [v1.94] * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems. * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!). * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist. * Fixed a bug where DPF could not be deleted. * Fixed a stupid bug in enumeration of autostarting shortcuts. * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops). * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered. * Added support for backing up F0 and F1 items (d'oh!). [v1.93] * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist. * Fixed a bug in LSP routine for Win95. * Made taborder nicer. * Fixed a bug in backup/restore of IE plugins. * Added UltimateSearch hijack in O17 method (I think). * Fixed a bug with detecting/removing BHO's disabled by BHODemon. * Also fixed a bug in StartupList (now version 1.52.1). [v1.92] * Fixed two stupid bugs in backup restore function. * Added DiamondCS file to LSP files safelist. * Added a few more items to the protocol safelist. * Log is now opened immediately after saving. * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow). * Updated integrated StartupList to v1.52. * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted. * Rudimentary proxy support for the Check for Updates function. [v1.91] * Added rd.yahoo.com to the Nonstandard But Safe Domains list. * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18). * Added listing of programs/links in Startup folders (O4). * Fixed 'Check for Update' not detecting new versions. [v1.9] * Added check for Lop.com 'Domain' hijack (O17). * Bugfix in URLSearchHook (R3) fix. * Improved O1 (Hosts file) check. * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys. * Added AutoConfigURL and proxyserver checks (R1). * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected. * Added check for extra protocols (O18). [v1.81] * Added 'ignore non-standard but safe domains' option. * Improved Winsock LSP hijackers detection. * Integrated StartupList updated to v1.4. [v1.8] * Fixed a few bugs. * Adds detecting of free.aol.com in Trusted Zone. * Adds checking of URLSearchHooks key, which should have only one value. * Adds listing/deleting of Download Program Files. * Integrated StartupList into the new 'Misc Tools' section of the Config screen! [v1.71] * Improves detecting of O6. * Some internal changes/improvements. [v1.7] * Adds backup function! Yay! * Added check for default URL prefix * Added check for changing of IERESET.INF * Added check for changing of Netscape/Mozilla homepage and default search engine. [v1.61] * Fixes Runtime Error when Hosts file is empty. [v1.6] * Added enumerating of MSIE plugins * Added check for extra options in 'Advanced' tab of 'Internet Options'. [v1.5] * Adds 'Uninstall & Exit' and 'Check for update online' functions. * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service) [v1.4] * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer * A few bugfixes/enhancements [v1.3] * Adds detecting of extra MSIE context menu items * Added detecting of extra 'Tools' menu items and extra buttons * Added 'Confirm deleting/ignoring items' checkbox [v1.2] * Adds 'Ignorelist' and 'Info' functions [v1.1] * Supports BHO's, some default URL changes [v1.0] * Original release A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes. Espero me puedan ayudar gracias.      |
|
12/01/07, 07:28:16
| |
| ||||
| Re: Paginas de IE se abren solas en in idioma asiático Hola, crown_cs. Bienvenido al foro. Lo que haz puesto no es el log de HijackThis... para sacar el log lo que tienes que darle click al botón, de la pantalla principal del programa, 'Do a system scan and save a logfile' (recuerda ponernos todo lo que te salga en el bloc de notas, desde la palabra 'LogFile' hasta el final). Antes de sacar el log, realiza estos 11 pasos (cuando hagas el paso 7 (antivirus online) usa el Ewido y el Kaspersky). Cuando hayas hecho estos pasos sacas el log de HijackThis y nos lo pones en este mismo tema, junto con los reportes de los antivirus onlines. Saludos Reitxelle  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
12/01/07, 13:02:50
| |
| |||
| Re: Paginas de IE se abren solas en in idioma asiático adjunto como me dices los reportes de los siguientes programas 1 Ad-Aware Ad-Aware SE Build 1.06r1 Logfile Created on:viernes, 12 de enero de 2007 15:56:29 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R143 08.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» » References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.WSearch(TAC index:3):4 total references MRU List(TAC index:0):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-01-2007 15:56:29 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 148 ThreadCreationTime : 12-01-2007 14:53:29 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 12-01-2007 14:53:33 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 220 ThreadCreationTime : 12-01-2007 14:53:35 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 264 ThreadCreationTime : 12-01-2007 14:53:37 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicación de servicios y controlador InternalName : services.exe LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 276 ThreadCreationTime : 12-01-2007 14:53:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 432 ThreadCreationTime : 12-01-2007 14:53:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 496 ThreadCreationTime : 12-01-2007 14:53:41 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 568 ThreadCreationTime : 12-01-2007 14:53:42 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [spysweeper.exe] FilePath : C:\Archivos de programa\Webroot\Spy Sweeper\ ProcessID : 604 ThreadCreationTime : 12-01-2007 14:53:42 BasePriority : Normal FileVersion : 3,2,3,2138 ProductVersion : 3, 2 ProductName : Spy Sweeper SDK CompanyName : Webroot Software, Inc. FileDescription : Spy Sweeper Engine LegalCopyright : Copyright (C) 2002 - 2006, All Rights Reserved. LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc. OriginalFilename : SpySweeper.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 856 ThreadCreationTime : 12-01-2007 14:54:00 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorador de Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : EXPLORER.EXE #:11 [ad-aware.exe] FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\ ProcessID : 996 ThreadCreationTime : 12-01-2007 14:54:40 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.WSearch Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{08a312bb-5409-49fc-9347-54bb7d069ac6} Adware.WSearch Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer \browser helper objects\{08a312bb-5409-49fc-9347-54bb7d069ac6} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Disk Scan Result for C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 2 MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplicatio n Description : most recent application to use microsoft directdraw Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.WSearch Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bho.iemonitor Adware.WSearch Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bho.iemonitor.1 Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 7 15:58:06 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:37.141 Objects scanned:80952 Objects identified:4 Objects ignored:0 New critical objects:4 2 SPY SWEEPER 16:35: Traces Found: 10 16:35: Custom Sweep has completed. Elapsed time 00:32:14 16:35: Warning: Failed to access drive E: 16:35: File Sweep Complete, Elapsed Time: 00:30:31 16:05: Starting File Sweep 16:05: Cookie Sweep Complete, Elapsed Time: 00:00:00 16:05: francisco@ask[1].txt (ID = 2245) 16:05: Found Spy Cookie: ask cookie 16:05: Starting Cookie Sweep 16:05: Registry Sweep Complete, Elapsed Time:00:00:28 16:05: HKU\WRSS_Profile_S-1-5-21-247816711-2703548503-3795368954-1006\software\deskadtop\ (ID = 1159592) 16:05: HKLM\software\classes\bho.iemonitor.1\ (ID = 1729261) 16:05: HKLM\software\classes\bho.iemonitor\ (ID = 1729255) 16:05: HKCR\bho.iemonitor.1\ (ID = 1728907) 16:05: HKCR\bho.iemonitor\ (ID = 1728901) 16:04: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objects\{08a312bb-5409-49fc-9347-54bb7d069ac6}\ (ID = 1159713) 16:04: HKLM\software\classes\clsid\{08a312bb-5409-49fc-9347-54bb7d069ac6}\ (ID = 1159639) 16:04: HKCR\clsid\{08a312bb-5409-49fc-9347-54bb7d069ac6}\ (ID = 1159548) 16:04: Found Adware: deskadtop 16:04: Starting Registry Sweep 16:04: Memory Sweep Complete, Elapsed Time: 00:00:59 16:03: Starting Memory Sweep 16:03: HKLM\software\microsoft\windows\currentversion\uni nstall\contentmatch\ || uninstallstring (ID = 1834248) 16:03: Found Adware: sogou toolbar 16:03: Warning: Files are not scanned for viruses because AV engine failed to load. 16:03: Sweep initiated using definitions version 816 16:03: Spy Sweeper 5.2.3.2138 started 16:03: | Start of Session, viernes, 12 de enero de 2007 | ******** 16:03: | End of Session, viernes, 12 de enero de 2007 | 16:03: Program Version 5.2.3.2138 Using Spyware Definitions 816 16:03: Warning: Virus definitions files are invalid, please update your virus definitions. 220 16:03: Spy Sweeper 5.2.3.2138 started 16:03: | Start of Session, viernes, 12 de enero de 2007 | ******** Logfile of HijackThis v1.99.1 Scan saved at 18:51:28, on 12/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Panda Software\Panda Antivirus 2007\pavsrv51.exe C:\Archivos de programa\Panda Software\Panda Antivirus 2007\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Archivos de programa\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Archivos de programa\HP\Digital Imaging\bin\hpqimzone.exe C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe C:\Archivos de programa\Panda Software\Panda Antivirus 2007\PsImSvc.exe C:\Archivos de programa\Skype\Plugin Manager\SkypePM.exe C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe C:\Archivos de programa\Webroot\Spy Sweeper\SSU.EXE C:\Archivos de programa\MSN\MSNCoreFiles\msn6.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\ARCHIV~1\WINZIP\winzip32.exe C:\Documents and Settings\francisco\Configuración local\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*http://es.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://es.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://es.search.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*http://es.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\WINDOWS\system32\IESHEL~1.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ARCHIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] "C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hp\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Archivos de programa\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [EPSON Stylus C46 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0 T1.EXE" /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] "C:\Archivos de programa\REGSHAVE\REGSHAVE.EXE" /AUTORUN O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te262/fyf O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Morpheus.lnk = C:\Archivos de programa\Morpheus\Morpheus.exe O4 - Startup: ubisoft register.lnk = C:\Archivos de programa\Ubi Soft\Register\schedule.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Inicio rápido de HP Photosmart Premier.lnk = C:\Archivos de programa\Hp\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARCHIV~1\Yahoo!\Common\yhexbmeses.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\ARCHIV~1\Yahoo!\Common\yhexbmeses.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\ARCHIV~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=Q306&bd=pavili on&pf=laptop O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Archivos de programa\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe ESTOS SON LOS REPORTES ESPERO QUE PUEDAS AYUDAR DE ANTEMANO TE LO AGRADEZCO |
|
12/01/07, 13:04:11
| |
| |||
| Re: Paginas de IE se abren solas en in idioma asiático AQUI ESTA EL INFORMA DE: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, January 12, 2007 6:49:37 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/01/2007 Kaspersky Anti-Virus database records: 243553 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 127270 Number of viruses found: 7 Number of infected objects: 19 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:21:53 Infected Object Name / Virus Name / Last Action C:\Archivos de programa\MSN\MSNCoreFiles\market.mar Object is locked skipped C:\Archivos de programa\MSN\MSNCoreFiles\market32.mar Object is locked skipped C:\Archivos de programa\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped C:\Archivos de programa\MSN\MSNCoreFiles\ui.mar Object is locked skipped C:\Archivos de programa\Panda Software\Panda Antivirus 2007\PSK_NAMES2_3 Object is locked skipped C:\Archivos de programa\Panda Software\Panda Antivirus 2007\PSK_NAMES_3 Object is locked skipped C:\Archivos de programa\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Archivos de programa\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Archivos de programa\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Archivos de programa\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\Archivos de programa\Yahoo!\Messenger\logs\billing_francisco.l og Object is locked skipped C:\Archivos de programa\Yahoo!\Messenger\logs\client_francisco.lo g Object is locked skipped C:\Archivos de programa\Yahoo!\Messenger\logs\network_francisco.l og Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\265C5C42.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\67967AC8.exe Infected: Backdoor.Win32.IRCBot.dd skipped C:\Documents and Settings\All Users\Plantillas\temp.exe Infected: Trojan-Dropper.Win32.Agent.ayy skipped C:\Documents and Settings\francisco\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped C:\Documents and Settings\francisco\Application Data\MSN6\UserData\{8B166DE6-F281-01C6-0000-000040731AE6}\favthumb.dbx Object is locked skipped C:\Documents and Settings\francisco\Application Data\Skype\carlos.coronado\dyncontent\bundle.dat Object is locked skipped C:\Documents and Settings\francisco\Application Data\Webroot\Spy Sweeper\Logs\070112170245.ses Object is locked skipped C:\Documents and Settings\francisco\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\ApplicationHistory\hpqimzone.exe.12eac55c .ini.inuse Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\msn3216.fdr Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\Perflib_Perfdata_5d8.dat Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\~DF21D5.tmp Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\~DF36E9.tmp Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\~DF7A7C.tmp Object is locked skipped C:\Documents and Settings\francisco\Cookies\index.dat Object is locked skipped C:\Documents and Settings\francisco\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\francisco\Historial\History.IE5\MSHist012 007011220070113\index.dat Object is locked skipped C:\Documents and Settings\francisco\NTUSER.DAT Object is locked skipped C:\Documents and Settings\francisco\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS08A55742-3709-40C9-8CE9-FCE83635BCB8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS0A00080A-7720-46FF-863E-30CC8903D857.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS0E5A5DF8-CA2E-4A0B-A448-E7D764DD51D7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS0F413F09-A75B-4F23-AB9F-35494A48AB96.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS11BD3019-0893-4FC7-9AF5-1B491E5435EE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS13D7FE44-10F1-4C00-9D3B-FACD48C76FCC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS262C2230-9F32-482F-BAD9-2464F6C00FDB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS28491126-8E99-4306-ACE8-208455DFC34A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2858846E-F094-4C47-8843-402AF8B38436.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2BEE5158-F399-47F8-97E7-496688081CF9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2CF68426-9598-461C-922B-E4D26B095BA9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS2E4AC3DC-B22A-4859-B6F3-560F6578A2AA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3038C774-E5C1-4F8C-A227-18B1DA1A732D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS33677E6F-93F5-45C2-A460-3286BC54B92A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS34064EB3-6933-45F2-9ACA-D3CECCA5ED00.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3511FC59-51E7-4184-AD66-EA273CD5B49E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3A0E2183-E02F-44D1-8161-A8BFE6A16643.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS3C32A87B-5FE9-4F3B-8B88-6B2A03E6059E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS4003D0A8-FB65-42A9-8D2B-690A1C4FC657.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS40AA613B-3BB4-445E-B97B-9788748CD375.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS44DCEE7D-1888-4197-BA49-4A0118C07079.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS4682CC85-9C63-4BFE-953E-8ABE35E53888.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS47137495-54A3-42FB-9638-7CFA3DF22F8B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS47DDA63D-C1F4-4015-BBE8-87A5517C881C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS48DD1EC3-5EC1-4682-A141-223ECC51E629.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS50ECAB73-04B8-497B-869C-C0288C46DA0D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS51E16CA6-531B-4820-96DC-3020F2EDE766.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS59398FB5-FC1E-4C74-9E40-2BA08F98927B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS59E9E8C4-1634-453E-ADBD-521A75FC3F47.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS5E2357D4-D02C-47E0-BF06-A77D630D1E69.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS678AA9ED-C822-4800-8AF6-E418CEC8EC04.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS6869622F-6BD0-4E3D-A30F-396F33BB3FCA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS69E88BD4-CD53-4029-AB8D-1ECCE6BA69C9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS6A1932FC-0C0C-44B5-A5B9-6A77080BFF29.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS6FBDE773-186B-4E93-8804-A8F4E92929F7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS70680DAE-A267-45EE-8CD2-D1DFC531291C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS712DCC94-CAD8-453E-80C0-4648C3B4C171.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS73CCE1BA-EB09-4C9E-AAC9-91E65D9B7BB3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS74286E28-09AE-4DE8-955D-4D0BA03A529C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7674167F-DEDB-4F54-B98F-9A076613CE58.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS77B8EF6C-3428-416C-9384-379D8DBCCE38.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS78AE9728-442A-4874-9CE0-3BC3C3A8591F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7F78A850-D2D1-45D0-84E9-3CC0C3C14052.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS7F80846D-E037-4D82-97CE-827563B84652.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8080CD13-F1E4-4594-B178-DF1A124DCA3D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8256BD5E-236C-4358-A983-F56C03C2C436.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS84DC62B2-B7E1-41E3-BCBF-D58A2AA411CD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8647D42C-E027-452B-A9FD-6A1668578677.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS87CB1198-2A86-4384-9A7A-3351484DC9A3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS882CA420-73AC-44A5-8D32-9A14F4D0DD31.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS889813A0-CAB3-4C4D-94C2-24BED73B7E80.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS890A7E12-984F-4E59-AAEA-BAE544E34D34.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8917725F-9176-4F2F-BFE4-CE6FA11058A6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8CA53DBD-3AFB-4D4C-99D2-EEB817EE59CD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS8F55FAC5-4D22-4250-9851-3AAEB8905553.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS913FF9B5-E9AF-4597-AD3E-3C77027C1248.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS996C69B1-3E88-47B0-AFEB-2EDBCDF4B787.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS9D4B8E9F-3D14-41F6-B75A-0644FFCC87FC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS9E3F33AB-9EA9-4F6B-BF70-CA053E9A7408.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS9E9FCBB4-D2D7-4A90-8D38-A92E6D83272C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCS9FC150B1-E97D-41CF-B44E-69AF4D92A311.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA05FB54A-9872-43DA-B0EE-3A130B0434F7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSA0A30959-F152-4969-AE7E-7BF66D30F2AB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSAA7D42EB-540A-4555-9047-5DEE088CA981.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSAF9BFBA4-2B96-43D3-A2C2-015D16F9B9A5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSB5E05123-0E1F-4743-BB77-FDC065636969.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSB75B99A1-C564-4A06-BF71-E6E07CA1CDF4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSBAE762D4-4380-450E-B097-B1C97A65E401.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSBDB1F299-D4C6-4E01-B9BE-FB6E31880A86.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSC2FDB8B2-B4B0-4DAA-97B1-27F731142B71.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSC9E21B4D-3DA6-4B82-A76B-63CBFAE22928.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSCA3D234E-619F-46E2-876F-C91E0248FB29.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSCBFA12FA-101C-486E-BBD4-1715BA3BA1F5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD0EC7DE4-3C18-4FB8-9837-A094F81957F8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD106F3D8-6AB7-4644-8BC3-79B6546FC8CC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD2AE78E8-D77F-46B8-B7A6-0FFAF9154158.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSD6A99C04-0CC5-4DA6-9D50-6F52820BA461.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDC23FAFA-2FAB-4AE5-ABDE-477BF2AC96A4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDC7214B2-8888-4651-B917-5FC967FC17AC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDCB3255E-C73B-48D3-B43A-60460CEFA035.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDDFE4C58-5666-40E4-A320-9C7120C569DF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSDE9C684E-F44C-4D45-BB35-3F24215E07A3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSE32A2E7D-B36D-4449-AD63-F35DA1791248.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSE71F1A24-E884-4F40-A463-A626231E5D9D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSE7A46123-DED5-4352-AF67-BBB8BE3E1112.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSEE6E74A4-974B-4E21-A992-CBC89042E757.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSF3631871-5813-42E7-99B2-22E498C82278.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFC986129-D724-4FE1-B505-050D2B7A808B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFE2559D6-E729-42BC-AF0B-1B0D72530B6A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFE62C8E8-7A65-495A-A61B-0CD30F867AD4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Datos de programa\Webroot\Spy Sweeper\Temp\SSCSFF7F65AE-C935-4A74-ABA4-1626D6B6DD77.tmp Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP107\A0010374.exe Infected: Email-Worm.Win32.Bagle.gb skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP107\A0010385.exe Infected: Trojan-Dropper.Win32.Agent.baf skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP108\A0010580.dll Infected: Email-Worm.Win32.Bagle.gb skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP109\A0010719.exe Infected: Email-Worm.Win32.Bagle.gb skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP109\A0011293.exe Infected: Email-Worm.Win32.Bagle.gb skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP120\A0011895.dll Infected: Email-Worm.Win32.Bagle.gb skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP131\change.log Object is locked skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP67\A0005991.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.ban skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP67\A0005991.exe/stream Infected: Trojan-Downloader.Win32.Zlob.ban skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP67\A0005991.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP67\A0005991.exe UPX: infected - 2 skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP67\A0005991.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP88\A0007892.exe Infected: Trojan-Downloader.Win32.Zlob.bej skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP90\A0007996.exe Infected: Trojan-Downloader.Win32.Zlob.bej skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP93\A0008142.exe Infected: Trojan-Downloader.Win32.Zlob.bej skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP93\A0008208.exe Infected: Trojan-Downloader.Win32.Zlob.bej skipped C:\System Volume Information\_restore{63A4945D-5EBF-4682-9870-D32280407B10}\RP93\A0008226.exe Infected: Trojan-Downloader.Win32.Zlob.bej skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
13/01/07, 08:45:34
| |
| ||||
| Re: Paginas de IE se abren solas en in idioma asiático Hola, crown_cs. Realiza estos pasos y recuerda dejarnos los reportes de los antivirus online: 1.- Deshabilita el Restaurar Sistema ---> muy importante 2.- Activa la opción Ver Archivos Ocultos 3.- Reinicia en Modo a Prueba de Fallos 4.- Cierra todos los programas, ejecuta HijackThis y dale "Fix Cheked" a estas entradas: O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\WINDOWS\system32\IESHEL~1.DLL O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te262/fyf O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file) 5.- Sin reiniciar, busca y elimina estos archivos, si no se dejan eliminar descarga el programa "Killbox" y sigue las indicaciones del mensaje, copia y pega los archivos para que los elimine al reiniciar. C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\ ---> borra todo el contenido de esta carpeta pero NO borres la carpeta C:\Documents and Settings\All Users\Plantillas\temp.exe C:\WINDOWS\system32\IESHEL~1.DLL 6.- Pasa estas herramientas: - Ad-Aware 1.06 SE Personal (manual) - Disk Cleaner para limpiar cookies y temporales - RegSeeker para limpiar el registro de Windows y su manual pásalo varias veces hasta que ya no te salga nada para eliminar. 7.- Reinicia el pc 8.- Pasa dos de estos antivirus online (ewido y kaspersky preferentemente) y nos comentas si te detectaron algo o no. Si hay algo que te detecten nos pegas el reporte que te generen. 9.- Comprueba los resultados y nos pegas un nuevo log para comprobar que quedó limpio. De preferencia, imprime las indicaciones para que se te haga más fácil seguirlas. Saludos Reitxelle Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
15/01/07, 02:03:34
| |
| |||
| Re: Paginas de IE se abren solas en in idioma asiático Hola antes que nada te doy las gracias por estarme ayudando, estos bichos que se meten en los ordenadores son muy malos y están muy arraigados y siguen abriendo las paginas solas después de haber echo todos los pasos que me pediste. Aquí te dejo el ultimo el scanner online del kaspersky y su reporte ahora solo me da tres virus, espero me puedas ayudar te dejo el Log. Gracias. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, January 14, 2007 11:55:21 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 14/01/2007 Kaspersky Anti-Virus database records: 243942 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 110944 Number of viruses found: 3 Number of infected objects: 3 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:08:25 Infected Object Name / Virus Name / Last Action C:\!KillBox\Quarantine\265C5C42.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\!KillBox\Quarantine\67967AC8.exe Infected: Backdoor.Win32.IRCBot.dd skipped C:\!KillBox\temp.exe Infected: Trojan-Dropper.Win32.Agent.ayy skipped C:\Archivos de programa\Panda Software\Panda Antivirus 2007\PSK_NAMES2_3 Object is locked skipped C:\Archivos de programa\Panda Software\Panda Antivirus 2007\PSK_NAMES_3 Object is locked skipped C:\Archivos de programa\Yahoo!\Messenger\logs\billing_francisco.l og Object is locked skipped C:\Archivos de programa\Yahoo!\Messenger\logs\client_francisco.lo g Object is locked skipped C:\Archivos de programa\Yahoo!\Messenger\logs\network_francisco.l og Object is locked skipped C:\Documents and Settings\francisco\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\francisco\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\ApplicationHistory\hpqimzone.exe.12eac55c .ini.inuse Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\Perflib_Perfdata_94c.dat Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\~DF3D3C.tmp Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\~DF44B1.tmp Object is locked skipped C:\Documents and Settings\francisco\Configuración local\Temp\~DF6DB0.tmp Object is locked skipped C:\Documents and Settings\francisco\Cookies\index.dat Object is locked skipped C:\Documents and Settings\francisco\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\francisco\NTUSER.DAT Object is locked skipped C:\Documents and Settings\francisco\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{56F871 28-B223-43C9-8D70-7FC98E4330BE}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |