Ayuda !!! ... (problema svchost.exe creo)
Por favor....
Una ayudita, por caridad... el tema no está cerrado !!!
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
Al parecer has enviado un log a Satinfo, en lugar del fichero por haberlo borrado,
Evidentemente te habrán pedido fichero a investigar, pues sin ello no se puede replicar colocandolo en otro ordenador y monitorizando el proceso.
Si ya no tiene el fichero, postea aquí el log en cuestion para su estudio y te ayudaremos. El envio azonavirus@satinfo.es es exclusivo para muestras víricas, pues los logs los podemos ver en el foro.
Copia y pegalo en tu proximo post y veremos si nos da alguna pista.
saludos
ms, 3-01-2005
Evidentemente te habrán pedido fichero a investigar, pues sin ello no se puede replicar colocandolo en otro ordenador y monitorizando el proceso.
Si ya no tiene el fichero, postea aquí el log en cuestion para su estudio y te ayudaremos. El envio a
Copia y pegalo en tu proximo post y veremos si nos da alguna pista.
saludos
ms, 3-01-2005
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
--- Search result list ---
--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\Cookies.sbi
2004-12-15 Includes\Dialer.sbi
2004-12-16 Includes\Hijackers.sbi
2004-12-15 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-12-15 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2004-12-16 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2004-12-15 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Internet Explorer 6 / SP0: Revisión de Windows XP - KB834707
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Revisión de Windows XP - KB834707
/ Windows XP / SP3: Revisión de Windows XP - KB873339
/ Windows XP / SP3: Revisión de Windows XP - KB885835
/ Windows XP / SP3: Revisión de Windows XP - KB885836
/ Windows XP / SP3: Revisión de Windows XP - KB885884
/ Windows XP / SP3: Revisión de Windows XP - KB886185
--- Startup entries list ---
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 3175eb8ef1c6c38f440fcb2d1403b823
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 3175eb8ef1c6c38f440fcb2d1403b823
Located: HK_LM:Run, NVMixerTray
command: "C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
file: C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 46ee79e42e5e056e91ea4eb07e7b807a
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 921600
MD5: fbbecaa0be1dfe02e91ece580af3e0c8
Located: HK_LM:Run, SpybotSnD
command: "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"
file: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
size: 3948032
MD5: 9d7660564cf9a8226dc8d44679f3a64b
Located: HK_LM:Run, TCASUTIEXE
command: TCAUDIAG.exe -off
file: C:\WINDOWS\system32\TCAUDIAG.exe
size: 1323008
MD5: 2554c50d1b238b32465467835bb3fd75
Located: HK_LM:Run, AWMON (DISABLED)
command: "C:\Archivos de programa\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 64e003a0eaad29cff972c7c67ac66b0c
Located: HK_LM:Run, UserFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 64e003a0eaad29cff972c7c67ac66b0c
Located: HK_CU:Run, MSMSGS
command: "C:\Archivos de programa\Messenger\msmsgs.exe" /background
file: C:\Archivos de programa\Messenger\msmsgs.exe
size: 1667584
MD5: 8a6df5f9eb43d48d647d65377181f2ab
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d
Located: Inicio (común), Acrobat Assistant.lnk
command: C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: Inicio (común), Adobe Gamma Loader.lnk
command: C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Inicio (común), BTTray.lnk
command: C:\Archivos de programa\Conceptronic\Bluetooth Software\BTTray.exe
file: C:\Archivos de programa\Conceptronic\Bluetooth Software\BTTray.exe
size: 360509
MD5: fe7c3a127a91b42adadfaaef317c459a
Located: Inicio (común), InterVideo WinCinema Manager.lnk
command: C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 151552
MD5: 385c0b6ec53b8d8781efef8e55b72e44
Located: Inicio (común), Microsoft Office.lnk
command: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
file: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Inicio (usuario), HotSync Manager.lnk
command: C:\Palm\HOTSYNC.EXE
file: C:\Palm\HOTSYNC.EXE
size: 299008
MD5: 47233f2abb77fb6f456202937f29211d
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 0:47:54
Date (last access): 03/01/2005 23:02:58
Date (last write): 15/05/2003 0:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 0.6.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\ARCHIV~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 1:03:00
Date (last access): 03/01/2005 23:14:00
Date (last write): 12/05/2004 1:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
Path: C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 1:03:46
Date (last access): 03/01/2005 23:02:58
Date (last write): 15/05/2003 1:03:46
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
Version: 255.255.255.255
--- ActiveX list ---
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 4:10:30
Date (last access): 03/01/2005 22:22:06
Date (last write): 27/08/2003 4:10:30
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 03/08/2004 13:59:06
Date (last access): 03/01/2005 22:22:06
Date (last write): 03/08/2004 13:59:06
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 0.5.0.4
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Archivos de programa\Java\j2re1.4.2_01\bin\
Long name: NPJPI142_01.dll
Short name: NPJPI1~1.DLL
Date (created): 19/08/2067 17:23:36
Date (last access): 03/01/2005 22:22:06
Date (last write): 19/08/2003 17:23:34
Filesize: 65642
Attributes: archive
MD5: 0B668A48CB4845F9D9D335D99C82504C
CRC32: B9AD4E66
Version: 0.1.0.4
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
Path: C:\Archivos de programa\Java\j2re1.4.2_01\bin\
Long name: NPJPI142_01.dll
Short name: NPJPI1~1.DLL
Date (created): 19/08/2067 17:23:36
Date (last access): 03/01/2005 22:22:06
Date (last write): 19/08/2003 17:23:34
Filesize: 65642
Attributes: archive
MD5: 0B668A48CB4845F9D9D335D99C82504C
CRC32: B9AD4E66
Version: 0.1.0.4
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 09/06/2004 15:59:26
Date (last access): 03/01/2005 22:21:46
Date (last write): 09/06/2004 15:59:26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 03/01/2005 23:14:16
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 348 (1852) C:\WINDOWS\system32\RUNDLL32.EXE
PID: 360 (1852) C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe
PID: 388 (1852) C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PID: 444 ( 936) C:\Archivos de programa\OO Software\CleverCache\OOCCSVC.exe
PID: 476 ( 4) \SystemRoot\System32\smss.exe
PID: 764 ( 936) kavsvc.exe
PID: 796 ( 936) C:\WINDOWS\System32\nvsvc32.exe
PID: 868 ( 476) csrss.exe
PID: 892 ( 476) \??\C:\WINDOWS\system32\winlogon.exe
PID: 936 ( 892) C:\WINDOWS\system32\services.exe
PID: 948 ( 892) C:\WINDOWS\system32\lsass.exe
PID: 1032 ( 892) C:\WINDOWS\explorer.exe
PID: 1100 ( 936) C:\WINDOWS\system32\svchost.exe
PID: 1164 ( 936) svchost.exe
PID: 1200 ( 936) C:\WINDOWS\system32\svchost.exe
PID: 1304 ( 936) C:\WINDOWS\System32\svchost.exe
PID: 1360 ( 936) svchost.exe
PID: 1400 ( 936) svchost.exe
PID: 1664 (1032) C:\Archivos de programa\Internet Explorer\iexplore.exe
PID: 1936 ( 936) C:\WINDOWS\system32\LEXBCES.EXE
PID: 1964 ( 936) C:\WINDOWS\system32\spoolsv.exe
PID: 2008 (1936) C:\WINDOWS\system32\LEXPPS.EXE
PID: 2296 ( 936) alg.exe
PID: 2772 (1852) C:\Archivos de programa\eMule\emule.exe
PID: 3576 (1032) C:\Archivos de programa\Internet Explorer\iexplore.exe
PID: 3868 (1032) C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 03/01/2005 23:14:16
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.es/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9208A9-2367-436C-9C03-C90DBF6436D8}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9208A9-2367-436C-9C03-C90DBF6436D8}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2772B15E-539B-45DA-AC27-758999F131CF}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2772B15E-539B-45DA-AC27-758999F131CF}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B1B885-65EC-4FC0-89A3-D843F3877812}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B1B885-65EC-4FC0-89A3-D843F3877812}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62D3D62A-87BE-4525-98E2-15AB76B22FC2}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62D3D62A-87BE-4525-98E2-15AB76B22FC2}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38C90D69-1149-48D1-9A9F-2E9C93AD0B46}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38C90D69-1149-48D1-9A9F-2E9C93AD0B46}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF6B2E1C-3D0B-4448-AD9A-45466D61AA12}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF6B2E1C-3D0B-4448-AD9A-45466D61AA12}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2059BA93-B3BB-44B2-9770-1A52C4028855}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2059BA93-B3BB-44B2-9770-1A52C4028855}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Espacio de nombre NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\Cookies.sbi
2004-12-15 Includes\Dialer.sbi
2004-12-16 Includes\Hijackers.sbi
2004-12-15 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-12-15 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2004-12-16 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2004-12-15 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Internet Explorer 6 / SP0: Revisión de Windows XP - KB834707
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Revisión de Windows XP - KB834707
/ Windows XP / SP3: Revisión de Windows XP - KB873339
/ Windows XP / SP3: Revisión de Windows XP - KB885835
/ Windows XP / SP3: Revisión de Windows XP - KB885836
/ Windows XP / SP3: Revisión de Windows XP - KB885884
/ Windows XP / SP3: Revisión de Windows XP - KB886185
--- Startup entries list ---
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 3175eb8ef1c6c38f440fcb2d1403b823
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: 3175eb8ef1c6c38f440fcb2d1403b823
Located: HK_LM:Run, NVMixerTray
command: "C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
file: C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe
size: 131072
MD5: 46ee79e42e5e056e91ea4eb07e7b807a
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 921600
MD5: fbbecaa0be1dfe02e91ece580af3e0c8
Located: HK_LM:Run, SpybotSnD
command: "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"
file: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
size: 3948032
MD5: 9d7660564cf9a8226dc8d44679f3a64b
Located: HK_LM:Run, TCASUTIEXE
command: TCAUDIAG.exe -off
file: C:\WINDOWS\system32\TCAUDIAG.exe
size: 1323008
MD5: 2554c50d1b238b32465467835bb3fd75
Located: HK_LM:Run, AWMON (DISABLED)
command: "C:\Archivos de programa\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 64e003a0eaad29cff972c7c67ac66b0c
Located: HK_LM:Run, UserFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 64e003a0eaad29cff972c7c67ac66b0c
Located: HK_CU:Run, MSMSGS
command: "C:\Archivos de programa\Messenger\msmsgs.exe" /background
file: C:\Archivos de programa\Messenger\msmsgs.exe
size: 1667584
MD5: 8a6df5f9eb43d48d647d65377181f2ab
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d
Located: Inicio (común), Acrobat Assistant.lnk
command: C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: Inicio (común), Adobe Gamma Loader.lnk
command: C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Inicio (común), BTTray.lnk
command: C:\Archivos de programa\Conceptronic\Bluetooth Software\BTTray.exe
file: C:\Archivos de programa\Conceptronic\Bluetooth Software\BTTray.exe
size: 360509
MD5: fe7c3a127a91b42adadfaaef317c459a
Located: Inicio (común), InterVideo WinCinema Manager.lnk
command: C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 151552
MD5: 385c0b6ec53b8d8781efef8e55b72e44
Located: Inicio (común), Microsoft Office.lnk
command: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
file: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Inicio (usuario), HotSync Manager.lnk
command: C:\Palm\HOTSYNC.EXE
file: C:\Palm\HOTSYNC.EXE
size: 299008
MD5: 47233f2abb77fb6f456202937f29211d
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
info source: TonyKlein
Path: C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 0:47:54
Date (last access): 03/01/2005 23:02:58
Date (last write): 15/05/2003 0:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 0.6.0.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\ARCHIV~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 1:03:00
Date (last access): 03/01/2005 23:14:00
Date (last write): 12/05/2004 1:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
Path: C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 1:03:46
Date (last access): 03/01/2005 23:02:58
Date (last write): 15/05/2003 1:03:46
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
Version: 255.255.255.255
--- ActiveX list ---
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 4:10:30
Date (last access): 03/01/2005 22:22:06
Date (last write): 27/08/2003 4:10:30
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 03/08/2004 13:59:06
Date (last access): 03/01/2005 22:22:06
Date (last write): 03/08/2004 13:59:06
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 0.5.0.4
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Archivos de programa\Java\j2re1.4.2_01\bin\
Long name: NPJPI142_01.dll
Short name: NPJPI1~1.DLL
Date (created): 19/08/2067 17:23:36
Date (last access): 03/01/2005 22:22:06
Date (last write): 19/08/2003 17:23:34
Filesize: 65642
Attributes: archive
MD5: 0B668A48CB4845F9D9D335D99C82504C
CRC32: B9AD4E66
Version: 0.1.0.4
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_01
Path: C:\Archivos de programa\Java\j2re1.4.2_01\bin\
Long name: NPJPI142_01.dll
Short name: NPJPI1~1.DLL
Date (created): 19/08/2067 17:23:36
Date (last access): 03/01/2005 22:22:06
Date (last write): 19/08/2003 17:23:34
Filesize: 65642
Attributes: archive
MD5: 0B668A48CB4845F9D9D335D99C82504C
CRC32: B9AD4E66
Version: 0.1.0.4
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 09/06/2004 15:59:26
Date (last access): 03/01/2005 22:21:46
Date (last write): 09/06/2004 15:59:26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 03/01/2005 23:14:16
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 348 (1852) C:\WINDOWS\system32\RUNDLL32.EXE
PID: 360 (1852) C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe
PID: 388 (1852) C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
PID: 444 ( 936) C:\Archivos de programa\OO Software\CleverCache\OOCCSVC.exe
PID: 476 ( 4) \SystemRoot\System32\smss.exe
PID: 764 ( 936) kavsvc.exe
PID: 796 ( 936) C:\WINDOWS\System32\nvsvc32.exe
PID: 868 ( 476) csrss.exe
PID: 892 ( 476) \??\C:\WINDOWS\system32\winlogon.exe
PID: 936 ( 892) C:\WINDOWS\system32\services.exe
PID: 948 ( 892) C:\WINDOWS\system32\lsass.exe
PID: 1032 ( 892) C:\WINDOWS\explorer.exe
PID: 1100 ( 936) C:\WINDOWS\system32\svchost.exe
PID: 1164 ( 936) svchost.exe
PID: 1200 ( 936) C:\WINDOWS\system32\svchost.exe
PID: 1304 ( 936) C:\WINDOWS\System32\svchost.exe
PID: 1360 ( 936) svchost.exe
PID: 1400 ( 936) svchost.exe
PID: 1664 (1032) C:\Archivos de programa\Internet Explorer\iexplore.exe
PID: 1936 ( 936) C:\WINDOWS\system32\LEXBCES.EXE
PID: 1964 ( 936) C:\WINDOWS\system32\spoolsv.exe
PID: 2008 (1936) C:\WINDOWS\system32\LEXPPS.EXE
PID: 2296 ( 936) alg.exe
PID: 2772 (1852) C:\Archivos de programa\eMule\emule.exe
PID: 3576 (1032) C:\Archivos de programa\Internet Explorer\iexplore.exe
PID: 3868 (1032) C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 03/01/2005 23:14:16
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9208A9-2367-436C-9C03-C90DBF6436D8}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9208A9-2367-436C-9C03-C90DBF6436D8}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2772B15E-539B-45DA-AC27-758999F131CF}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2772B15E-539B-45DA-AC27-758999F131CF}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B1B885-65EC-4FC0-89A3-D843F3877812}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B1B885-65EC-4FC0-89A3-D843F3877812}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62D3D62A-87BE-4525-98E2-15AB76B22FC2}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62D3D62A-87BE-4525-98E2-15AB76B22FC2}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38C90D69-1149-48D1-9A9F-2E9C93AD0B46}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38C90D69-1149-48D1-9A9F-2E9C93AD0B46}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF6B2E1C-3D0B-4448-AD9A-45466D61AA12}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF6B2E1C-3D0B-4448-AD9A-45466D61AA12}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2059BA93-B3BB-44B2-9770-1A52C4028855}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2059BA93-B3BB-44B2-9770-1A52C4028855}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Espacio de nombre NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Situación actual...
Creo que el problema está en los ficheros con terminación dumprep 0, no es el mismo log que te envié por mail, en este ya está eliminado el DSO exploit pero sigo con el problema de los accesos directos... no es un fallo de sistema porque he reinstalado el XP y el SP2 y sigue igual...
SALU2
SALU2
- msc hotline sat
- Mensajes: 93500
- Registrado: 09 Mar 2004, 20:39
- Ubicación: BARCELONA (ESPAÑA)
- Contactar:
El dumprep es un fichero de sistema de windows para poder obtener un volcado con el que ver el proceso lanzado, pero no tiene que ver con ningun virus conocido, mas que uno, creo que el Fogot, que crea copias de sí mismo con muchos nombres, incluido el de dumprep.exe
Para el examen del log de su HJT, muevo este Tema al apartado que ha creado nuestro ADMIN a tal efecto, para su estudio y correccion.
saludos
ms, 4-01-2005
Para el examen del log de su HJT, muevo este Tema al apartado que ha creado nuestro ADMIN a tal efecto, para su estudio y correccion.
saludos
ms, 4-01-2005
msc hotline sat Virus Research Engineer
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online
Antes de preguntar - Normas Basicas - Mensajes Privados - Repetir Temas - Continuar Temas - Titulos del Tema - Antivirus Online