QUOTE(171278 @ Jul 5 2006, 09:58 PM)
log panda on line
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected C:\Programs\L2mfix.exe[l2mfix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Archivos de programa\L2mfix\Process.exe
log kaspersky online
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 08, 2006 1:28:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/07/2006
Kaspersky Anti-Virus database records: 193524
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 39085
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:47:59
Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6DF4A44A-BF89-45D4-9453-7CBB11D6BE04}\RP5\change.log Object is locked skipped
D:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Manuel Duque\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Manuel Duque\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Manuel Duque\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Manuel Duque\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Manuel Duque\Configuración local\Historial\History.IE5\MSHist012006070820060709\index.dat Object is locked skipped
D:\Documents and Settings\Manuel Duque\Configuración local\Temp\Perflib_Perfdata_614.dat Object is locked skipped
D:\Documents and Settings\Manuel Duque\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Manuel Duque\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Manuel Duque\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{6DF4A44A-BF89-45D4-9453-7CBB11D6BE04}\RP5\change.log Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{11E8A99C-B964-4D98-BDE9-3BA0AD79310C}.bin Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
log hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 14:24:55, on 08-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\svchost.exe
D:\Archivos de programa\McAfee\McAfee Firewall\CPD.EXE
D:\WINDOWS\Explorer.EXE
D:\Archivos de programa\McAfee\McAfee Firewall\CPD.EXE
D:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Archivos de programa\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
D:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\vsnpstd2.exe
D:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
D:\Archivos de programa\Microsoft Hardware\Mouse\point32.exe
D:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Archivos de programa\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
D:\WINDOWS\system32\sistray.exe
D:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe
D:\Archivos de programa\McAfee\McAfee VirusScan\Avsynmgr.exe
D:\Archivos de programa\McAfee\McAfee VirusScan\VsStat.exe
D:\Archivos de programa\McAfee\McAfee VirusScan\Vshwin32.exe
D:\Archivos de programa\Archivos comunes\Network Associates\McShield\Mcshield.exe
D:\Archivos de programa\McAfee\McAfee VirusScan\Avconsol.exe
D:\Archivos de programa\Internet Explorer\iexplore.exe
D:\Archivos de programa\Windows Media Player\wmplayer.exe
D:\Archivos de programa\MSN Messenger\msnmsgr.exe
D:\Archivos de programa\Limpieza\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.cl/O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Archivos de programa\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Archivos de programa\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [McAfee Guardian] "D:\Archivos de programa\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SNPSTD2] D:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [IntelliType] "D:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Archivos de programa\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [NBJ] "D:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = D:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b?1126497184562O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
http://www.windowsecurity.com/trojanscan/axscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{52F13C23-2F0E-4E05-9251-0BC5E1E673C2}: NameServer = 200.28.4.129 200.28.4.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - D:\Archivos de programa\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Firewall - Unknown owner - D:\Archivos de programa\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - D:\Archivos de programa\Archivos comunes\Network Associates\McShield\Mcshield.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
observacion:
Pasale esta aplicacion:
http://www.trucoswindows.net/descargar-elistara-746.htmlesta aplicacion no la pude hacer porque me pide ser usuario y al ingresar mi nombreuser y pass me dice que no existe
atento a tus comentarios...
otro log, revisar por favor
Jul 6 2006, 02:59 AM
