Ayuda !!! ... (problema svchost.exe creo)

Responder
TVayer
Mensajes: 15
Registrado: 22 Dic 2004, 21:58

Por favor....

Mensaje por TVayer » 03 Ene 2005, 19:27

Una ayudita, por caridad... el tema no está cerrado !!!

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Mensaje por msc hotline sat » 03 Ene 2005, 19:34

Al parecer has enviado un log a Satinfo, en lugar del fichero por haberlo borrado,



Evidentemente te habrán pedido fichero a investigar, pues sin ello no se puede replicar colocandolo en otro ordenador y monitorizando el proceso.



Si ya no tiene el fichero, postea aquí el log en cuestion para su estudio y te ayudaremos. El envio a zonavirus@satinfo.es es exclusivo para muestras víricas, pues los logs los podemos ver en el foro.



Copia y pegalo en tu proximo post y veremos si nos da alguna pista.



saludos



ms, 3-01-2005

TVayer
Mensajes: 15
Registrado: 22 Dic 2004, 21:58

Mensaje por TVayer » 03 Ene 2005, 23:14

--- Search result list ---



--- Spybot - Search && Destroy version: 1.3 ---

2004-11-29 Includes\Cookies.sbi

2004-12-15 Includes\Dialer.sbi

2004-12-16 Includes\Hijackers.sbi

2004-12-15 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-12-15 Includes\Malware.sbi

2004-11-29 Includes\Revision.sbi

2004-11-29 Includes\Security.sbi

2004-12-16 Includes\Spybots.sbi

2004-11-29 Includes\Tracks.uti

2004-12-15 Includes\Trojans.sbi





--- System information ---

Windows XP (Build: 2600) Service Pack 2

/ Internet Explorer 6 / SP0: Revisión de Windows XP - KB834707

/ Windows XP / SP2: Windows XP Service Pack 2

/ Windows XP / SP3: Revisión de Windows XP - KB834707

/ Windows XP / SP3: Revisión de Windows XP - KB873339

/ Windows XP / SP3: Revisión de Windows XP - KB885835

/ Windows XP / SP3: Revisión de Windows XP - KB885836

/ Windows XP / SP3: Revisión de Windows XP - KB885884

/ Windows XP / SP3: Revisión de Windows XP - KB886185





--- Startup entries list ---

Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 33280

MD5: 3175eb8ef1c6c38f440fcb2d1403b823



Located: HK_LM:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

file: C:\WINDOWS\system32\RUNDLL32.EXE

size: 33280

MD5: 3175eb8ef1c6c38f440fcb2d1403b823



Located: HK_LM:Run, NVMixerTray

command: "C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

file: C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe

size: 131072

MD5: 46ee79e42e5e056e91ea4eb07e7b807a



Located: HK_LM:Run, nwiz

command: nwiz.exe /install

file: C:\WINDOWS\system32\nwiz.exe

size: 921600

MD5: fbbecaa0be1dfe02e91ece580af3e0c8



Located: HK_LM:Run, SpybotSnD

command: "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"

file: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe

size: 3948032

MD5: 9d7660564cf9a8226dc8d44679f3a64b



Located: HK_LM:Run, TCASUTIEXE

command: TCAUDIAG.exe -off

file: C:\WINDOWS\system32\TCAUDIAG.exe

size: 1323008

MD5: 2554c50d1b238b32465467835bb3fd75



Located: HK_LM:Run, AWMON (DISABLED)

command: "C:\Archivos de programa\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"



Located: HK_LM:Run, KernelFaultCheck (DISABLED)

command: %systemroot%\system32\dumprep 0 -k

file: C:\WINDOWS\system32\dumprep.exe

size: 10752

MD5: 64e003a0eaad29cff972c7c67ac66b0c



Located: HK_LM:Run, UserFaultCheck (DISABLED)

command: %systemroot%\system32\dumprep 0 -u

file: C:\WINDOWS\system32\dumprep.exe

size: 10752

MD5: 64e003a0eaad29cff972c7c67ac66b0c



Located: HK_CU:Run, MSMSGS

command: "C:\Archivos de programa\Messenger\msmsgs.exe" /background

file: C:\Archivos de programa\Messenger\msmsgs.exe

size: 1667584

MD5: 8a6df5f9eb43d48d647d65377181f2ab



Located: HK_CU:Run, SpybotSD TeaTimer

command: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

size: 1038336

MD5: 58f7e6434d285f4c98ad3621e0bd8c8d



Located: Inicio (común), Acrobat Assistant.lnk

command: C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe

file: C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe

size: 217193

MD5: 78bfe3201ada2fe02d1e35d2488e5f55



Located: Inicio (común), Adobe Gamma Loader.lnk

command: C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe

file: C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe

size: 113664

MD5: c2ff17734176cd15221c10044ef0ba1a



Located: Inicio (común), BTTray.lnk

command: C:\Archivos de programa\Conceptronic\Bluetooth Software\BTTray.exe

file: C:\Archivos de programa\Conceptronic\Bluetooth Software\BTTray.exe

size: 360509

MD5: fe7c3a127a91b42adadfaaef317c459a



Located: Inicio (común), InterVideo WinCinema Manager.lnk

command: C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe

file: C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe

size: 151552

MD5: 385c0b6ec53b8d8781efef8e55b72e44



Located: Inicio (común), Microsoft Office.lnk

command: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

file: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

size: 83360

MD5: 5bc65464354a9fd3beaa28e18839734a



Located: Inicio (usuario), HotSync Manager.lnk

command: C:\Palm\HOTSYNC.EXE

file: C:\Palm\HOTSYNC.EXE

size: 299008

MD5: 47233f2abb77fb6f456202937f29211d







--- Browser helper object list ---

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)

BHO name:

CLSID name: AcroIEHlprObj Class

description: Adobe Acrobat reader

classification: Legitimate

known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\

Long name: AcroIEHelper.dll

Short name: ACROIE~1.DLL

Date (created): 15/05/2003 0:47:54

Date (last access): 03/01/2005 23:02:58

Date (last write): 15/05/2003 0:47:54

Filesize: 50376

Attributes: archive

MD5: 0C0E1B2BCAED8DF401BE94D538BCB412

CRC32: 1D771322

Version: 0.6.0.0



{53707962-6F74-2D53-2644-206D7942484F} ()

BHO name:

CLSID name:

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\ARCHIV~1\SPYBOT~1\

Long name: SDHelper.dll

Short name:

Date (created): 12/05/2004 1:03:00

Date (last access): 03/01/2005 23:14:00

Date (last write): 12/05/2004 1:03:00

Filesize: 744960

Attributes: archive

MD5: ABF5BA518C6A5ED104496FF42D19AD88

CRC32: 5587736E

Version: 0.1.0.3



{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)

BHO name:

CLSID name: AcroIEToolbarHelper Class

Path: C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\

Long name: AcroIEFavClient.dll

Short name: ACROIE~1.DLL

Date (created): 15/05/2003 1:03:46

Date (last access): 03/01/2005 23:02:58

Date (last write): 15/05/2003 1:03:46

Filesize: 147456

Attributes: archive

MD5: 44BCFF08947790E74BD7CC7532D2B793

CRC32: 0C91890B

Version: 255.255.255.255







--- ActiveX list ---

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)

DPF name:

CLSID name: Office Update Installation Engine

Path: C:\WINDOWS\

Long name: opuc.dll

Short name:

Date (created): 27/08/2003 4:10:30

Date (last access): 03/01/2005 22:22:06

Date (last write): 27/08/2003 4:10:30

Filesize: 314368

Attributes: archive

MD5: 1E32EC4A8A17B19926B49EA5F6B79A76

CRC32: E98FC293

Version: 0.11.0.0



{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

DPF name:

CLSID name: WUWebControl Class

Path: C:\WINDOWS\System32\

Long name: wuweb.dll

Short name:

Date (created): 03/08/2004 13:59:06

Date (last access): 03/01/2005 22:22:06

Date (last write): 03/08/2004 13:59:06

Filesize: 120288

Attributes: archive

MD5: 0CD6248038C70B4C688DBD315D90A97A

CRC32: 0EF7DE01

Version: 0.5.0.4



{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)

DPF name: Java Runtime Environment 1.4.2

CLSID name: Java Plug-in 1.4.2_01

description: Sun Java

classification: Legitimate

known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll

info link:

info source: Patrick M. Kolla

Path: C:\Archivos de programa\Java\j2re1.4.2_01\bin\

Long name: NPJPI142_01.dll

Short name: NPJPI1~1.DLL

Date (created): 19/08/2067 17:23:36

Date (last access): 03/01/2005 22:22:06

Date (last write): 19/08/2003 17:23:34

Filesize: 65642

Attributes: archive

MD5: 0B668A48CB4845F9D9D335D99C82504C

CRC32: B9AD4E66

Version: 0.1.0.4



{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)

DPF name: Java Runtime Environment 1.4.2

CLSID name: Java Plug-in 1.4.2_01

Path: C:\Archivos de programa\Java\j2re1.4.2_01\bin\

Long name: NPJPI142_01.dll

Short name: NPJPI1~1.DLL

Date (created): 19/08/2067 17:23:36

Date (last access): 03/01/2005 22:22:06

Date (last write): 19/08/2003 17:23:34

Filesize: 65642

Attributes: archive

MD5: 0B668A48CB4845F9D9D335D99C82504C

CRC32: B9AD4E66

Version: 0.1.0.4



{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)

DPF name:

CLSID name: Shockwave Flash Object

description: Macromedia Shockwave Flash Player

classification: Legitimate

known filename:

info link:

info source: Patrick M. Kolla

Path: C:\WINDOWS\System32\macromed\flash\

Long name: Flash.ocx

Short name:

Date (created): 09/06/2004 15:59:26

Date (last access): 03/01/2005 22:21:46

Date (last write): 09/06/2004 15:59:26

Filesize: 939224

Attributes: archive

MD5: FC3E17E12C2E31FAC34B416B3DAB829F

CRC32: D1CF3A57

Version: 0.7.0.0







--- Process list ---

Spybot - Search && Destroy process list report, 03/01/2005 23:14:16



PID: 0 ( 0) [System]

PID: 4 ( 0) System

PID: 348 (1852) C:\WINDOWS\system32\RUNDLL32.EXE

PID: 360 (1852) C:\Archivos de programa\NVIDIA Corporation\NvMixer\NVMixerTray.exe

PID: 388 (1852) C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

PID: 444 ( 936) C:\Archivos de programa\OO Software\CleverCache\OOCCSVC.exe

PID: 476 ( 4) \SystemRoot\System32\smss.exe

PID: 764 ( 936) kavsvc.exe

PID: 796 ( 936) C:\WINDOWS\System32\nvsvc32.exe

PID: 868 ( 476) csrss.exe

PID: 892 ( 476) \??\C:\WINDOWS\system32\winlogon.exe

PID: 936 ( 892) C:\WINDOWS\system32\services.exe

PID: 948 ( 892) C:\WINDOWS\system32\lsass.exe

PID: 1032 ( 892) C:\WINDOWS\explorer.exe

PID: 1100 ( 936) C:\WINDOWS\system32\svchost.exe

PID: 1164 ( 936) svchost.exe

PID: 1200 ( 936) C:\WINDOWS\system32\svchost.exe

PID: 1304 ( 936) C:\WINDOWS\System32\svchost.exe

PID: 1360 ( 936) svchost.exe

PID: 1400 ( 936) svchost.exe

PID: 1664 (1032) C:\Archivos de programa\Internet Explorer\iexplore.exe

PID: 1936 ( 936) C:\WINDOWS\system32\LEXBCES.EXE

PID: 1964 ( 936) C:\WINDOWS\system32\spoolsv.exe

PID: 2008 (1936) C:\WINDOWS\system32\LEXPPS.EXE

PID: 2296 ( 936) alg.exe

PID: 2772 (1852) C:\Archivos de programa\eMule\emule.exe

PID: 3576 (1032) C:\Archivos de programa\Internet Explorer\iexplore.exe

PID: 3868 (1032) C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe





--- Browser start & search pages list ---

Spybot - Search && Destroy browser pages report, 03/01/2005 23:14:16



HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.google.es/

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.microsoft.com/en/us/default.aspxisapi/redir.dll?prd=ie&ar=iesearch

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm





--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]



Protocol 1: MSAFD Tcpip [UDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]



Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]



Protocol 3: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider



Protocol 4: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider



Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9208A9-2367-436C-9C03-C90DBF6436D8}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9208A9-2367-436C-9C03-C90DBF6436D8}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2772B15E-539B-45DA-AC27-758999F131CF}] SEQPACKET 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2772B15E-539B-45DA-AC27-758999F131CF}] DATAGRAM 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B1B885-65EC-4FC0-89A3-D843F3877812}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F2B1B885-65EC-4FC0-89A3-D843F3877812}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62D3D62A-87BE-4525-98E2-15AB76B22FC2}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62D3D62A-87BE-4525-98E2-15AB76B22FC2}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38C90D69-1149-48D1-9A9F-2E9C93AD0B46}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{38C90D69-1149-48D1-9A9F-2E9C93AD0B46}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF6B2E1C-3D0B-4448-AD9A-45466D61AA12}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF6B2E1C-3D0B-4448-AD9A-45466D61AA12}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2059BA93-B3BB-44B2-9770-1A52C4028855}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2059BA93-B3BB-44B2-9770-1A52C4028855}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *



Namespace Provider 0: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP



Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS



Namespace Provider 2: Espacio de nombre NLA (Network Location Awareness)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

TVayer
Mensajes: 15
Registrado: 22 Dic 2004, 21:58

Situación actual...

Mensaje por TVayer » 03 Ene 2005, 23:17

Creo que el problema está en los ficheros con terminación dumprep 0, no es el mismo log que te envié por mail, en este ya está eliminado el DSO exploit pero sigo con el problema de los accesos directos... no es un fallo de sistema porque he reinstalado el XP y el SP2 y sigue igual...





SALU2

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Mensaje por msc hotline sat » 04 Ene 2005, 15:34

El dumprep es un fichero de sistema de windows para poder obtener un volcado con el que ver el proceso lanzado, pero no tiene que ver con ningun virus conocido, mas que uno, creo que el Fogot, que crea copias de sí mismo con muchos nombres, incluido el de dumprep.exe



Para el examen del log de su HJT, muevo este Tema al apartado que ha creado nuestro ADMIN a tal efecto, para su estudio y correccion.



saludos



ms, 4-01-2005

Responder

Volver a “Foro HijackThis - copia y pega tu log”