idam
-
Compteur de contenus
10 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par idam
-
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Si tienes más preguntas, el abr está abierto (pero sin pescado frito). Es lo que me dijiste en el post que hablabas del comodo y el PSI pero no se a que te referias. El PSI no entiendo su funcionamiento, instalo la ultima version del adobe reader y aun asi me sigue diciendo que hay otra version y si lo vuelvo a hacer lo mismo, es un circulo vicioso @_@ -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Al final he desinstalado el ad-ware 7 y spybot, me he instalado la version registrada del MBAM por tanto estoy: con el Nod32 de antivirus, Comodo de firewall, PSI secure de..(ni idea de que hace exactamente) y MBAM de spyware o lo que haga que tampoco me aclaro mucho xD. Ahora dos preguntas a ver si me puedes responder: ¿Ques es el "abr"? que me he quedado con las ganas de saberlo, y si nod32 es un buen antivirus, cual es el mejor antivirus?? Saludos! -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Como no se lo k es el abr vuelvo a responder aki, e instalado el firewall pero se me colgo el pc al decirle k me resetara, lo apague y encendi manualmente y parece k va bien. Si el spybot y el adware se hacen viejos no deberia desinstalarlos y poner la version de proteccion avtiva del Malware? En cuanto el COMODO solo instale firewall sin leak protection k no sabia lo k era. Dejo hijackthis o lo desinstalo? El PSI va muy bien no conocia un programa asi, muy util. Gracias por la ayuda y sorry por seguir molestando por aki >.<. -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Wee k esto ya llega a su fin Logfile: ------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:47:56, on 10/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rsvp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1220885108671 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- End of file - 6069 bytes ------------------------------------- A mi el ordenador ya me tira sin problemas, supongo k no habra nada asi k a ver k ves. Saludos. -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Pues parece que la limpieza va por muy bien camino teniendo a los peces gordos fritos, me pregunto si seran comestibles xD Ahi va el logfile del combofox: ----------------------------------------------- ComboFix 08-09-05.14 - Ivan 2008-09-10 21:46:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1546 [GMT 2:00] Running from: C:\Documents and Settings\Ivan\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))) . 2008-09-10 15:01 . 2008-09-10 15:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-10 15:01 . 2008-09-10 15:01 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Malwarebytes 2008-09-10 15:01 . 2008-09-10 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-10 15:01 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-10 15:01 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-10 12:18 . 2008-09-10 12:18 <DIR> d-------- C:\rsit 2008-09-10 01:49 . 2008-09-10 01:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-10 01:01 . 2008-09-10 01:01 13,071,998 --a------ C:\upload_moi_SHIKISO.tar.gz 2008-09-09 23:47 . 2008-09-09 23:47 <DIR> d-------- C:\WINDOWS\Sun 2008-09-09 23:43 . 2008-09-09 23:43 <DIR> d-------- C:\Program Files\NOS 2008-09-09 23:43 . 2008-09-09 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-09 22:47 . 2008-09-09 22:47 <DIR> d-------- C:\Program Files\Panda Security 2008-09-09 22:28 . 2008-09-09 22:28 0 --a------ C:\WINDOWS\nsreg.dat 2008-09-09 18:04 . 2008-09-09 18:04 <DIR> d-------- C:\Program Files\DivX 2008-09-09 15:56 . 2008-09-09 15:56 50 --a------ C:\WINDOWS\MegaManager.INI 2008-09-09 15:40 . 2008-09-09 15:40 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\EmailNotifier 2008-09-09 15:40 . 2008-09-09 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload 2008-09-09 15:40 . 2008-09-09 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier 2008-09-09 11:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-09 11:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-09 00:38 . 2008-09-09 00:38 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\vlc 2008-09-08 23:35 . 2008-09-08 23:35 <DIR> d-------- C:\Program Files\VideoLAN 2008-09-08 22:30 . 2006-05-12 01:29 <DIR> d-a------ C:\WINDOWS\system32\VGA5 2008-09-08 22:30 . 2008-09-08 22:30 <DIR> d-a------ C:\WINDOWS\system32\VGA0 2008-09-08 22:30 . 2006-04-06 11:25 <DIR> d-a------ C:\WINDOWS\system32\MUIOOBE 2008-09-08 22:30 . 2008-09-08 22:30 <DIR> d-a------ C:\WINDOWS\system32\GUIDE 2008-09-08 22:30 . 2005-10-14 17:10 1,114,674 --a------ C:\WINDOWS\system32\drivers\ativcaxx.cpa 2008-09-08 22:30 . 2005-10-20 20:05 282,240 --a------ C:\WINDOWS\system32\drivers\rtl8185.sys 2008-09-08 22:30 . 2005-10-14 17:10 58,560 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp 2008-09-08 22:30 . 2006-01-25 06:01 26,928 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp 2008-09-08 22:30 . 2005-10-14 17:10 929 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp 2008-09-08 20:26 . 2008-09-08 20:26 <DIR> d-------- C:\WINDOWS\Logs 2008-09-08 18:47 . 2008-09-08 18:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-08 18:47 . 2008-09-08 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-08 17:58 . 2008-09-10 16:37 <DIR> d-------- C:\Downloads 2008-09-08 16:46 . 2008-09-08 16:46 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-08 16:46 . 2008-09-08 18:24 <DIR> d-------- C:\Documents and Settings\Ivan\Contacts 2008-09-08 16:45 . 2008-09-08 16:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-09-08 16:45 . 2008-09-10 16:42 <DIR> d-------- C:\Program Files\FlashGet 2008-09-08 16:43 . 2008-09-09 15:39 <DIR> d-------- C:\Program Files\Windows Live 2008-09-08 16:43 . 2008-09-08 16:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-08 16:42 . 2008-09-08 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-08 16:29 . 2008-09-08 16:29 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\CyberLink 2008-09-08 16:29 . 2008-09-08 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-08 16:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-08 16:20 . 2008-09-08 16:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-08 16:20 . 2008-09-08 16:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-08 16:20 . 2008-09-08 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-08 16:13 . 2008-09-08 16:13 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-08 16:13 . 2008-09-08 16:13 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-08 16:13 . 2008-09-08 16:13 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-08 16:13 . 2008-09-08 16:13 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-08 16:10 . 2008-09-08 16:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-08 16:01 . 2008-04-14 02:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2008-09-08 15:46 . 2008-09-08 15:46 <DIR> d--hs---- C:\Documents and Settings\Ivan\UserData 2008-09-08 15:29 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-09-08 15:29 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-09-08 15:28 . 2008-09-08 15:28 <DIR> d-------- C:\Program Files\ESET 2008-09-08 15:28 . 2008-09-08 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-09-08 15:17 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-08 15:13 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-09-08 15:13 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-08 15:13 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-09-08 15:10 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-09-08 15:10 . 2008-06-20 19:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-09-08 15:10 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-09-08 15:10 . 2008-06-20 19:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-09-08 15:10 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-09-08 14:42 . 2008-09-10 21:50 0 --a------ C:\WINDOWS\system32\eRLog.ini 2008-09-08 14:38 . 2008-09-08 14:38 <DIR> d-------- C:\WINDOWS\system32\Hauppauge 2008-09-08 14:38 . 2008-09-08 14:38 <DIR> d-------- C:\Program Files\WinTV 2008-09-08 14:38 . 2008-09-08 14:38 1,942 --a------ C:\WINDOWS\HCWPNP.INI 2008-09-08 14:36 . 2008-09-08 15:09 <DIR> d-------- C:\Documents and Settings\Ivan\Application Data\Symantec 2008-09-08 14:36 . 2008-09-08 16:46 <DIR> d-------- C:\Documents and Settings\Ivan 2008-09-08 14:35 . 2005-11-02 01:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2008-08-11 21:11 . 2008-08-11 21:11 241,704 --------- C:\WINDOWS\system32\dllcache\wgaLogon.dll 2008-08-11 21:10 . 2008-08-11 21:10 917,032 --------- C:\WINDOWS\system32\dllcache\WgaTray.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-09 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-08 20:27 --------- d-----w C:\Program Files\Wireless 802.11g USB Adapter 2008-09-08 20:27 --------- d-----w C:\Program Files\Windows XP MUI Pack 2008-09-08 20:26 --------- d-----w C:\Program Files\Windows Plus 2008-09-08 20:26 --------- d-----w C:\Program Files\Realtek 2008-09-08 20:26 --------- d-----w C:\Program Files\NewTech Infosystems 2008-09-08 20:26 --------- d-----w C:\Program Files\microsoft frontpage 2008-09-08 20:26 --------- d-----w C:\Program Files\GemMaster 2008-09-08 20:26 --------- d-----w C:\Program Files\EnglishOtto 2008-09-08 20:26 --------- d-----w C:\Program Files\CyberLink 2008-09-08 20:26 --------- d-----w C:\Program Files\Common Files\NewTech Infosystems 2008-09-08 20:26 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-09-08 20:26 --------- d-----w C:\Program Files\Common Files\Java 2008-09-08 20:26 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-08 20:26 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-08 14:25 --------- d-----w C:\Program Files\Java 2008-09-08 13:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-08 13:18 --------- d-----w C:\Program Files\Symantec 2008-09-08 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 76544] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800] R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2005-05-31 11970] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2005-05-31 130112] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2005-05-31 296259] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-05-31 137793] R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-05-31 611444] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-05-31 27984] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-10 3584] S4 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752] . - - - - ORPHANS REMOVED - - - - Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\fwl5mkdz.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.es/ FF -: plugin - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\fwl5mkdz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 21:49:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe . ************************************************************************** . Completion time: 2008-09-10 21:51:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-10 19:51:12 Pre-Run: 106,194,071,552 bytes free Post-Run: 106,318,827,520 bytes libres 207 --- E O F --- 2008-09-10 09:37:59 ---------------------------------------------------------- Mientras hacia el analisis Nod32 salto y puso en cuarentena este archivo: Object name: C:\DOCUME~1\Ivan\LOCALS~1\Temp\Av-test.txt Size: 72 Reason: Eicar test file. Hasta ahi toda la info a ver k mas le pasa a mi pc. Saludos. -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Malwarebytes' Anti-Malware 1.28 Versión de la Base de Datos: 1136 Windows 5.1.2600 Service Pack 3 10/09/2008 15:06:20 mbam-log-2008-09-10 (15-06-20).txt Tipo de examen : Examen Rápido Objetos examinados: 48454 Tiempo transcurrido: 3 minute(s), 20 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 3 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 2 Carpetas Infectadas: 0 Ficheros Infectados: 8 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully. Valores del Registro Infectados: (No se han detectado elementos maliciosos) El primero: -------------------------------------------- Elementos de Datos del Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully. Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. ----------------------------- El segundo: ---------------------------- Malwarebytes' Anti-Malware 1.28 Versión de la Base de Datos: 1136 Windows 5.1.2600 Service Pack 3 10/09/2008 15:27:56 mbam-log-2008-09-10 (15-27-56).txt Tipo de examen : Examen Completo (C:\|D:\|) Objetos examinados: 95760 Tiempo transcurrido: 17 minute(s), 13 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 4 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: C:\WINDOWS\system32\tdsspopup.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdsspopup1.url (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdsspopup2.url (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdsspopup3.url (Malware.Trace) -> Quarantined and deleted successfully. -------------------------- Me asusta eso que dices del pez gordo espero que no sea grave.. Ahora tengo que salir, cuando vuelva leere tu respuesta a ver que novedades me traes xP. Saludos. -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Pues ya esta el problema solucionado segun parece, ya no me redireccionana a webs de anuncios ni se me paran muchas paginas al intentar cargarlas. He hecho el examen completo 3 veces ya k en 2 me ha descubierto ficheros infectados, en el ultimo no ha encontrado nada: ---------------------------------- Malwarebytes' Anti-Malware 1.28 Versión de la Base de Datos: 1136 Windows 5.1.2600 Service Pack 3 10/09/2008 15:49:24 mbam-log-2008-09-10 (15-49-24).txt Tipo de examen : Examen Completo (C:\|D:\|) Objetos examinados: 95921 Tiempo transcurrido: 18 minute(s), 36 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) -------------------------------------------------------------- He intentado instalar el RSIT pero se vuelve a colgar en el mismo sitio no se cual sera la causa de eso, si crees k puede ser alguna otra infeccion k provoke eso. Ahora kiero saber k necesito para no vovler a tener otra infeccion ya k teniendo nod32, spybot y ad watch 7 no se k mas necesito para no tener infecciones. Creo k intentare conseguir la version pr0 del malware ya k tendra proteccion a tiempo real, a ver k me puedes aconsejar. Muchas gracias por la ayuda, te lo agradezco mucho ^^. -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
He podido descargar desde ese link pero ahora esta tardando mucho en instalarse, exactamente se ha quedado en esta parte del proceso: Debajo de la "n" y lleva ya un buen rato así, la primera vez he finalizado tarea, ahora lo he dejado instalarse o sea lo que sea que este haciendo pero no avanza de esa parte. A ver si son cosas mias o el programa realmente va tan lento. EDIT: Al final el programa ha tirado un error y se ha cerrado solo. No se si sera cosa del virus o algun problema de hardware al final >.<. -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a répondu à un(e) sujet de idam dans Analyses et éradication malwares
Pues mi primera lengua es la española asi que realmente me ira mejor asi xD. El problema esta en que no puedo descargar "random's system information tool", he probado tu link, me lleva a la pantalla de error del mozilla en la que dice que se recargo la pagina, he buscado por google links para poder escargarlo y lo mismo, la mayoria de links encima me redireccionan a un tal clearask.com que me redirecciona a una web de anuncios. He intentado pues buscar una version para torrent que con eso no tengo problema pero no he encontrado ademas de que me salian pagina que no venian a cuento en aleman . Me has mencionado al "HijackThis", lo usé y subí el logfile a la web donde me salieron 3 objetos que no eran seguros, lso borre y me salio system error pero segun parece el pc aun me va bien. Hay un objeto que por mucho que lo borre sigue apareciendo, y es una toolbar que proviene del IE que ya habia borrado porque no podia ni descargar de megaupload en el. Por si a caso pongo el logfile del HijackThis: ----------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:56, on 10/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1220885108671 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- End of file - 6005 bytes ----------------------------------------- O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) , este es el archivo que por muchas veces que borre siempre vuelve. A ver si podeis ayudar y gracias -
idam's HJT log - redirection - no FTP Access [Solucionado]
idam a posté un sujet dans Analyses et éradication malwares
Sorry but i don't speak french but i have the same problem as the person of the first post. I did what i understood in the response of the first post and here is the result: ------------------------------------------------------------------------------------------- DiagHelp version v1.4 - http://www.malekal.com excute le 10/09/2008 à 0:58:38,42 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->10/09/2008 0:57:27 C:\WINDOWS\prefetch\MSPAINT.EXE-146E0237.pf -->10/09/2008 0:48:44 C:\WINDOWS\prefetch\REG.EXE-07FA5B3F.pf -->10/09/2008 0:42:17 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->10/09/2008 0:41:59 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->10/09/2008 0:41:56 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->10/09/2008 0:38:52 C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->10/09/2008 0:10:55 C:\WINDOWS\prefetch\VLC.EXE-02F29DFD.pf -->09/09/2008 23:57:44 C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->09/09/2008 23:52:14 C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf -->09/09/2008 23:49:42 C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12 C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 13:40:08 C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 13:08:27 C:\WINDOWS\System32\drivers\bthport.sys -->13/06/2008 13:05:51 C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 16:02:52 C:\WINDOWS\System32\drivers\rdpwd.sys -->14/04/2008 2:13:22 C:\WINDOWS\System32\drivers\tdtcp.sys -->14/04/2008 2:13:21 C:\WINDOWS\System32\wpa.dbl -->09/09/2008 23:41:10 C:\WINDOWS\System32\eRLog.ini -->09/09/2008 23:41:09 C:\WINDOWS\System32\PerfStringBackup.INI -->09/09/2008 22:44:24 C:\WINDOWS\System32\perfh009.dat -->09/09/2008 22:44:24 C:\WINDOWS\System32\perfc009.dat -->09/09/2008 22:44:24 C:\WINDOWS\System32\FNTCACHE.DAT -->08/09/2008 16:39:19 C:\WINDOWS\System32\TZLog.log -->08/09/2008 16:34:28 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->08/09/2008 16:25:40 C:\WINDOWS\System32\spupdwxp.log -->08/09/2008 16:21:02 C:\WINDOWS\System32\$winnt$.inf -->08/09/2008 14:35:44 C:\WINDOWS\System32\WgaLogon.dll -->11/08/2008 21:11:06 C:\WINDOWS\System32\LegitCheckControl.dll -->11/08/2008 21:10:32 C:\WINDOWS\System32\WgaTray.exe -->11/08/2008 21:10:20 C:\WINDOWS\System32\MRT.exe -->05/08/2008 11:11:02 C:\WINDOWS\System32\xactengine3_2.dll -->31/07/2008 10:41:54 C:\WINDOWS\System32\XAPOFX1_1.dll -->31/07/2008 10:41:52 C:\WINDOWS\System32\XAudio2_2.dll -->31/07/2008 10:40:32 C:\WINDOWS\System32\ssldivx.dll -->23/07/2008 18:48:40 C:\WINDOWS\System32\libdivx.dll -->23/07/2008 18:48:40 C:\WINDOWS\System32\D3DX9_39.dll -->12/07/2008 8:18:52 C:\WINDOWS\System32\d3dx10_39.dll -->12/07/2008 8:18:52 C:\WINDOWS\System32\D3DCompiler_39.dll -->12/07/2008 8:18:52 C:\WINDOWS\System32\tzchange.exe -->11/07/2008 14:42:28 C:\WINDOWS\System32\es.dll -->07/07/2008 22:26:58 C:\WINDOWS\System32\mscms.dll -->24/06/2008 18:43:16 C:\WINDOWS\wiaservc.log -->09/09/2008 23:49:35 C:\WINDOWS\wiadebug.log -->09/09/2008 23:49:33 C:\WINDOWS\WindowsUpdate.log -->09/09/2008 23:41:52 C:\WINDOWS\0.log -->09/09/2008 23:41:08 C:\WINDOWS\bootstat.dat -->09/09/2008 23:40:42 C:\WINDOWS\ntbtlog.txt -->09/09/2008 23:01:35 C:\WINDOWS\SchedLgU.Txt -->09/09/2008 23:00:13 C:\WINDOWS\tsoc.log -->09/09/2008 22:44:26 C:\WINDOWS\tabletoc.log -->09/09/2008 22:44:26 C:\WINDOWS\plusoc.log -->09/09/2008 22:44:26 C:\WINDOWS\ocmsn.log -->09/09/2008 22:44:26 C:\WINDOWS\ocgen.log -->09/09/2008 22:44:26 C:\WINDOWS\ntdtcsetup.log -->09/09/2008 22:44:26 C:\WINDOWS\netfxocm.log -->09/09/2008 22:44:26 C:\WINDOWS\msgsocm.log -->09/09/2008 22:44:26 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2028 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x78050000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x78000000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x74d90000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll 0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x4c4b0000 0x13000 10.00.0000.3646 C:\PROGRA~1\WINDOW~1\wmpband.dll 0x7d1e0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x42ef0000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x78130000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll 0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x42e40000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll 0x68df0000 0x8d000 5.02.2600.5512 C:\WINDOWS\system32\fxsst.dll 0x5a980000 0x72000 5.02.2600.5512 C:\WINDOWS\system32\FXSAPI.dll 0x02d80000 0x2e000 C:\Program Files\WinRAR\rarext.dll 0x22000000 0x2e000 3.00.0642.0000 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll 0x00fc0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x02ef0000 0xd000 1.08.0004.1007 C:\Program Files\FlashGet\fgmgr.dll 0x4ec50000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x723d0000 0x13000 6.00.2600.0000 C:\Program Files\Internet Explorer\mui\0c0a\browselc.dll 0x02f00000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x03a00000 0x187000 1.06.0000.0012 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x42b80000 0xa000 7.00.6000.16705 C:\WINDOWS\system32\jsproxy.dll 0x76120000 0x8c000 6.00.2600.0000 C:\Program Files\Internet Explorer\mui\0c0a\shdoclc.dll 0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x043b0000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll 0x736b0000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll 0x58390000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm 0x75c50000 0x7d000 5.07.0000.18066 c:\windows\system32\jscript.dll 0x066e0000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x60510000 0x19000 2.00.50727.1433 c:\WINDOWS\system32\dfshim.dll 0x79000000 0x46000 2.00.50727.1433 c:\WINDOWS\system32\mscoree.dll 0x79e70000 0x58f000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 0x641f0000 0x1e000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll 0x60610000 0x6000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll 0x60340000 0x8000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll 0x64220000 0x18000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll 0x605f0000 0x7000 3.01.4001.5512 C:\WINDOWS\system32\MSISIP.DLL 0x7dfa0000 0x16000 5.07.0000.18066 C:\WINDOWS\system32\wshext.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 892 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x74d90000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll 0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x00c40000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll 0x02110000 0x11000 6.14.0010.4129 C:\WINDOWS\system32\Ati2evxx.dll 0x02320000 0x3c000 1.08.0031.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll El volumen de la unidad C es ACER El número de serie del volumen es: A4F1-BEA4 Directorio de C:\WINDOWS\system 24/12/1998 22:15 345.983 RCDsetup.exe 1 archivos 345.983 bytes 0 dirs 107.600.031.744 bytes libres El volumen de la unidad C es ACER El número de serie del volumen es: A4F1-BEA4 Directorio de C:\WINDOWS\system32 14/04/2008 02:12 6.144 csrss.exe 1 archivos 6.144 bytes 0 dirs 107.600.031.744 bytes libres Contenu de Downloaded Program Files El volumen de la unidad C es ACER El número de serie del volumen es: A4F1-BEA4 Directorio de C:\WINDOWS\Downloaded Program Files 08/09/2008 16:02 <DIR> . 08/09/2008 16:02 <DIR> .. 02/11/2005 00:47 65 desktop.ini 24/03/2008 19:33 1.527.056 FP_AX_CAB_INSTALLER.exe 30/07/2007 19:24 295 muweb.inf 24/03/2008 19:18 247 swflash.inf 4 archivos 1.527.663 bytes Total de archivos en la lista: 4 archivos 1.527.663 bytes 2 dirs 107.600.031.744 bytes libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 01:01:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Ivan\ntuser.dat, 0 scanning hidden files ... disk error: C:\ please note that you need administrator rights to perform deep scan KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 124 - Monitor.exe 236 - ehSched.exe 296 - svchost.exe 700 - RTHDCPL.exe 860 - csrss.exe 892 - winlogon.exe 916 - usnsvc.exe 940 - services.exe 952 - lsass.exe 1156 - svchost.exe 1200 - msnmsgr.exe 1236 - egui.exe 1272 - ctfmon.exe 1332 - svchost.exe 1344 - ekrn.exe 1384 - TeaTimer.exe 1504 - ZDWlan.exe 1520 - svchost.exe 1844 - ehRecvr.exe 1860 - aawservice.exe 2028 - explorer.exe 2240 - mcrdsvc.exe 2868 - dllhost.exe 3128 - cmd.exe 3444 - KProcCheck.exe 3504 - flashget.exe 3908 - firefox.exe Total number of processes = 28 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E4000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA779000 - ACPI.sys BADAA000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS BA768000 - pci.sys BA8A8000 - isapnp.sys BADAC000 - aliide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA8B8000 - MountMgr.sys BA749000 - ftdisk.sys BADAE000 - dmload.sys BA723000 - dmio.sys BAB30000 - PartMgr.sys BA8C8000 - VolSnap.sys BA70B000 - atapi.sys BA6F8000 - m5287.sys BA6E0000 - \WINDOWS\system32\drivers\SCSIPORT.SYS BA8D8000 - disk.sys BA8E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS BA6C0000 - fltmgr.sys BA6AE000 - sr.sys BAB38000 - PxHelp20.sys BA697000 - KSecDD.sys BA60A000 - Ntfs.sys BA5DD000 - NDIS.sys BA8F8000 - ohci1394.sys BA908000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS BA5C3000 - Mup.sys BA9D8000 - \SystemRoot\system32\DRIVERS\nic1394.sys BAA78000 - \SystemRoot\system32\DRIVERS\intelppm.sys BA405000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys BA3F1000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS BA377000 - \SystemRoot\system32\drivers\hcw88vid.sys BAA98000 - \SystemRoot\system32\drivers\STREAM.SYS BA354000 - \SystemRoot\system32\drivers\ks.sys BA583000 - \SystemRoot\system32\drivers\hcw88aud.sys BA30B000 - \SystemRoot\system32\drivers\hcw88tse.sys BA2C6000 - \SystemRoot\system32\DRIVERS\rtl8185.sys BA28D000 - \SystemRoot\system32\DRIVERS\yk51x86.sys BABE0000 - \SystemRoot\system32\DRIVERS\usbohci.sys BA269000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BABE8000 - \SystemRoot\system32\DRIVERS\usbehci.sys BA241000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys BAAA8000 - \SystemRoot\system32\DRIVERS\serial.sys BA57F000 - \SystemRoot\system32\DRIVERS\serenum.sys BABF0000 - \SystemRoot\system32\DRIVERS\fdc.sys BA22D000 - \SystemRoot\system32\DRIVERS\parport.sys BAAB8000 - \SystemRoot\system32\DRIVERS\imapi.sys BA57B000 - \SystemRoot\System32\Drivers\UBHelper.SYS BAAC8000 - \SystemRoot\system32\DRIVERS\cdrom.sys BAAD8000 - \SystemRoot\system32\DRIVERS\redbook.sys BADD6000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys BAFB0000 - \SystemRoot\system32\DRIVERS\audstub.sys BAAE8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys BAD44000 - \SystemRoot\system32\DRIVERS\ndistapi.sys BA176000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BAAF8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BAB08000 - \SystemRoot\system32\DRIVERS\raspptp.sys BABF8000 - \SystemRoot\system32\DRIVERS\TDI.SYS BA165000 - \SystemRoot\system32\DRIVERS\psched.sys BAB18000 - \SystemRoot\system32\DRIVERS\msgpc.sys BAC00000 - \SystemRoot\system32\DRIVERS\ptilink.sys BAC08000 - \SystemRoot\system32\DRIVERS\raspti.sys BA10D000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BA978000 - \SystemRoot\system32\DRIVERS\termdd.sys BAC10000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BAC18000 - \SystemRoot\system32\DRIVERS\mouclass.sys BADD8000 - \SystemRoot\system32\DRIVERS\swenum.sys BA0AF000 - \SystemRoot\system32\DRIVERS\update.sys BAD6C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BA9E8000 - \SystemRoot\System32\Drivers\NDProxy.SYS BAC68000 - \SystemRoot\system32\drivers\HCW88BAR.sys B4440000 - \SystemRoot\system32\drivers\hcw88tun.sys B441C000 - \SystemRoot\system32\drivers\hcw88bda.sys BAD98000 - \SystemRoot\system32\drivers\BdaSup.SYS B602B000 - \SystemRoot\system32\DRIVERS\usbhub.sys BAE0A000 - \SystemRoot\system32\DRIVERS\USBD.SYS B01E6000 - \SystemRoot\system32\drivers\RtkHDAud.sys B01C2000 - \SystemRoot\system32\drivers\portcls.sys B171E000 - \SystemRoot\system32\drivers\drmk.sys BAE66000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS ADEC5000 - \SystemRoot\System32\Drivers\Null.SYS BAE68000 - \SystemRoot\System32\Drivers\Beep.SYS AED63000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS AED5B000 - \SystemRoot\System32\drivers\vga.sys BAE6A000 - \SystemRoot\System32\Drivers\mnmdd.SYS BAE6C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys AED53000 - \SystemRoot\System32\Drivers\Msfs.SYS AED4B000 - \SystemRoot\System32\Drivers\Npfs.SYS B0740000 - \SystemRoot\system32\DRIVERS\rasacd.sys ABC1A000 - \SystemRoot\system32\DRIVERS\ipsec.sys ABBC1000 - \SystemRoot\system32\DRIVERS\tcpip.sys ABB85000 - \SystemRoot\system32\DRIVERS\netbt.sys ABB5F000 - \SystemRoot\system32\DRIVERS\ipnat.sys AE092000 - \SystemRoot\system32\DRIVERS\epfwtdir.sys ABB3D000 - \SystemRoot\System32\drivers\afd.sys AE082000 - \SystemRoot\system32\DRIVERS\netbios.sys AE062000 - \SystemRoot\system32\DRIVERS\wanarp.sys ABB12000 - \SystemRoot\system32\DRIVERS\rdbss.sys AE052000 - \SystemRoot\system32\DRIVERS\arp1394.sys ABA7A000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys ADE74000 - \SystemRoot\System32\Drivers\Fips.SYS ABC8E000 - \SystemRoot\system32\DRIVERS\usbccgp.sys ADDA4000 - \SystemRoot\system32\DRIVERS\hidusb.sys ABF9F000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS AED2B000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS ABEEC000 - \SystemRoot\system32\DRIVERS\mouhid.sys ABAF6000 - \SystemRoot\system32\DRIVERS\kbdhid.sys B5FFB000 - \SystemRoot\system32\DRIVERS\easdrv.sys A40C5000 - \SystemRoot\System32\Drivers\Cdfs.SYS A48BA000 - \SystemRoot\System32\Drivers\dump_diskdump.sys A2F27000 - \SystemRoot\System32\Drivers\dump_m5287.sys BF800000 - \SystemRoot\System32\win32k.sys A48A6000 - \SystemRoot\System32\drivers\Dxapi.sys A3960000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAFEC000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA17000 - \SystemRoot\System32\ati2cqag.dll BFA56000 - \SystemRoot\System32\atikvmag.dll BFA8C000 - \SystemRoot\System32\ati3duag.dll BFD08000 - \SystemRoot\System32\ativvaxx.dll ADD88000 - \SystemRoot\system32\DRIVERS\ndisuio.sys A0E4A000 - \SystemRoot\system32\drivers\wdmaud.sys A2F9A000 - \SystemRoot\system32\drivers\sysaudio.sys A0D60000 - \SystemRoot\System32\Drivers\Fastfat.SYS A0C41000 - \SystemRoot\system32\DRIVERS\mrxdav.sys A0BCC000 - \SystemRoot\system32\DRIVERS\eamon.sys A0AC3000 - \SystemRoot\System32\Drivers\HTTP.sys A0A49000 - \SystemRoot\system32\DRIVERS\srv.sys BAE64000 - \SystemRoot\system32\drivers\MSPQM.sys A0258000 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys BAF33000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys 9FE2F000 - \SystemRoot\system32\drivers\kmixer.sys Total number of drivers = 136 Liste des programmes installes Ad-Aware 2007 Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 7.0 ATI Display Driver Compresor WinRAR DivX Web Player ESET NOD32 Antivirus FlashGet 1.9.6.1073 GemMaster Mystic Hauppauge MCE2005 Software Encoder High Definition Audio Driver Package - KB888111 Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB952287) J2SE Runtime Environment 5.0 Update 5 Java 6 Update 7 Localization Pack for Microsoft Windows XP Media Center Edition Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Spanish Language Pack Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft XNA Framework Redistributable 2.0 Mozilla Firefox (3.0.1) NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up NTI Backup NOW! 4 NTI Backup NOW! 4 NTI CD & DVD-Maker NTI CD & DVD-Maker Otto PowerDVD Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Sonic Encoders Spybot - Search & Destroy Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update Rollup 2 for Windows XP Media Center Edition 2005 VideoLAN VLC media player 0.8.6i WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format Runtime Windows XP Service Pack 3 Wireless 802.11g USB Adapter Wireless 802.11g USB Adapter El volumen de la unidad C es ACER El número de serie del volumen es: A4F1-BEA4 Directorio de C:\Program Files 09/09/2008 23:43 <DIR> . 09/09/2008 23:43 <DIR> .. 08/09/2008 22:26 <DIR> Adobe 08/09/2008 16:20 <DIR> Common Files 02/11/2005 00:46 <DIR> ComPlus Applications 08/09/2008 22:26 <DIR> CyberLink 09/09/2008 18:04 <DIR> DivX 08/09/2008 22:26 <DIR> EnglishOtto 08/09/2008 15:28 <DIR> ESET 10/09/2008 00:58 <DIR> FlashGet 08/09/2008 22:26 <DIR> GemMaster 08/09/2008 16:39 <DIR> Internet Explorer 08/09/2008 16:25 <DIR> Java 08/09/2008 16:20 <DIR> Lavasoft 08/09/2008 16:34 <DIR> Messenger 08/09/2008 16:46 <DIR> Microsoft CAPICOM 2.1.0.2 08/09/2008 22:26 <DIR> microsoft frontpage 08/09/2008 16:13 <DIR> Movie Maker 09/09/2008 23:52 <DIR> Mozilla Firefox 08/09/2008 22:26 <DIR> MSN 08/09/2008 22:26 <DIR> MSN Gaming Zone 08/09/2008 16:10 <DIR> NetMeeting 08/09/2008 22:26 <DIR> NewTech Infosystems 09/09/2008 23:43 <DIR> NOS 08/09/2008 22:26 <DIR> Online Services 08/09/2008 16:10 <DIR> Outlook Express 09/09/2008 22:47 <DIR> Panda Security 08/09/2008 22:26 <DIR> Realtek 08/09/2008 18:49 <DIR> Spybot - Search & Destroy 08/09/2008 15:18 <DIR> Symantec 08/09/2008 23:35 <DIR> VideoLAN 09/09/2008 15:39 <DIR> Windows Live 08/09/2008 22:26 <DIR> Windows Media Player 08/09/2008 16:10 <DIR> Windows NT 08/09/2008 22:26 <DIR> Windows Plus 08/09/2008 22:27 <DIR> Windows XP MUI Pack 08/09/2008 15:25 <DIR> WinRAR 08/09/2008 14:38 <DIR> WinTV 08/09/2008 22:27 <DIR> Wireless 802.11g USB Adapter 08/09/2008 22:27 <DIR> xerox 0 archivos 0 bytes 40 dirs 107.572.764.672 bytes libres El volumen de la unidad C es ACER El número de serie del volumen es: A4F1-BEA4 Directorio de C:\Program Files\common files 08/09/2008 16:20 <DIR> . 08/09/2008 16:20 <DIR> .. 08/09/2008 22:26 <DIR> Adobe 08/09/2008 22:26 <DIR> InstallShield 08/09/2008 22:26 <DIR> Java 08/09/2008 20:24 <DIR> Microsoft Shared 08/09/2008 22:26 <DIR> MSSoap 08/09/2008 22:26 <DIR> muvee Technologies 08/09/2008 22:26 <DIR> NewTech Infosystems 08/09/2008 22:26 <DIR> ODBC 08/09/2008 22:26 <DIR> Services 08/09/2008 22:26 <DIR> SpeechEngines 08/09/2008 15:23 <DIR> Symantec Shared 08/09/2008 16:10 <DIR> System 08/09/2008 16:20 <DIR> Wise Installation Wizard 0 archivos 0 bytes 15 dirs 107.572.764.672 bytes libres c:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifier.exe c:\Documents and Settings\All Users\Application Data\Megaupload\Megauper.exe c:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\fwl5mkdz.default\FlashGot.exe c:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\fwl5mkdz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe c:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\fwl5mkdz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\catchme.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\diff.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\dumphive.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\find2.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\Fport.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\grep.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\gzip.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\KProcCheck.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\LFiles.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\md5sums.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\pslist.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\sigcheck.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\streams.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\swreg.exe c:\Documents and Settings\Ivan\Desktop\DiagHelp\tar.exe c:\Documents and Settings\Ivan\Local Settings\Temporary Internet Files\Content.IE5\IN1Y5W4M\Firefox%20Setup%203.0.1[1].exe c:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierAPI.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Ivan\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\fwl5mkdz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_SHIKISO.tar.gz a l'adresse http://upload.malekal.com --------------------------------------------------------------------- I do not know what is causing the problem but i can't enter in the tutorial website and i can't upload it to the website, i really need help. Thanks for the attention and future help. PD: Puedo hablar español por si alguien le interesa =P.