que no tenemos ni idea de lo que se esconde dentro de un
ordenador.
esto es el log del servidor de mi empresa ,va lento ,se bloquea cada 50 segundos ,etc,etc
gracias por la ayuda y consejos que podais darme.
Logfile of HijackThis v1.99.1
Scan saved at 18:46:48, on 31/07/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wbem\HEALTH~1\dredger.exe
C:\WINNT\Explorer.EXE
C:\INSTALAR\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1\2007731131756_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1\2007731131758_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F11BFF96-CC7A-4482-819B-91EAE4C454EF} (NTR ActiveX 1.1.6) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ArcadiaTextil.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1A728AF-EE8E-4385-82F0-6CC02FE2DB87}: NameServer = 80.58.32.33,80.58.0.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1F4496-D82B-4E6F-AFEE-E1EFAB9CBB82}: NameServer = 80.58.32.33,80.58.0.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ArcadiaTextil.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ArcadiaTextil.local
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: default - Unknown owner - c:\archivos de programa\sapdb\indep_prog\web\pgm\sapdbxie.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Esker Log and SNMP Agent (ESKLGSNMP) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\EsLgSNMP.exe
O23 - Service: Esker Output Connector Manager (FGCONNCONT) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\ConnCont.exe
O23 - Service: Esker Event Scheduler (FGEVENT) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\eventsch.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Esker Asynchronous Task Processor (INCJOBSCHED) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\Incominglnk.exe
O23 - Service: NTRsupport Installable RC (installablerc) - Net Transmit & Receive - C:\Archivos de programa\NTRsupport Installable RC\installablerc.exe
O23 - Service: Esker Input Connector Manager (MailGate) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\mailgate.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - C:\Archivos de programa\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: SAPDB: .CARCHIV (SAP DBTech-.CARCHIV) - SAP AG - C:\ARCHIVOS DE PROGRAMA\SAPDB\DEPEND\pgm\kernel.exe
O23 - Service: SAPDB: EDP350 (SAP DBTech-EDP350) - SAP AG - C:\ARCHIVOS DE PROGRAMA\SAPDB\DEPEND\pgm\kernel.exe
O23 - Service: SAP DB WWW (SAPDBWWW) - Unknown owner - c:\archivos de programa\sapdb\indep_prog\web\pgm\wahttp.exe
O23 - Service: Esker LDAP Server (SLAPDFG) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\Ldapsrv\slapdNT.exe
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - Service: XServer - SAP AG - c:\archivos de programa\sapdb\indep_prog\pgm\serv.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:23:02, on 31/07/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\Compaq\vcagent\vcagent.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\NTRsupport Installable RC\installablerc.exe
C:\WINNT\System32\llssrv.exe
C:\ARCHIV~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Archivos de programa\OLAP Services\Bin\msmdsrv.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\ARCHIVOS DE PROGRAMA\SAPDB\DEPEND\pgm\kernel.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
c:\archivos de programa\sapdb\indep_prog\pgm\serv.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
C:\Archivos de programa\Exchsrvr\bin\exmgmt.exe
C:\Archivos de programa\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\ARCHIV~1\MICROS~4\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\Archivos de programa\Microsoft ISA Server\mspadmin.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\Archivos de programa\Microsoft ISA Server\wspsrv.exe
C:\Archivos de programa\Microsoft ISA Server\w3proxy.exe
C:\Archivos de programa\Microsoft ISA Server\W3Prefch.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\TCAUDIAG.exe
C:\WINNT\system32\internat.exe
C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\3com\Connection Assistant\bin\mpbtn.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\mdm.exe
C:\INSTALAR\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1\2007731131756_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1\2007731131758_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: 3Com Connection Assistant.lnk = C:\Program Files\3com\Connection Assistant\bin\matcli.exe
O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F11BFF96-CC7A-4482-819B-91EAE4C454EF} (NTR ActiveX 1.1.6) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ArcadiaTextil.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1A728AF-EE8E-4385-82F0-6CC02FE2DB87}: NameServer = 80.58.32.33,80.58.0.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1F4496-D82B-4E6F-AFEE-E1EFAB9CBB82}: NameServer = 80.58.32.33,80.58.0.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ArcadiaTextil.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ArcadiaTextil.local
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: default - Unknown owner - c:\archivos de programa\sapdb\indep_prog\web\pgm\sapdbxie.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Esker Log and SNMP Agent (ESKLGSNMP) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\EsLgSNMP.exe
O23 - Service: Esker Output Connector Manager (FGCONNCONT) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\ConnCont.exe
O23 - Service: Esker Event Scheduler (FGEVENT) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\eventsch.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Esker Asynchronous Task Processor (INCJOBSCHED) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\Incominglnk.exe
O23 - Service: NTRsupport Installable RC (installablerc) - Net Transmit & Receive - C:\Archivos de programa\NTRsupport Installable RC\installablerc.exe
O23 - Service: Esker Input Connector Manager (MailGate) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\mailgate.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - C:\Archivos de programa\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: SAPDB: .CARCHIV (SAP DBTech-.CARCHIV) - SAP AG - C:\ARCHIVOS DE PROGRAMA\SAPDB\DEPEND\pgm\kernel.exe
O23 - Service: SAPDB: EDP350 (SAP DBTech-EDP350) - SAP AG - C:\ARCHIVOS DE PROGRAMA\SAPDB\DEPEND\pgm\kernel.exe
O23 - Service: SAP DB WWW (SAPDBWWW) - Unknown owner - c:\archivos de programa\sapdb\indep_prog\web\pgm\wahttp.exe
O23 - Service: Esker LDAP Server (SLAPDFG) - Esker S.A. - C:\Archivos de programa\Esker Platform\Program\Apps\Ldapsrv\slapdNT.exe
O23 - Service: Surveyor - Hewlett-Packard Development Group, L.P. - C:\compaq\survey\Surveyor.EXE
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - Service: XServer - SAP AG - c:\archivos de programa\sapdb\indep_prog\pgm\serv.exe