[RESOLVED] Generic.Bot.H, RiskWare.Tool.CK, Malware.Trace - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 48

Thread: [RESOLVED] Generic.Bot.H, RiskWare.Tool.CK, Malware.Trace

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,995
    Good

    Hoe is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  2. #17
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    At this moment, the computer goes with startling rapidity.!
    Broni, do not you teach maleware? hehehe


    Goes to the speed of light!!! *-*

  3. #18
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    I cant run OTL scan:

    Error
    Exception EOleSysError in module OTL.exe at 000571A5
    Clase no registrada.

    I try it on safe mode

  4. #19
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Try first with rkill.com ??

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,995
    Try to re-download OTL and run it again.

  6. #21
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Same error:

    Application Error
    Exception EOleSysError in module OTL (1).exe at 000571A5
    Clase no registrada.

    In safe mode too.

    We have almost finished and we were interrupted by this error >_< fuuuu

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,995
    Norton may be interrupting.
    Disable Norton and try again.

  8. #23
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Nope same error :/
    Disable Norton in normal and safe mode.

    I found this --> Same error

    And use this this tool: http://sicher-ins-netz.info/dl/lichtinsdunkel.exe Did you recomended ?
    Last edited by Waldos; September 28th, 2010 at 08:19 PM.

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,995
    Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

  10. #25
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    I hate that OTL doesnt run

    Installing HJT

  11. #26
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 06:57:30 p.m., on 28/09/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Archivos de programa\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
    C:\Archivos de programa\Cobian Backup 10\cbVSCService.exe
    C:\Archivos de programa\Cobian Backup 10\cbService.exe
    C:\Archivos de programa\HP\HPLaserJetService\HPLaserJetService.exe
    C:\WINDOWS\system32\HPSIsvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Archivos de programa\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Archivos de programa\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Archivos de programa\Cobian Backup 10\cbInterface.exe
    C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe
    C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe
    C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Archivos de programa\VMware\VMware Server\vmware-authd.exe
    C:\Archivos de programa\Archivos comunes\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\Documents and Settings\Fernando Pliego\Configuraci&#243;n local\Datos de programa\Google\Update\GoogleUpdate.exe
    C:\Archivos de programa\Tarjeta inal&#225;mbrica Dell\PRISMCFG.exe
    C:\Documents and Settings\Fernando Pliego\Configuraci&#243;n local\Datos de programa\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Archivos de programa\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
    C:\Archivos de programa\VMware\VMware Server\vmserverdWin32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Archivos de programa\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Archivos de programa\Symantec\Symantec Endpoint Protection Manager\jdk\bin\java.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s...onse/index.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/22
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USSMB/22
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V&#237;nculos
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARCHIV~1\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live Aplicaci&#243;n auxiliar de inicio de sesi&#243;n - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARCHIV~1\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Archivos de programa\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Archivos de programa\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [SwitchBoard] C:\Archivos de programa\Archivos comunes\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Archivos de programa\Cobian Backup 10\cbInterface.exe" -service
    O4 - HKLM\..\Run: [BCSSync] "C:\Archivos de programa\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKCU\..\Run: [OfficeSyncProcess] C:\Archivos de programa\Microsoft Office\Office14\MSOSYNC.EXE
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fernando Pliego\Configuraci&#243;n local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utilidad de la tarjeta USB 2.0 WLAN inal&#225;mbrica.lnk = ?
    O8 - Extra context menu item: &Enviar a OneNote - res:///105
    O8 - Extra context menu item: Append to existing PDF - res://C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office14\EXCEL.EXE/3000
    O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1239810178203
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B78C654E-5B65-4CDA-8497-5C0F716D27A6}: NameServer = 192.168.1.1
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demonio de cach&#233; de las categor&#237;as de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Embedded Database (ASANYs_sem5) - iAnywhere Solutions, Inc. - C:\Archivos de programa\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
    O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Archivos de programa\Cobian Backup 10\cbVSCService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Archivos de programa\Cobian Backup 10\cbService.exe
    O23 - Service: Servicio del administrador de discos l&#243;gicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP LaserJet Service - HP - C:\Archivos de programa\HP\HPLaserJetService\HPLaserJetService.exe
    O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Administraci&#243;n de IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Servicio COM de grabaci&#243;n de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Administrador de sesi&#243;n de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Symantec Endpoint Protection Manager (semsrv) - Symantec Corporation - C:\Archivos de programa\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Archivos de programa\Archivos comunes\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Archivos de programa\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Archivos de programa\VMware\VMware Server\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Archivos de programa\Archivos comunes\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Archivos de programa\VMware\VMware Server\vmserverdWin32.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: Instant&#225;neas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Publicaci&#243;n en World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

    --
    End of file - 15327 bytes

  12. #27
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,995
    It looks clean

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  13. #28
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Symantec Endpoint Protection
    Symantec Endpoint Protection Manager
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 20
    Out of date Java installed!
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3.3 - Espa&#241;ol
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

  14. #29
    Join Date
    Apr 2010
    Location
    Mexico DF
    Posts
    138
    Tomorrow i do the ESET Online Scan

    1 Question. Why dont use a derivate of OTL like this
    Code:
    http://sicher-ins-netz.info/dl/lichtinsdunkel.exe
    He has the same problem than me. Just curious.

  15. #30
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    20,995
    This is a very same OTL program, just a different name.
    You can give it a shot. Make sure, you paste my custom script there.

    Also....

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •