Hello everybody,
I come back to this forum after a while without writing. I think I have got infected but some kind of BackDoor.Talex trojan.
After my CA antivirus detected a infected file, I got the message from ZoneAlarm that Regscan.exe was trying to access to the internet (for first time). Here I post the hijack log:
NOTE: I just killed the regscan.exe from the running processes.
I see nothing extrange except some entries with "no name". Can anybody help me with this??
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10498 bytes
0
regscan.exe infected?
Started by nesmo, Apr 09 2007 04:05 PM
21 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 09 April 2007 - 04:41 PM
Please do not cut off the top of the hijackthis log. It provides valuable info that we need to see.
Download AVG Anti-Spyware
Run Kaspersky WebScanner
Download AVG Anti-Spyware
- Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top and then click on Complete System Scan
- Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
- Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Run Kaspersky WebScanner
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
- Paste kaspersky log onto forum.
#3 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 10 April 2007 - 06:53 AM
Hello rridgely,
thank you for your quick answer.
I have done what you asked. Please, note that I run Ewido and Kaspersky scanner at the same time.
Hope that result is not affected.
Here we have the AVG Anti-Spyware log (I have translated some words since it was in spanish...sorry)
---------------------------------------------------------
AVG Anti-Spyware - Informe del análisis
---------------------------------------------------------
+ Creado en: 23:36:59 09/04/2007
+ Resultado del análisis:
C:\Documents and Settings\Nesmo\Cookies\nesmo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Limpios. (Clean)
C:\Documents and Settings\Nesmo\Cookies\nesmo@weborama[2].txt -> TrackingCookie.Weborama : Limpios. (Clean)
C:\WINDOWS\system32\regscan.exe -> Downloader.Agent.azr : Limpios con copia de seguridad (en cuarentena).
(Clean with backup copy - Quarantine)
C:\WINDOWS\system32\~.exe -> Dropper.Agent.bfd : Limpios con copia de seguridad (en cuarentena).
(Clean with backup copy - Quarantine)
C:\Archivos de programa\eMule\LinkCreator.exe -> Worm.Luder.a : Limpios con copia de seguridad (en cuarentena).
(Clean with backup copy - Quarantine)
::Fin del informe
The Kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 09, 2007 11:38:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/04/2007
Kaspersky Anti-Virus database records: 293383
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 77689
Number of viruses found: 2
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:24:04
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\Perflib_Perfdata_838.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF2D93.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF37BC.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DFE0CB.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nesmo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{837698BD-DDF5-417B-A39E-81147F1AE21D}\RP135\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB830680$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FA79E3FF-3F12-4639-8DDC-CAE56CF6BDD0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\regscan.exe Infected: Trojan-Downloader.Win32.Agent.azr skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\~.exe Infected: Trojan-Dropper.Win32.Agent.bfd skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
And the Hijackthis log (after the two scans of above):
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:43:51, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10821 bytes
thank you for your quick answer.
I have done what you asked. Please, note that I run Ewido and Kaspersky scanner at the same time.
Hope that result is not affected.
Here we have the AVG Anti-Spyware log (I have translated some words since it was in spanish...sorry)
---------------------------------------------------------
AVG Anti-Spyware - Informe del análisis
---------------------------------------------------------
+ Creado en: 23:36:59 09/04/2007
+ Resultado del análisis:
C:\Documents and Settings\Nesmo\Cookies\nesmo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Limpios. (Clean)
C:\Documents and Settings\Nesmo\Cookies\nesmo@weborama[2].txt -> TrackingCookie.Weborama : Limpios. (Clean)
C:\WINDOWS\system32\regscan.exe -> Downloader.Agent.azr : Limpios con copia de seguridad (en cuarentena).
(Clean with backup copy - Quarantine)
C:\WINDOWS\system32\~.exe -> Dropper.Agent.bfd : Limpios con copia de seguridad (en cuarentena).
(Clean with backup copy - Quarantine)
C:\Archivos de programa\eMule\LinkCreator.exe -> Worm.Luder.a : Limpios con copia de seguridad (en cuarentena).
(Clean with backup copy - Quarantine)
::Fin del informe
The Kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 09, 2007 11:38:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/04/2007
Kaspersky Anti-Virus database records: 293383
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 77689
Number of viruses found: 2
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:24:04
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\Perflib_Perfdata_838.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF2D93.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF37BC.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DFE0CB.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nesmo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{837698BD-DDF5-417B-A39E-81147F1AE21D}\RP135\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB830680$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FA79E3FF-3F12-4639-8DDC-CAE56CF6BDD0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\regscan.exe Infected: Trojan-Downloader.Win32.Agent.azr skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\~.exe Infected: Trojan-Dropper.Win32.Agent.bfd skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
And the Hijackthis log (after the two scans of above):
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:43:51, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10821 bytes
#4 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 12 April 2007 - 04:33 PM
Hello all,
I think my log has been forgotten....Could anybody help me to understand if it is OK??
I have passed the AVG anti-spyware and the Kaspersky scan. Both have encountered some junk (see above post).
I do not see strange entries in the Hjackthis log.
So, what to do next?
Thanks in advance.
I think my log has been forgotten....Could anybody help me to understand if it is OK??
I have passed the AVG anti-spyware and the Kaspersky scan. Both have encountered some junk (see above post).
I do not see strange entries in the Hjackthis log.
So, what to do next?
Thanks in advance.
#5 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 12 April 2007 - 05:08 PM
Sorry about that. I usually try reply within a day, but if it gets to be 2-3 just post or send me a PM.
Run Panda Activescan from Here.
Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.
Post the scan log and a new hijackthis log.
Run Panda Activescan from Here.
Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.
Post the scan log and a new hijackthis log.
#6 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 12 April 2007 - 08:08 PM
Hello rridgely,
thank you for your answer.
I run the Panda scan and Hijackthis....Here we have the logs:
- From Panda:
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@ad.yieldmanager[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@adserver.terra[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@tradedoubler[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
- From HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:56:31, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32�THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32�THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10653 bytes
I see a couple of (no name) entries that can be fixed I guess. And about the file process.exe....false positive??
Thanks in advance.
thank you for your answer.
I run the Panda scan and Hijackthis....Here we have the logs:
- From Panda:
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@ad.yieldmanager[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@adserver.terra[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@tradedoubler[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Nesmo\Cookies\nesmo@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
- From HijackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:56:31, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32�THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32�THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10653 bytes
I see a couple of (no name) entries that can be fixed I guess. And about the file process.exe....false positive??
Thanks in advance.
#7 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 13 April 2007 - 12:31 AM
Please post back the results of the below scan:
Run BitDefender Online Scanner
Run BitDefender Online Scanner
- Using internet Explorer please go HERE to run BitDefender's Online scan.
- Read the terms and then click I Agree
- You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
- On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
- Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
- Reboot your computer
#8 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 13 April 2007 - 11:19 PM
Hello rridgely,
the scan of bitdefender did not find anything.
After reboot, here we have a new log of hijackthis...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:15:40, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32�THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32�THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10942 bytes
So, any other action???
Thank you very much.
the scan of bitdefender did not find anything.
After reboot, here we have a new log of hijackthis...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:15:40, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32�THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32�THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10942 bytes
So, any other action???
Thank you very much.
#9 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 14 April 2007 - 12:36 AM
Find and delete the following files:
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\~.exe
If you cant find them let me know.
---------
I want to scan that process.exe file. Follow the below instructions
Please visit VirusTotal and have this file scanned:
C:\WINDOWS\system32\Process.exe
Open the scan site and press Browse, locate the file and double click it to load the path into the Virus scan window then press Send, copy and paste the scan results back on here, let us know if you have any problems finding the file.
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\~.exe
If you cant find them let me know.
---------
I want to scan that process.exe file. Follow the below instructions
Please visit VirusTotal and have this file scanned:
C:\WINDOWS\system32\Process.exe
Open the scan site and press Browse, locate the file and double click it to load the path into the Virus scan window then press Send, copy and paste the scan results back on here, let us know if you have any problems finding the file.
#10 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 15 April 2007 - 04:43 PM
Hello rridgely,
about the files you proposed me to delete. I do not find them doing a search in my computer.
The most similar ones are the next:
c:/WINDOWS/Prefetch/REGSCAN.EXE-3B8CA57F.pf
c:/WINDOWS/Prefetch/~.EXE-3B3A448A.pf
I guess they have been put in quarantine maybe.
About the scan of the file process.exe with virustotal.com, it seems to be a malicious program....
Antivirus Version Update Result
AhnLab-V3 2007.4.14.0 04.13.2007 Win-AppCare/PrcViewer.53248
AntiVir 7.3.1.50 04.13.2007 no virus found
Authentium 4.93.8 04.14.2007 no virus found
Avast 4.7.936.0 04.13.2007 no virus found
AVG 7.5.0.447 04.13.2007 no virus found
BitDefender 7.2 04.14.2007 no virus found
CAT-QuickHeal 9.00 04.13.2007 no virus found
ClamAV devel-20070312 04.13.2007 no virus found
DrWeb 4.33 04.14.2007 no virus found
eSafe 7.0.15.0 04.12.2007 no virus found
eTrust-Vet 30.7.3567 04.14.2007 no virus found
Ewido 4.0 04.14.2007 no virus found
FileAdvisor 1 04.14.2007 Low threat detected
Fortinet 2.85.0.0 04.14.2007 Misc/PrcViewer
F-Prot 4.3.2.48 04.13.2007 no virus found
F-Secure 6.70.13030.0 04.13.2007 no virus found
Ikarus T3.1.1.5 04.14.2007 Riskware.RiskTool.Win32.Processor.20
Kaspersky 4.0.2.24 04.14.2007 no virus found
McAfee 5009 04.13.2007 potentially unwanted program PrcViewer
Microsoft 1.2405 04.14.2007 no virus found
NOD32v2 2187 04.13.2007 Win32/PrcView
Norman 5.80.02 04.12.2007 no virus found
Panda 9.0.0.4 04.14.2007 Application/Processor
Prevx1 V2 04.14.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 no virus found
Let me know if I should delete it please.
Thanks!!
about the files you proposed me to delete. I do not find them doing a search in my computer.
The most similar ones are the next:
c:/WINDOWS/Prefetch/REGSCAN.EXE-3B8CA57F.pf
c:/WINDOWS/Prefetch/~.EXE-3B3A448A.pf
I guess they have been put in quarantine maybe.
About the scan of the file process.exe with virustotal.com, it seems to be a malicious program....
Antivirus Version Update Result
AhnLab-V3 2007.4.14.0 04.13.2007 Win-AppCare/PrcViewer.53248
AntiVir 7.3.1.50 04.13.2007 no virus found
Authentium 4.93.8 04.14.2007 no virus found
Avast 4.7.936.0 04.13.2007 no virus found
AVG 7.5.0.447 04.13.2007 no virus found
BitDefender 7.2 04.14.2007 no virus found
CAT-QuickHeal 9.00 04.13.2007 no virus found
ClamAV devel-20070312 04.13.2007 no virus found
DrWeb 4.33 04.14.2007 no virus found
eSafe 7.0.15.0 04.12.2007 no virus found
eTrust-Vet 30.7.3567 04.14.2007 no virus found
Ewido 4.0 04.14.2007 no virus found
FileAdvisor 1 04.14.2007 Low threat detected
Fortinet 2.85.0.0 04.14.2007 Misc/PrcViewer
F-Prot 4.3.2.48 04.13.2007 no virus found
F-Secure 6.70.13030.0 04.13.2007 no virus found
Ikarus T3.1.1.5 04.14.2007 Riskware.RiskTool.Win32.Processor.20
Kaspersky 4.0.2.24 04.14.2007 no virus found
McAfee 5009 04.13.2007 potentially unwanted program PrcViewer
Microsoft 1.2405 04.14.2007 no virus found
NOD32v2 2187 04.13.2007 Win32/PrcView
Norman 5.80.02 04.12.2007 no virus found
Panda 9.0.0.4 04.14.2007 Application/Processor
Prevx1 V2 04.14.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 no virus found
Let me know if I should delete it please.
Thanks!!
#11 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 15 April 2007 - 05:24 PM
Run the two tools below and post back the logs:
Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.
Download GMER from Here
Unzip it and start GMER.exe. Click the rootkit-tab and click scan.
Once done, click the Copy button. This will copy the results to clipboard.
You can then right click into a notepad file or straight back on here and choose Paste to post the results back.
Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.
Download GMER from Here
Unzip it and start GMER.exe. Click the rootkit-tab and click scan.
Once done, click the Copy button. This will copy the results to clipboard.
You can then right click into a notepad file or straight back on here and choose Paste to post the results back.
#12 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 15 April 2007 - 06:23 PM
Hi rridgely,
one more time, thank you for your help regarding this problem.
Blacklight did find nothing.
The log of gmer is the next:
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-15 20:17:41
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, FC, 74, EE, E0, 5E, 75, ... ]
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [ 63, 75, EE ]
? C:\WINDOWS\system32\drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
? srescan.sys El sistema no puede hallar el archivo especificado.
.text USBPORT.SYS!DllUnload F6FE062C 5 Bytes JMP 862111C8
? C:\WINDOWS\System32\DRIVERS\update.sys
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, FC, 74, EE, E0, 5E, 75, ... ]
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [ 63, 75, EE ]
---- User code sections - GMER 1.0.12 ----
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 0099F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 00B2FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 00B2FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 00B2FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 00B2FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 00B2FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 00B2FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 009C15DA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 0099F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 00B2FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 00B2FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 00B2FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 00B2FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 00B2FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 00B2FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 009C15DA C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 863621E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 861E2600
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 861E1980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 863D11E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 861E5980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 863631E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_PNP 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86062980
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 861E2600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85EEA980
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 861E2600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85EEA980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 861E1980
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 863D11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_PNP 86062980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 860941E8
---- EOF - GMER 1.0.12 ----
According to my understanding, the first program scans hidden files on my pc.
The second one lists all the installed drivers. Do you think that process.exe has installed some driver on my computer?
Thanks and regards
one more time, thank you for your help regarding this problem.
Blacklight did find nothing.
The log of gmer is the next:
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-04-15 20:17:41
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, FC, 74, EE, E0, 5E, 75, ... ]
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [ 63, 75, EE ]
? C:\WINDOWS\system32\drivers\sptd.sys El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso.
? srescan.sys El sistema no puede hallar el archivo especificado.
.text USBPORT.SYS!DllUnload F6FE062C 5 Bytes JMP 862111C8
? C:\WINDOWS\System32\DRIVERS\update.sys
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, FC, 74, EE, E0, 5E, 75, ... ]
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [ 63, 75, EE ]
---- User code sections - GMER 1.0.12 ----
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 0099F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 00B2FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 00B2FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 00B2FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 00B2FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 00B2FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 00B2FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 009C15DA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 0099F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 00B2FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 00B2FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 00B2FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 00B2FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 00B2FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 00B2FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Archivos de programa\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 009C15DA C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 863621E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 863621E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 861E2600
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 861E1980
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 861E1980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 863D11E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 861E5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 861E5980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 863631E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{27D4F5E2-9AED-4020-B868-6AE444B64FC4} IRP_MJ_PNP 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86062980
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 861E2600
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85EEA980
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7612A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [EE7612A0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 861E2600
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 861E2600
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85EEA980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85EEA980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 861E1980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 861E1980
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 863D11E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_CREATE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_CLOSE 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_INTERNAL_DEVICE_CONTROL 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_CLEANUP 86062980
Device \Driver\NetBT \Device\NetBT_Tcpip_{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7} IRP_MJ_PNP 86062980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 860941E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 860941E8
---- EOF - GMER 1.0.12 ----
According to my understanding, the first program scans hidden files on my pc.
The second one lists all the installed drivers. Do you think that process.exe has installed some driver on my computer?
Thanks and regards
#13 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 15 April 2007 - 07:01 PM
Those two programs scan for rootkits to make sure there is nothing hiding files on your computer. Process.exe is added by a lot of programs to kill processes that may interfere with them.(used by good and bad programs) You can delete it or not, its completely up to you.
Can you set Windows to show hidden files and folders
Click Start. Goto MyComputer then C:\drive
Select the Tools menu from the top bar and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
UnCheck the "Hide protected operating system files (recommended)" option.
Click Yes to confirm then OK.
Now I want you to try and find those files again that you couldn't find before. If you find them delete them and then follow the below instructions:
Set this back once you have checked for the file by opening the same page and pressing the Restore Defaults button the click Apply and OK.
Can you set Windows to show hidden files and folders
Click Start. Goto MyComputer then C:\drive
Select the Tools menu from the top bar and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
UnCheck the "Hide protected operating system files (recommended)" option.
Click Yes to confirm then OK.
Now I want you to try and find those files again that you couldn't find before. If you find them delete them and then follow the below instructions:
Set this back once you have checked for the file by opening the same page and pressing the Restore Defaults button the click Apply and OK.
#14 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 15 April 2007 - 08:28 PM
Hi,
I did what you suggested me. I have checked manually for
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\~.exe
and I have performed a search but nothing. I do not find them.
So, have they been deleted maybe? Any other action?
Thxs
I did what you suggested me. I have checked manually for
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\~.exe
and I have performed a search but nothing. I do not find them.
So, have they been deleted maybe? Any other action?
Thxs
#15 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 15 April 2007 - 09:45 PM
Do you think your AV could have deleted them? Did you get a prompt or anything about that?
At this point I think the best option would be to run the kaspersky scan again and see if they are still detected.
Post back the log after the scan.
At this point I think the best option would be to run the kaspersky scan again and see if they are still detected.
Post back the log after the scan.
#16 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 16 April 2007 - 05:33 PM
Hi,
kaspersky scanner returns the next:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 16, 2007 7:28:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/04/2007
Kaspersky Anti-Virus database records: 298177
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 76638
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:17:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF7E68.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF8AA5.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF9C33.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nesmo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{837698BD-DDF5-417B-A39E-81147F1AE21D}\RP140\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB830680$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\NESTOR.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BCE89BBF-7CA7-4C14-BA65-89193FC7F3E9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT07b5a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT07b64.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
So, nothing found. I do not understand where these files have gone....
Do I perform an AVG scanner?
Thanks one more time.
kaspersky scanner returns the next:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 16, 2007 7:28:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/04/2007
Kaspersky Anti-Virus database records: 298177
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 76638
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:17:22
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF7E68.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF8AA5.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Configuración local\Temp\~DF9C33.tmp Object is locked skipped
C:\Documents and Settings\Nesmo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nesmo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nesmo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{837698BD-DDF5-417B-A39E-81147F1AE21D}\RP140\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB830680$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB831905$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\NESTOR.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BCE89BBF-7CA7-4C14-BA65-89193FC7F3E9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT07b5a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT07b64.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
So, nothing found. I do not understand where these files have gone....
Do I perform an AVG scanner?
Thanks one more time.
#17 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 16 April 2007 - 09:58 PM
The files were probably deleted by one of your resident antivirus or antispyware programs.
Either way, they are gone and thats all that matters.
Post a new hijackthis log.
Either way, they are gone and thats all that matters.
Post a new hijackthis log.
#18 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 17 April 2007 - 10:57 AM
I agree with you. Nice that they are not there any more.
The Hijackthis log....
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:52:48, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32�THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32�THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10816 bytes
One question...the entries tagged with "no name", are entries left by uninstalled programs??
What about the ones tagged with "file missing"? Same case?
Thank for all
The Hijackthis log....
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:52:48, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32�THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Nesmo\Escritorio\hijack\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32�THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Archivos de programa\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Archivos de programa\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Archivos de programa\TOSHIBA\Free Update Service\splash.html
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways...r_v2.1.0.56.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC7188E-96C7-43D4-AEE2-750AA87A2CF7}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Archivos de programa\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
--
End of file - 10816 bytes
One question...the entries tagged with "no name", are entries left by uninstalled programs??
What about the ones tagged with "file missing"? Same case?
Thank for all
#19 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 18 April 2007 - 12:28 AM
No name entries are caused by a bug in hijackthis and sometimes thats the same for the file missing ones.
Other times the file really is missing. (you can delete them if you wish, doesn't really matter for the entries in your log)
Is everything back to normal on your pc? Still having any problems?
Other times the file really is missing. (you can delete them if you wish, doesn't really matter for the entries in your log)
Is everything back to normal on your pc? Still having any problems?
#20 OFFLINE
-
- Members
-
- 12 posts
Member
Posted 18 April 2007 - 08:45 AM
Hi,
yes, everything seems normal on my pc. No strange behaviour or problems.
Is it the log OK? Can we optimize anything?
About deleting those entries, how do I do it? Selecting them and clicking on "fix" on hijackthis??
Thanks a lot
yes, everything seems normal on my pc. No strange behaviour or problems.
Is it the log OK? Can we optimize anything?
About deleting those entries, how do I do it? Selecting them and clicking on "fix" on hijackthis??
Thanks a lot
