Foros del Web » Soporte técnico » Virus, troyanos y spyware »

Les paso mi log, porfa me lo podrían revisar?

 Estas en el tema de Les paso mi log, porfa me lo podrían revisar? en el foro de Virus, troyanos y spyware en Foros del Web. Es una computadora con Windows 2000, uso escritorio remoto para administrarla, de repente deja de darme acceso, lo raro es que ya tengo una conexión ...
  #1 (permalink)  
Antiguo 06/12/2007, 09:54
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Exclamación Les paso mi log, porfa me lo podrían revisar?
Es una computadora con Windows 2000, uso escritorio remoto para administrarla, de repente deja de darme acceso, lo raro es que ya tengo una conexión abierta puedo seguir trabajando, además se reinicia de manera aleatoria.

Si alguien me puede echar la mano, les estaré muy agradecidos.

--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:54 PM, on 05-Dec-07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.SERVIDOR\WINDOWS\System32\s mss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Archivos de Programa\xampp\apache\bin\Apache.exe
D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe
C:\WINNT\System32\svchost.exe
D:\Archivos de Programa\xampp\filezillaftp\filezillaserver.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\lserver.exe
D:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
D:\Archivos de Programa\xampp\apache\bin\Apache.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe
C:\WINNT\system32\spool.exe
D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Microsoft Update] C:\WINNT\system32\spool.exe
O4 - HKCU\..\Run: [SybaseCentral43] "D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [DBISQL9] "D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINNT\system32\spool.exe
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] C:\WINNT\system32\spool.exe (User 'Default user')
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.servidor\windows\system32\r nr20.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - file://C:\Inetpub\wwwroot\TSWeb\msrdp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D535CED5-21F1-43B1-A2B7-71D938EC22BF}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Archivos de Programa\xampp\apache\bin\Apache.exe
O23 - Service: Adaptive Server Anywhere - serv_v8 (ASANYs_serv_v8) - iAnywhere Solutions, Inc. - D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Archivos de Programa\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Jaguar - Unknown owner - D:\Program Files\Sybase\Jaguar CTS 3.5\bin\jagsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 4364 bytes
  #2 (permalink)  
Antiguo 06/12/2007, 09:54
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Exclamación Re: Les paso mi log, porfa me lo podrían revisar?
Les paso el log del ComboFix...


ComboFix 07-12-02.6 - Administrator 05-12-2007 15:37:36.5 - NTFSx86
Microsoft Windows 2000 Server 5.0.2195.4.1252.1.1033.18.190 [GMT -6:00]
Running from: \\archivo\archivo\Ulises\Instalar\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\lajfftmr.dll
C:\WINNT\system32\rmtffjal.ini
C:\WINNT\system32\srutv.bak1
C:\WINNT\system32\srutv.ini2
C:\WINNT\system32\srutv.tmp
C:\WINNT\system32\uojxgnkw.dll
C:\WINNT\system32\wkngxjou.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-14 17:55 . 07-11-24 19:00 67 --a------ C:\WINNT\system32\i
2007-12-14 17:55 . 07-12-14 17:55 0 --a------ C:\WINNT\system32\kl.exe
2007-12-13 14:43 . 07-11-20 14:14 964,871 ---hs---- C:\WINNT\system32\wpbdsqsr.ini
2007-12-13 14:03 . 07-12-13 14:35 <DIR> d-a------ C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2007-12-13 14:00 . 07-12-13 14:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 14:00 . 07-12-13 14:00 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2007-12-13 14:00 . 07-12-13 14:00 <DIR> d-------- C:\Documents and Settings\Administrator.SERVIDOR\Application Data\SUPERAntiSpyware.com
2007-12-13 13:59 . 07-12-13 14:08 133,725 --a------ C:\WINNT\system32\SRUTV.tmp.ren
2007-12-13 12:44 . 07-12-13 13:12 143 --a------ C:\WINNT\system32\mcrh.tmp
2007-12-13 11:56 . 07-12-13 11:56 512,096 --a------ C:\WINNT\system32\drivers\amon.sys
2007-12-13 11:56 . 07-12-13 11:56 298,104 --a------ C:\WINNT\system32\imon.dll
2007-12-13 11:56 . 07-12-13 11:55 15,424 --a------ C:\WINNT\system32\drivers\nod32drv.sys
2007-12-13 11:19 . 07-12-13 11:19 <DIR> d-------- C:\Documents and Settings\Administrator.SERVIDOR\Application Data\Lavasoft
2007-12-05 15:28 . 07-12-05 15:28 109,568 --a------ C:\WINNT\system32\spool.exe
2007-12-04 17:29 . 07-12-04 17:29 8,192 --a------ C:\WINNT\system32\default_user_class.dat
2007-12-04 10:20 . 06-10-26 13:40 335,872 --a------ C:\WINNT\system32\mdm_2.exe
2007-12-04 09:37 . 07-12-04 09:37 <DIR> dr------- C:\Enkontrol
2007-11-30 10:56 . 05-08-25 18:19 1,066,176 --a------ C:\WINNT\system32\MSCOMCTL.OCX
2007-11-30 10:56 . 05-08-25 18:18 118,784 --a------ C:\WINNT\system32\MSSTDFMT.DLL
2007-11-30 10:56 . 05-08-25 18:19 115,920 --a------ C:\WINNT\system32\MSINET.OCX
2007-11-28 12:27 . 07-11-28 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Prevx
2007-11-23 19:50 . 07-11-23 19:50 0 --a------ C:\WINNT\system32\qu2.exe
2007-11-23 12:33 . 07-11-23 12:12 158,208 --a------ C:\WINNT\msconfig.exe
2007-11-23 12:16 . 07-12-05 10:14 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-23 12:16 . 07-12-05 14:31 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\SecTaskMan
2007-11-22 09:52 . 07-11-22 09:52 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-11-22 09:52 . 07-11-22 09:52 31,616 --ah----- C:\WINNT\system32\vsconfig.xml
2007-11-21 20:20 . 07-11-21 20:20 0 --a------ C:\WINNT\system32\gather.exe
2007-11-21 16:09 . 07-11-21 16:09 11,776 --a------ C:\junio6.XLS
2007-11-21 16:08 . 07-11-21 16:08 14,336 --a------ C:\junio5.XLS
2007-11-21 16:08 . 07-11-21 16:08 12,288 --a------ C:\junio 4.XLS
2007-11-21 16:05 . 07-11-21 16:05 14,336 --a------ C:\junio 3.XLS
2007-11-21 16:02 . 07-11-21 16:02 11,264 --a------ C:\junio 2.XLS
2007-11-21 16:00 . 07-11-21 16:00 14,336 --a------ C:\junio 2007 1.XLS
2007-11-12 14:57 . 07-11-12 15:58 65 --a------ C:\WINNT\system32\o
2007-11-12 10:46 . 07-11-12 10:46 <DIR> d-------- C:\Documents and Settings\CASASPLATINO\EnKontrol V8
2007-11-12 10:04 . 07-12-13 10:56 135,639 --a------ C:\WINNT\system32\SRUTV.bak2.ren
2007-11-12 10:03 . 07-11-12 10:03 6,470 --a------ C:\WINNT\system32\SRUTV.bak1.ren
2007-11-12 09:48 . 07-11-12 09:58 590,416 ---hs---- C:\WINNT\system32\oysxemte.ini
2007-11-10 09:26 . 06-04-25 18:07 155,648 --a------ C:\WINNT\toc13.ocx
2007-11-10 08:53 . 04-08-04 00:56 293,376 --a------ C:\WINNT\system32\wisptis.exe
2007-11-10 08:53 . 04-08-04 00:56 207,360 --a------ C:\WINNT\system32\inked.dll
2007-11-10 08:37 . 00-10-24 04:12 24,576 --------- C:\WINNT\KeyHH.exe
2007-11-10 08:36 . 02-02-19 14:22 24,576 --a------ C:\WINNT\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-13 20:18 133,725 --sha-w C:\WINNT\system32\SRUTV.ini2.ren
2007-12-13 16:57 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
2007-11-10 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 14:18 --------- d-----w C:\Documents and Settings\administrador\Application Data\Lavasoft
2005-11-28 21:03 271 ---h--w C:\Program Files\desktop.ini
2005-11-28 21:03 21,952 ---h--w C:\Program Files\folder.htt
2002-07-24 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SybaseCentral43"="D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe" [06-09-28 14:44 ]
"DBISQL9"="D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe" [06-12-08 19:09 ]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 14:06 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07-12-13 11:55 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Microsoft Update"="C:\WINNT\system32\spool.exe" [07-12-05 15:28 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
"NoFileAssociate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 DfsDriver;DfsDriver;C:\WINNT\system32\drivers\Dfs. sys
R0 mraid2k;mraid2k;C:\WINNT\system32\drivers\mraid2k. sys
R2 ASANYs_serv_v8;Adaptive Server Anywhere - serv_v8;D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe -hvASANYs_serv_v8
R2 Dfs;Distributed File System;C:\WINNT\system32\Dfssvc.exe
R2 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"
R2 NntpSvc;Network News Transport Protocol (NNTP);C:\WINNT\System32\inetsrv\inetinfo.exe
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINNT\System32\inetsrv\inetinfo.exe
R2 TermServLicensing;Terminal Services Licensing;C:\WINNT\System32\lserver.exe
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys
R3 spud;Special Purpose Utility Driver;C:\WINNT\system32\drivers\spud.sys
S3 NtFrs;File Replication;C:\WINNT\system32\ntfrs.exe
S3 TDASYNC;TDASYNC;C:\WINNT\system32\drivers\TDASYNC. sys
S3 TDIPX;TDIPX;C:\WINNT\system32\drivers\TDIPX.sys
S3 TDNETB;TDNETB;C:\WINNT\system32\drivers\TDNETB.sys
S3 TDSPX;TDSPX;C:\WINNT\system32\drivers\TDSPX.sys
S3 TrkSvr;Distributed Link Tracking Server;C:\WINNT\system32\services.exe
S4 ASANYs_EK_ADM00;Adaptive Server Anywhere - EK_ADM00;D:\Program Files\Sybase\SQL Anywhere 7\win32\dbsrv7.exe -hvASANYs_EK_ADM00
S4 IsmServ;Intersite Messaging;C:\WINNT\System32\ismserv.exe
S4 kdc;Kerberos Key Distribution Center;C:\WINNT\System32\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 15:20:07 C:\WINNT\Tasks\respaldo_ek- Server.job"
- D:\respaldos ek\respaldo_ek- Server.bat
.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 15:42:46
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-05 15:43:35 - machine was rebooted
.
--- E O F ---
  #3 (permalink)  
Antiguo 07/12/2007, 17:27
Avatar de **Devil May Cry**  
Fecha de Ingreso: noviembre-2006
Mensajes: 59
Antigüedad: 17 años, 6 meses
Puntos: 1
Re: Les paso mi log, porfa me lo podrían revisar?
Hola SephirothIX

Por favor no ocupes CF simpre y cuando un entendido te lo solicite.
  • "Reinicia a prueba de fallos"
  • Ejecuta el HijackThis, cierra todos los navegadores, cheka estas y dale a fix
    • O4 - HKLM\..\Run: [Microsoft Update] C:\WINNT\system32\spool.exe
    • O4 - HKCU\..\Run: [Microsoft Update] C:\WINNT\system32\spool.exe
    • O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] C:\WINNT\system32\spool.exe (User 'Default user')
  • Usa el Ccleaner para limpiar el sistema,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
  • Reinicai el PC.

Luego, realiza esto
  • Clic en INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR
  • Ahora copia y pega estos archivos dentro del Notepad
Código: 
File::
C:\WINNT\system32\i
C:\WINNT\system32\kl.exe
C:\WINNT\system32\wpbdsqsr.ini
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\spool.exe
C:\WINNT\system32\o
  • Guarda este archivo con el nombre CFScript.txt
  • Arrastra y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de de abajo.
  • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje :Bien:

salu2
Recuerda volver y contarnos los resultados
  #4 (permalink)  
Antiguo 16/01/2008, 16:33
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Re: Les paso mi log, porfa me lo podrían revisar?
Tengo que cortar el log en varias partes.. PARTE 1

-------

ComboFix 08-01-17.1 - administrador 01/16/2008 16:09:00.6 - NTFSx86
Microsoft Windows 2000 Server 5.0.2195.4.1252.1.1033.18.100 [GMT -6:00]
Running from: D:\TRANSFER\ComboFix(2).exe
Command switches used :: D:\TRANSFER\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINNT\system32\i
C:\WINNT\system32\kl.exe
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\o
C:\WINNT\system32\spool.exe
C:\WINNT\system32\wpbdsqsr.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\i
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\ssiwsyqe.ini
C:\WINNT\system32\wpbdsqsr.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 16:17 . 01/17/08 04:17p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_c38.dat
2008-01-17 16:16 . 01/17/08 04:16p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_d48.dat
2008-01-16 16:09 . 01/16/08 04:09p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_454.dat
2008-01-16 16:08 . 08/31/00 08:00a 51,200 --a------ C:\WINNT\NirCmd.exe
2008-01-14 19:11 . 01/14/08 07:11p <DIR> d-------- C:\Documents and Settings\psantos\Application Data\Grisoft
2008-01-14 17:41 . 01/14/08 05:41p <DIR> d-------- C:\Documents and Settings\msolis\Application Data\Grisoft
2008-01-14 13:09 . 01/14/08 01:09p <DIR> d-------- C:\Documents and Settings\rparra\Application Data\Grisoft
2008-01-14 11:39 . 01/14/08 11:39a <DIR> d-------- C:\Documents and Settings\aga\Application Data\Grisoft
2008-01-14 11:10 . 01/14/08 11:10a <DIR> d-------- C:\Documents and Settings\crocha\Application Data\Grisoft
2008-01-14 10:57 . 01/14/08 10:57a <DIR> d-------- C:\Documents and Settings\Administrator.SERVIDOR\Application Data\Grisoft
2008-01-13 12:59 . 01/13/08 12:59p <DIR> d-------- C:\Documents and Settings\administrador\Application Data\Grisoft
2008-01-13 12:59 . 05/30/07 06:10a 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-01-12 16:09 . 01/12/08 04:09p <DIR> d-------- C:\Documents and Settings\evazquez\Application Data\Grisoft
2008-01-12 14:24 . 01/12/08 02:24p <DIR> d-------- C:\Documents and Settings\gasesores1\Application Data\Grisoft
2008-01-12 13:02 . 01/16/08 03:43p 751,204 ---h----- C:\WINNT\ShellIconCache
2008-01-12 10:19 . 01/12/08 10:19a <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-01-12 10:19 . 01/12/08 10:19a <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Kaspersky Lab
2008-01-12 08:29 . 01/12/08 08:29a <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft
2008-01-11 18:33 . 01/11/08 06:34p <DIR> d--h----- C:\WINNT\msdownld.tmp
2008-01-11 17:51 . 01/11/08 06:33p <DIR> d-------- C:\WINNT\Windows Update Setup Files
2008-01-11 17:35 . 01/11/08 05:51p 4,821 --a------ C:\WINNT\Active Setup Log.BAK
2008-01-08 16:41 . 01/08/08 04:41p <DIR> d-------- C:\Documents and Settings\Administrator.SERVIDOR\DoctorWeb
2008-01-04 18:55 . 01/07/08 09:56a <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-02 10:28 . 01/02/08 10:28a 512,096 --a------ C:\WINNT\system32\drivers\amon.sys
2008-01-02 10:28 . 01/02/08 10:28a 298,104 --a------ C:\WINNT\system32\imon.dll
2008-01-02 10:28 . 01/02/08 10:28a 15,424 --a------ C:\WINNT\system32\drivers\nod32drv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-16 18:45 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\SecTaskMan
2008-01-12 13:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 20:35 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2007-12-13 20:18 133,725 --sha-w C:\WINNT\system32\SRUTV.ini2.ren
2007-12-13 20:08 133,725 ----a-w C:\WINNT\system32\SRUTV.tmp.ren
2007-12-13 20:00 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2007-12-13 20:00 --------- d-----w C:\Documents and Settings\Administrator.SERVIDOR\Application Data\SUPERAntiSpyware.com
2007-12-13 17:19 --------- d-----w C:\Documents and Settings\Administrator.SERVIDOR\Application Data\Lavasoft
2007-12-13 16:57 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
2007-12-13 16:56 135,639 ----a-w C:\WINNT\system32\SRUTV.bak2.ren
2007-12-05 16:14 --------- d-----w C:\Program Files\Security Task Manager
2007-11-28 18:27 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Prevx
2007-11-23 18:12 158,208 ----a-w C:\WINNT\msconfig.exe
2007-11-12 16:03 6,470 ----a-w C:\WINNT\system32\SRUTV.bak1.ren
2005-11-28 21:03 271 ---h--w C:\Program Files\desktop.ini
2005-11-28 21:03 21,952 ---h--w C:\Program Files\folder.htt
2002-07-24 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
  #5 (permalink)  
Antiguo 16/01/2008, 16:40
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Re: Les paso mi log, porfa me lo podrían revisar?
PARTE 2--

------------------
((((((((((((((((((((((((((((( snapshot@Wed 2007-12-05_15.43.12.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-11 15:41:36 345,656 ----a-w C:\WINNT\Downloaded Program Files\ewidoOnlineScan.dll
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINNT\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-16 22:08:33 2,375,680 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 22:08:33 24,576 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 22:08:33 2,449,408 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 22:08:33 40,960 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 22:08:34 1,462,272 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 22:08:34 24,576 ----a-w C:\WINNT\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2005-01-12 19:39:46 59,904 ----a-w C:\WINNT\system32\acctres.dll
+ 2002-08-29 13:06:14 64,512 ----a-w C:\WINNT\system32\acctres.dll
- 2003-06-19 19:05:04 72,464 ----a-w C:\WINNT\system32\actxprxy.dll
+ 2002-08-29 13:14:40 98,816 ----a-w C:\WINNT\system32\actxprxy.dll
- 2003-06-19 19:05:04 88,848 ----a-w C:\WINNT\system32\advpack.dll
+ 2002-08-29 13:14:40 91,136 ----a-w C:\WINNT\system32\advpack.dll
- 2003-06-19 19:05:04 35,328 ----a-w C:\WINNT\system32\browselc.dll
+ 2002-08-29 13:14:40 62,976 ----a-w C:\WINNT\system32\browselc.dll
- 2005-04-27 17:05:02 792,848 ----a-w C:\WINNT\system32\BROWSEUI.DLL
+ 2002-08-29 13:14:40 1,026,048 ----a-w C:\WINNT\system32\browseui.dll
+ 2002-08-29 13:14:40 71,680 ----a-w C:\WINNT\system32\browsewm.dll
- 2003-06-19 19:05:04 142,608 ----a-w C:\WINNT\system32\cdfview.dll
+ 2002-08-29 13:14:40 142,336 ----a-w C:\WINNT\system32\cdfview.dll
- 2003-06-19 19:05:04 550,672 ----a-w C:\WINNT\system32\COMCTL32.DLL
+ 2002-08-29 13:14:40 529,680 ----a-w C:\WINNT\system32\comctl32.dll
- 2002-07-24 12:00:00 14,608 ----a-w C:\WINNT\system32\corpol.dll
+ 2002-08-29 13:14:40 16,384 ----a-w C:\WINNT\system32\corpol.dll
- 2003-06-19 19:05:04 90,384 ----a-w C:\WINNT\system32\CRYPTDLG.DLL
+ 2002-08-29 13:14:40 89,872 ----a-w C:\WINNT\system32\cryptdlg.dll
- 2002-07-24 12:00:00 86,066 ----a-w C:\WINNT\system32\cscript.exe
+ 2001-06-26 23:49:06 102,450 ----a-w C:\WINNT\system32\cscript.exe
+ 2002-08-29 13:14:40 86,016 ----a-w C:\WINNT\system32\csseqchk.dll
- 2002-07-24 12:00:00 46,352 ----a-w C:\WINNT\system32\digest.dll
+ 2002-08-29 13:14:40 55,296 ----a-w C:\WINNT\system32\digest.dll
- 2002-07-24 12:00:00 45,112 ----a-w C:\WINNT\system32\dispex.dll
+ 2001-06-26 22:42:14 45,105 ----a-w C:\WINNT\system32\dispex.dll
- 2005-01-12 19:39:46 59,904 -c----w C:\WINNT\system32\dllcache\acctres.dll
+ 2002-08-29 13:06:14 64,512 -c--a-w C:\WINNT\system32\dllcache\acctres.dll
+ 2002-08-29 13:14:40 98,816 -c--a-w C:\WINNT\system32\dllcache\actxprxy.dll
+ 2002-08-29 13:14:40 91,136 -c--a-w C:\WINNT\system32\dllcache\advpack.dll
+ 2002-08-29 13:14:40 62,976 -c--a-w C:\WINNT\system32\dllcache\browselc.dll
- 2005-04-27 16:05:02 792,848 -c----w C:\WINNT\system32\dllcache\BROWSEUI.DLL
+ 2002-08-29 13:14:40 1,026,048 -c--a-w C:\WINNT\system32\dllcache\browseui.dll
+ 2002-08-29 13:14:40 71,680 -c--a-w C:\WINNT\system32\dllcache\browsewm.dll
+ 2002-08-29 13:14:40 142,336 -c--a-w C:\WINNT\system32\dllcache\cdfview.dll
+ 2002-08-29 13:14:40 529,680 -c--a-w C:\WINNT\system32\dllcache\comctl32.dll
- 2002-07-24 12:00:00 14,608 -c--a-w C:\WINNT\system32\dllcache\corpol.dll
+ 2002-08-29 13:14:40 16,384 -c--a-w C:\WINNT\system32\dllcache\corpol.dll
- 2003-06-19 19:05:04 90,384 -c----w C:\WINNT\system32\dllcache\cryptdlg.dll
+ 2002-08-29 13:14:40 89,872 -c--a-w C:\WINNT\system32\dllcache\cryptdlg.dll
- 2002-07-24 12:00:00 86,066 -c--a-w C:\WINNT\system32\dllcache\cscript.exe
+ 2001-06-26 23:49:06 102,450 -c--a-w C:\WINNT\system32\dllcache\cscript.exe
+ 2002-08-29 13:14:40 86,016 -c--a-w C:\WINNT\system32\dllcache\csseqchk.dll
- 2002-07-24 12:00:00 46,352 -c--a-w C:\WINNT\system32\dllcache\digest.dll
+ 2002-08-29 13:14:40 55,296 -c--a-w C:\WINNT\system32\dllcache\digest.dll
- 2005-01-12 19:39:50 58,128 -c----w C:\WINNT\system32\dllcache\directdb.dll
+ 2002-08-29 13:06:02 76,288 -c--a-w C:\WINNT\system32\dllcache\directdb.dll
- 2002-07-24 12:00:00 45,112 -c--a-w C:\WINNT\system32\dllcache\dispex.dll
+ 2001-06-26 22:42:14 45,105 -c--a-w C:\WINNT\system32\dllcache\dispex.dll
- 2002-07-24 12:00:00 325,904 -c--a-w C:\WINNT\system32\dllcache\dxtmsft.dll
+ 2002-08-29 13:14:40 351,232 -c--a-w C:\WINNT\system32\dllcache\dxtmsft.dll
- 2002-07-24 12:00:00 150,288 -c--a-w C:\WINNT\system32\dllcache\dxtrans.dll
+ 2002-08-29 13:14:40 187,392 -c--a-w C:\WINNT\system32\dllcache\dxtrans.dll
- 2002-07-24 12:00:00 27,920 -c--a-w C:\WINNT\system32\dllcache\ie4uinit.exe
+ 2002-08-29 13:14:40 28,672 -c--a-w C:\WINNT\system32\dllcache\ie4uinit.exe
- 2002-07-24 12:00:00 126,224 -c--a-w C:\WINNT\system32\dllcache\ieakeng.dll
+ 2002-08-29 13:14:40 126,976 -c--a-w C:\WINNT\system32\dllcache\ieakeng.dll
- 2002-07-24 12:00:00 110,864 -c--a-w C:\WINNT\system32\dllcache\ieaksie.dll
+ 2002-08-29 13:14:40 204,288 -c--a-w C:\WINNT\system32\dllcache\ieaksie.dll
- 2002-07-24 12:00:00 215,040 -c--a-w C:\WINNT\system32\dllcache\ieakui.dll
+ 2002-08-29 13:14:40 221,184 -c--a-w C:\WINNT\system32\dllcache\ieakui.dll
+ 2002-08-29 13:14:40 294,912 -c--a-w C:\WINNT\system32\dllcache\iedkcs32.dll
+ 2002-08-29 13:14:40 231,424 -c--a-w C:\WINNT\system32\dllcache\iepeers.dll
+ 2002-08-29 13:14:40 57,856 -c--a-w C:\WINNT\system32\dllcache\iesetup.dll
- 2002-07-24 12:00:00 60,688 -cs-a-w C:\WINNT\system32\dllcache\iexplore.exe
+ 2002-08-29 13:14:40 91,136 -c--a-w C:\WINNT\system32\dllcache\iexplore.exe
+ 2002-08-29 13:14:40 30,720 -c--a-w C:\WINNT\system32\dllcache\imgutil.dll
- 2005-04-28 20:06:22 575,760 -c--a-w C:\WINNT\system32\dllcache\INETCOMM.DLL
+ 2002-08-29 13:06:02 593,408 -c--a-w C:\WINNT\system32\dllcache\inetcomm.dll
+ 2002-08-29 13:14:40 110,592 -c--a-w C:\WINNT\system32\dllcache\inetcplc.dll
- 2005-01-12 19:39:52 47,616 -c----w C:\WINNT\system32\dllcache\inetres.dll
+ 2002-08-29 13:06:02 47,616 -c--a-w C:\WINNT\system32\dllcache\inetres.dll
- 2005-04-27 17:08:00 74,000 -c--a-w C:\WINNT\system32\dllcache\INSENG.DLL
+ 2002-08-29 13:14:40 69,632 -c--a-w C:\WINNT\system32\dllcache\inseng.dll
- 2005-01-12 19:39:44 487,481 -c----w C:\WINNT\system32\dllcache\jscript.dll
+ 2001-06-26 22:36:02 589,874 -c--a-w C:\WINNT\system32\dllcache\jscript.dll
- 2002-07-24 12:00:00 13,072 -c--a-w C:\WINNT\system32\dllcache\jsproxy.dll
+ 2002-08-29 13:14:40 12,288 -c--a-w C:\WINNT\system32\dllcache\jsproxy.dll
+ 2002-08-29 13:14:40 574,976 -c--a-w C:\WINNT\system32\dllcache\mlang.dll
+ 2002-08-29 13:14:40 24,576 -c--a-w C:\WINNT\system32\dllcache\mshta.exe
- 2005-11-22 23:13:28 2,299,664 -c----w C:\WINNT\system32\dllcache\MSHTML.DLL
+ 2002-08-29 13:14:40 2,786,816 -c--a-w C:\WINNT\system32\dllcache\mshtml.dll
+ 2002-08-29 13:14:40 434,688 -c--a-w C:\WINNT\system32\dllcache\mshtmled.dll
+ 2002-08-29 13:14:40 56,320 -c--a-w C:\WINNT\system32\dllcache\mshtmler.dll
+ 2002-08-29 13:14:40 44,032 -c--a-w C:\WINNT\system32\dllcache\msident.dll
+ 2002-08-29 13:14:40 14,848 -c--a-w C:\WINNT\system32\dllcache\msidntld.dll
+ 2002-08-29 13:14:40 248,080 -c--a-w C:\WINNT\system32\dllcache\msieftp.dll
+ 2002-08-29 13:06:02 57,344 -c--a-w C:\WINNT\system32\dllcache\msimn.exe
- 2005-04-28 20:06:28 1,147,152 -c--a-w C:\WINNT\system32\dllcache\MSOE.DLL
+ 2002-08-29 13:06:02 1,174,016 -c--a-w C:\WINNT\system32\dllcache\msoe.dll
+ 2002-08-29 13:06:14 228,864 -c--a-w C:\WINNT\system32\dllcache\msoeacct.dll
- 2005-01-12 19:39:56 911,872 -c--a-w C:\WINNT\system32\dllcache\msoeres.dll
+ 2002-08-29 13:06:02 2,479,104 -c--a-w C:\WINNT\system32\dllcache\msoeres.dll
- 2005-01-12 19:39:56 68,368 -c----w C:\WINNT\system32\dllcache\msoert2.dll
+ 2002-08-29 13:06:14 91,136 -c--a-w C:\WINNT\system32\dllcache\msoert2.dll
+ 2002-08-29 13:14:40 59,904 -c--a-w C:\WINNT\system32\dllcache\msratelc.dll
- 2005-04-27 17:06:02 149,776 -c--a-w C:\WINNT\system32\dllcache\MSRATING.DLL
+ 2002-08-29 13:14:40 132,096 -c--a-w C:\WINNT\system32\dllcache\msrating.dll
+ 2002-08-29 13:14:40 496,128 -c--a-w C:\WINNT\system32\dllcache\mstime.dll
- 2002-08-11 18:27:26 44,032 -c--a-w C:\WINNT\system32\dllcache\msxml3r.dll
+ 2002-08-29 13:14:40 44,032 -c--a-w C:\WINNT\system32\dllcache\msxml3r.dll
+ 2002-08-29 13:14:40 87,552 -c--a-w C:\WINNT\system32\dllcache\occache.dll
- 2005-01-12 19:39:58 74,512 -c----w C:\WINNT\system32\dllcache\oeimport.dll
+ 2002-08-29 13:06:02 93,184 -c--a-w C:\WINNT\system32\dllcache\oeimport.dll
+ 2002-08-29 13:06:02 55,808 -c--a-w C:\WINNT\system32\dllcache\oemig50.exe
+ 2002-08-29 13:06:02 32,256 -c--a-w C:\WINNT\system32\dllcache\oemiglib.dll
- 2005-04-27 16:07:24 48,912 -c----w C:\WINNT\system32\dllcache\PNGFILT.DLL
+ 2002-08-29 13:14:40 34,816 -c--a-w C:\WINNT\system32\dllcache\pngfilt.dll
+ 2001-06-26 22:38:20 159,793 -c--a-w C:\WINNT\system32\dllcache\scrobj.dll
+ 2001-06-26 22:39:42 151,601 -c--a-w C:\WINNT\system32\dllcache\scrrun.dll
+ 2002-08-29 13:14:40 18,704 -c--a-w C:\WINNT\system32\dllcache\sendmail.dll
+ 2002-08-29 13:06:14 67,584 -c--a-w C:\WINNT\system32\dllcache\setup50.exe
+ 2002-08-29 13:14:40 533,504 -c--a-w C:\WINNT\system32\dllcache\shdoclc.dll
- 2005-06-17 22:32:40 1,100,048 -c----w C:\WINNT\system32\dllcache\SHDOCVW.DLL
+ 2002-08-29 13:14:40 1,338,368 -c--a-w C:\WINNT\system32\dllcache\shdocvw.dll
  #6 (permalink)  
Antiguo 16/01/2008, 16:42
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Re: Les paso mi log, porfa me lo podrían revisar?
PARTE 3
----
- 2002-07-24 12:00:00 21,776 -c--a-w C:\WINNT\system32\dllcache\shfolder.dll
+ 2002-08-29 13:14:40 22,528 -c--a-w C:\WINNT\system32\dllcache\shfolder.dll
- 2005-08-25 06:13:36 284,432 -c--a-w C:\WINNT\system32\dllcache\SHLWAPI.DLL
+ 2002-08-29 13:14:40 395,264 -c--a-w C:\WINNT\system32\dllcache\shlwapi.dll
- 2002-07-24 12:00:00 149,776 -c--a-w C:\WINNT\system32\dllcache\triedit.dll
+ 2002-08-29 13:14:40 146,432 -c--a-w C:\WINNT\system32\dllcache\triedit.dll
- 2005-04-27 17:33:48 84,240 -c--a-w C:\WINNT\system32\dllcache\URL.DLL
+ 2002-08-29 13:14:40 106,496 -c--a-w C:\WINNT\system32\dllcache\url.dll
- 2005-10-24 20:33:56 423,696 -c----w C:\WINNT\system32\dllcache\URLMON.DLL
+ 2002-08-29 13:14:40 482,816 -c--a-w C:\WINNT\system32\dllcache\urlmon.dll
- 2005-01-12 19:39:46 438,330 -c----w C:\WINNT\system32\dllcache\vbscript.dll
+ 2002-02-26 21:58:06 462,906 -c--a-w C:\WINNT\system32\dllcache\vbscript.dll
- 2002-07-24 12:00:00 1,753,160 -c--a-w C:\WINNT\system32\dllcache\vgx.dll
+ 2004-03-11 01:09:06 2,283,008 -c--a-w C:\WINNT\system32\dllcache\vgx.dll
+ 2002-08-29 13:06:14 42,496 -c--a-w C:\WINNT\system32\dllcache\wab.exe
- 2005-01-12 19:40:00 454,416 -c----w C:\WINNT\system32\dllcache\wab32.dll
+ 2002-08-29 13:06:14 459,776 -c--a-w C:\WINNT\system32\dllcache\wab32.dll
- 2005-01-12 19:40:00 159,232 -c----w C:\WINNT\system32\dllcache\wab32res.dll
+ 2002-08-29 13:06:14 249,344 -c--a-w C:\WINNT\system32\dllcache\wab32res.dll
+ 2002-08-29 13:06:14 30,208 -c--a-w C:\WINNT\system32\dllcache\wabfind.dll
+ 2002-08-29 13:06:14 76,800 -c--a-w C:\WINNT\system32\dllcache\wabimp.dll
+ 2002-08-29 13:06:14 27,648 -c--a-w C:\WINNT\system32\dllcache\wabmig.exe
+ 2002-08-29 13:14:40 258,048 -c--a-w C:\WINNT\system32\dllcache\webcheck.dll
- 2005-10-24 20:33:46 451,344 -c----w C:\WINNT\system32\dllcache\WININET.DLL
+ 2002-08-29 13:14:40 585,728 -c--a-w C:\WINNT\system32\dllcache\wininet.dll
- 2002-07-24 12:00:00 90,162 -c--a-w C:\WINNT\system32\dllcache\wscript.exe
+ 2001-06-26 23:53:50 118,834 -c--a-w C:\WINNT\system32\dllcache\wscript.exe
+ 2001-06-26 23:59:32 28,721 -c--a-w C:\WINNT\system32\dllcache\wshcon.dll
- 2002-07-24 12:00:00 45,105 -c--a-w C:\WINNT\system32\dllcache\wshext.dll
+ 2001-06-26 23:56:36 65,585 -c--a-w C:\WINNT\system32\dllcache\wshext.dll
- 2002-07-24 12:00:00 325,904 ----a-w C:\WINNT\system32\dxtmsft.dll
+ 2002-08-29 13:14:40 351,232 ----a-w C:\WINNT\system32\dxtmsft.dll
- 2002-07-24 12:00:00 150,288 ----a-w C:\WINNT\system32\dxtrans.dll
+ 2002-08-29 13:14:40 187,392 ----a-w C:\WINNT\system32\dxtrans.dll
- 2006-03-23 18:55:15 75,968 ----a-w C:\WINNT\system32\FNTCACHE.DAT
+ 2008-01-11 19:46:10 137,256 ----a-w C:\WINNT\system32\FNTCACHE.DAT
- 2002-07-24 12:00:00 27,920 ----a-w C:\WINNT\system32\ie4uinit.exe
+ 2002-08-29 13:14:40 28,672 ----a-w C:\WINNT\system32\ie4uinit.exe
- 2002-07-24 12:00:00 126,224 ----a-w C:\WINNT\system32\ieakeng.dll
+ 2002-08-29 13:14:40 126,976 ----a-w C:\WINNT\system32\ieakeng.dll
- 2002-07-24 12:00:00 110,864 ----a-w C:\WINNT\system32\ieaksie.dll
+ 2002-08-29 13:14:40 204,288 ----a-w C:\WINNT\system32\ieaksie.dll
- 2002-07-24 12:00:00 215,040 ----a-w C:\WINNT\system32\ieakui.dll
+ 2002-08-29 13:14:40 221,184 ----a-w C:\WINNT\system32\ieakui.dll
- 2003-06-19 19:05:04 198,928 ----a-w C:\WINNT\system32\iedkcs32.dll
+ 2002-08-29 13:14:40 294,912 ----a-w C:\WINNT\system32\iedkcs32.dll
- 2005-06-18 01:23:24 100,112 ----a-w C:\WINNT\system32\IEPEERS.DLL
+ 2002-08-29 13:14:40 231,424 ----a-w C:\WINNT\system32\iepeers.dll
- 2003-06-19 19:05:04 58,128 ----a-w C:\WINNT\system32\iesetup.dll
+ 2002-08-29 13:14:40 57,856 ----a-w C:\WINNT\system32\iesetup.dll
- 2003-06-19 19:05:04 31,504 ----a-w C:\WINNT\system32\imgutil.dll
+ 2002-08-29 13:14:40 30,720 ----a-w C:\WINNT\system32\imgutil.dll
- 2005-04-28 20:06:22 575,760 ----a-w C:\WINNT\system32\INETCOMM.DLL
+ 2002-08-29 13:06:02 593,408 ----a-w C:\WINNT\system32\inetcomm.dll
- 2003-06-19 19:05:04 62,976 ----a-w C:\WINNT\system32\inetcplc.dll
+ 2002-08-29 13:14:40 110,592 ----a-w C:\WINNT\system32\inetcplc.dll
- 2005-01-12 19:39:52 47,616 ----a-w C:\WINNT\system32\inetres.dll
+ 2002-08-29 13:06:02 47,616 ----a-w C:\WINNT\system32\inetres.dll
- 2007-12-05 21:42:32 223,400 ----a-w C:\WINNT\system32\inetsrv\MetaBase.bin
+ 2008-01-16 21:47:19 223,398 ----a-w C:\WINNT\system32\inetsrv\MetaBase.bin
- 2005-04-27 17:08:00 74,000 ----a-w C:\WINNT\system32\INSENG.DLL
+ 2002-08-29 13:14:40 69,632 ----a-w C:\WINNT\system32\inseng.dll
- 2005-01-12 19:39:44 487,481 ----a-w C:\WINNT\system32\jscript.dll
+ 2001-06-26 22:36:02 589,874 ----a-w C:\WINNT\system32\jscript.dll
- 2002-07-24 12:00:00 13,072 ----a-w C:\WINNT\system32\jsproxy.dll
+ 2002-08-29 13:14:40 12,288 ----a-w C:\WINNT\system32\jsproxy.dll
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-07-27 21:49:02 196,683 ----a-w C:\WINNT\system32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w C:\WINNT\system32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w C:\WINNT\system32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w C:\WINNT\system32\lnod32upd.dll
- 2003-06-19 19:05:04 523,024 ----a-w C:\WINNT\system32\mlang.dll
+ 2002-08-29 13:14:40 574,976 ----a-w C:\WINNT\system32\mlang.dll
- 2002-07-24 12:00:00 94,480 ----a-w C:\WINNT\system32\msencode.dll
+ 2002-08-29 13:14:40 95,744 ----a-w C:\WINNT\system32\msencode.dll
- 2003-06-19 19:05:04 29,968 ----a-w C:\WINNT\system32\mshta.exe
+ 2002-08-29 13:14:40 24,576 ----a-w C:\WINNT\system32\mshta.exe
- 2005-11-22 23:13:28 2,299,664 ----a-w C:\WINNT\system32\MSHTML.DLL
+ 2002-08-29 13:14:40 2,786,816 ----a-w C:\WINNT\system32\mshtml.dll
- 2003-06-19 19:05:04 235,280 ----a-w C:\WINNT\system32\mshtmled.dll
+ 2002-08-29 13:14:40 434,688 ----a-w C:\WINNT\system32\mshtmled.dll
- 2003-06-19 19:05:04 58,368 ----a-w C:\WINNT\system32\mshtmler.dll
+ 2002-08-29 13:14:40 56,320 ----a-w C:\WINNT\system32\mshtmler.dll
- 2003-06-19 19:05:04 38,672 ----a-w C:\WINNT\system32\msident.dll
+ 2002-08-29 13:14:40 44,032 ----a-w C:\WINNT\system32\msident.dll
- 2003-06-19 19:05:04 14,848 ----a-w C:\WINNT\system32\msidntld.dll
+ 2002-08-29 13:14:40 14,848 ----a-w C:\WINNT\system32\msidntld.dll
- 2003-06-19 19:05:04 246,544 ----a-w C:\WINNT\system32\msieftp.dll
+ 2002-08-29 13:14:40 248,080 ----a-w C:\WINNT\system32\msieftp.dll
- 2003-06-19 19:05:04 183,056 ----a-w C:\WINNT\system32\msoeacct.dll
+ 2002-08-29 13:06:14 228,864 ----a-w C:\WINNT\system32\msoeacct.dll
- 2005-01-12 19:39:56 68,368 ----a-w C:\WINNT\system32\msoert2.dll
+ 2002-08-29 13:06:14 91,136 ----a-w C:\WINNT\system32\msoert2.dll
+ 2002-08-29 13:14:40 59,904 ----a-w C:\WINNT\system32\msratelc.dll
- 2005-04-27 17:06:02 149,776 ----a-w C:\WINNT\system32\MSRATING.DLL
+ 2002-08-29 13:14:40 132,096 ----a-w C:\WINNT\system32\msrating.dll
+ 2002-08-29 13:14:40 496,128 ----a-w C:\WINNT\system32\mstime.dll
- 2002-08-11 18:27:22 1,122,304 ----a-w C:\WINNT\system32\msxml3.dll
+ 2002-08-29 13:14:40 1,122,304 ----a-w C:\WINNT\system32\msxml3.dll
- 2002-02-19 20:22:12 24,576 ----a-w C:\WINNT\system32\msxml3a.dll
+ 2002-08-29 13:14:40 24,576 ----a-w C:\WINNT\system32\msxml3a.dll
- 2002-08-11 18:27:26 44,032 ----a-w C:\WINNT\system32\msxml3r.dll
+ 2002-08-29 13:14:40 44,032 ----a-w C:\WINNT\system32\msxml3r.dll
- 2003-06-19 19:05:04 87,824 ----a-w C:\WINNT\system32\occache.dll
+ 2002-08-29 13:14:40 87,552 ----a-w C:\WINNT\system32\occache.dll
+ 2007-08-03 00:11:28 253,952 ----a-w C:\WINNT\system32\OnlineScannerDLLA.dll
+ 2007-08-03 00:11:14 241,664 ----a-w C:\WINNT\system32\OnlineScannerDLLW.dll
+ 2007-08-08 22:30:12 19,456 ----a-w C:\WINNT\system32\OnlineScannerLang.dll
+ 2007-06-13 17:10:34 77,824 ----a-w C:\WINNT\system32\OnlineScannerUninstaller.exe
- 2005-04-27 17:07:24 48,912 ----a-w C:\WINNT\system32\PNGFILT.DLL
+ 2002-08-29 13:14:40 34,816 ----a-w C:\WINNT\system32\pngfilt.dll
- 2003-06-19 19:05:04 151,601 ----a-w C:\WINNT\system32\scrobj.dll
+ 2001-06-26 22:38:20 159,793 ----a-w C:\WINNT\system32\scrobj.dll
- 2003-06-19 19:05:04 147,512 ----a-w C:\WINNT\system32\scrrun.dll
+ 2001-06-26 22:39:42 151,601 ----a-w C:\WINNT\system32\scrrun.dll
- 2003-06-19 19:05:04 18,704 ----a-w C:\WINNT\system32\sendmail.dll
+ 2002-08-29 13:14:40 18,704 ----a-w C:\WINNT\system32\sendmail.dll
+ 2002-08-29 13:14:40 50,688 ----a-w C:\WINNT\system32\setupwbv.dll
- 2003-06-19 19:05:04 332,288 ----a-w C:\WINNT\system32\shdoclc.dll
+ 2002-08-29 13:14:40 533,504 ----a-w C:\WINNT\system32\shdoclc.dll
- 2005-06-17 23:32:40 1,100,048 ----a-w C:\WINNT\system32\SHDOCVW.DLL
+ 2002-08-29 13:14:40 1,338,368 ----a-w C:\WINNT\system32\shdocvw.dll
- 2002-07-24 12:00:00 21,776 ----a-w C:\WINNT\system32\shfolder.dll
+ 2002-08-29 13:14:40 22,528 ----a-w C:\WINNT\system32\shfolder.dll
- 2005-08-25 06:13:36 284,432 ----a-w C:\WINNT\system32\SHLWAPI.DLL
+ 2002-08-29 13:14:40 395,264 ----a-w C:\WINNT\system32\shlwapi.dll
+ 2004-04-15 19:44:02 1,202,688 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZ3A041. DLL
+ 2004-04-15 19:43:16 1,117,696 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZ6R041. DLL
+ 2004-04-15 19:43:04 570,368 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZEV041. DLL
+ 2004-04-15 19:43:08 61,952 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZPP041. DLL
+ 2004-04-15 19:36:44 433,664 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZSS041. DLL
+ 2004-04-15 18:52:56 2,337,280 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZST041. DLL
  #7 (permalink)  
Antiguo 16/01/2008, 16:43
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Re: Les paso mi log, porfa me lo podrían revisar?
PARTE 4 Y ÚLTIMA... Y SRY POR LA TARDANZA...
------
+ 2004-04-15 19:43:00 1,907,200 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZUI041. DLL
- 2007-07-23 00:39:27 279,552 ----a-w C:\WINNT\system32\swreg.exe
+ 2000-08-31 14:00:00 156,160 ----a-w C:\WINNT\system32\swreg.exe
- 2006-11-29 23:21:29 370,688 ----a-w C:\WINNT\system32\swsc.exe
+ 2000-08-31 14:00:00 136,704 ----a-w C:\WINNT\system32\swsc.exe
- 2006-12-01 11:20:32 212,480 ----a-w C:\WINNT\system32\swxcacls.exe
+ 2000-08-31 14:00:00 212,480 ----a-w C:\WINNT\system32\swxcacls.exe
+ 2004-12-07 17:11:34 258,352 ----a-w C:\WINNT\system32\unicows.dll
+ 2001-03-23 22:17:12 7,168 ----a-w C:\WINNT\system32\updcrl.exe
- 2005-04-27 17:33:48 84,240 ----a-w C:\WINNT\system32\URL.DLL
+ 2002-08-29 13:14:40 106,496 ----a-w C:\WINNT\system32\url.dll
- 2005-10-24 20:33:56 423,696 ----a-w C:\WINNT\system32\URLMON.DLL
+ 2002-08-29 13:14:40 482,816 ----a-w C:\WINNT\system32\urlmon.dll
- 2005-01-12 19:39:46 438,330 ----a-w C:\WINNT\system32\vbscript.dll
+ 2002-02-26 21:58:06 462,906 ----a-w C:\WINNT\system32\vbscript.dll
- 2006-11-27 08:34:46 49,152 ----a-w C:\WINNT\system32\VFind.exe
+ 2000-08-31 14:00:00 49,152 ----a-w C:\WINNT\system32\VFind.exe
- 2003-06-19 19:05:04 257,808 ----a-w C:\WINNT\system32\webcheck.dll
+ 2002-08-29 13:14:40 258,048 ----a-w C:\WINNT\system32\webcheck.dll
- 2005-10-24 20:33:46 451,344 ----a-w C:\WINNT\system32\WININET.DLL
+ 2002-08-29 13:14:40 585,728 ----a-w C:\WINNT\system32\wininet.dll
- 2002-07-24 12:00:00 90,162 ----a-w C:\WINNT\system32\wscript.exe
+ 2001-06-26 23:53:50 118,834 ----a-w C:\WINNT\system32\wscript.exe
+ 2001-06-26 23:59:32 28,721 ----a-w C:\WINNT\system32\wshcon.dll
- 2002-07-24 12:00:00 45,105 ----a-w C:\WINNT\system32\wshext.dll
+ 2001-06-26 23:56:36 65,585 ----a-w C:\WINNT\system32\wshext.dll
+ 2008-01-11 23:32:43 490,608 ----a-w C:\WINNT\Windows Update Setup Files\ie6setup.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SybaseCentral43"="D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe" [09/28/06 02:44p 102400]
"DBISQL9"="D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe" [12/08/06 07:09p 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/02/08 10:28a 949376]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [01/14/08 11:18a 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
"NoFileAssociate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 01:55p 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"MSSEARCH"=2 (0x2)

R0 DfsDriver;DfsDriver;C:\WINNT\system32\drivers\Dfs. sys [06/19/03 01:05p]
R0 mraid2k;mraid2k;C:\WINNT\system32\drivers\mraid2k. sys [07/22/04 04:11a]
R2 ASANYs_serv_v8;Adaptive Server Anywhere - serv_v8;D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe [12/08/06 07:07p]
R2 Dfs;Distributed File System;C:\WINNT\system32\Dfssvc.exe [06/19/03 01:05p]
R2 NntpSvc;Network News Transport Protocol (NNTP);C:\WINNT\System32\inetsrv\inetinfo.exe [06/19/03 01:05p]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINNT\System32\inetsrv\inetinfo.exe [06/19/03 01:05p]
R2 TermServLicensing;Terminal Services Licensing;C:\WINNT\System32\lserver.exe [06/19/03 01:05p]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [06/19/03 01:05p]
R3 spud;Special Purpose Utility Driver;C:\WINNT\system32\drivers\spud.sys [07/24/02 06:00a]
S3 NtFrs;File Replication;C:\WINNT\system32\ntfrs.exe [06/19/03 01:05p]
S3 TDASYNC;TDASYNC;C:\WINNT\system32\drivers\TDASYNC. sys [06/19/03 01:05p]
S3 TDIPX;TDIPX;C:\WINNT\system32\drivers\TDIPX.sys [06/19/03 01:05p]
S3 TDNETB;TDNETB;C:\WINNT\system32\drivers\TDNETB.sys [06/19/03 01:05p]
S3 TDSPX;TDSPX;C:\WINNT\system32\drivers\TDSPX.sys [06/19/03 01:05p]
S3 TrkSvr;Distributed Link Tracking Server;C:\WINNT\system32\services.exe [04/08/05 05:51a]
S4 ASANYs_EK_ADM00;Adaptive Server Anywhere - EK_ADM00;D:\Program Files\Sybase\SQL Anywhere 7\win32\dbsrv7.exe [07/31/01 11:24p]
S4 IsmServ;Intersite Messaging;C:\WINNT\System32\ismserv.exe [06/19/03 01:05p]
S4 kdc;Kerberos Key Distribution Center;C:\WINNT\System32\lsass.exe [12/19/04 04:30p]
S4 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [12/04/02 10:52a]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 08:00:58 C:\WINNT\Tasks\respaldo_ek- Server.job"
- D:\respaldos ek\respaldo_ek- Server.bat
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 16:19:07
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\lsass.exe [5.00.2195.7011]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 01/17/2008 16:21:29
ComboFix-quarantined-files.txt 2008-01-17 22:20:48
ComboFix2.txt 2007-12-05 21:43:35
  #8 (permalink)  
Antiguo 16/01/2008, 16:49
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 16 años, 4 meses
Puntos: 0
Re: Les paso mi log, porfa me lo podrían revisar?
In the hijackthis log the following program is running, but after Windows I don't have a System32 folder.

Is there a way to change the path to C:\WINNT\SYSTEM32\ ?

C:\Documents and Settings\Administrator.SERVIDOR\WINDOWS\System32\s mss.exe
Atención: Estás leyendo un tema que no tiene actividad desde hace más de 6 MESES, te recomendamos abrir un Nuevo tema en lugar de responder al actual.
Respuesta


« Tema Anterior | Próximo Tema »


La zona horaria es GMT -6. Ahora son las 15:40.