SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
adaware
yuly:
(MS05-004) ASP.NET Path Validation Vulnerability (887219)
Vulnerability Identifier: CAN-2004-0847
Discovery Date: Feb 8, 2005
Risk: Important
Vulnerability Assessment Pattern File: 023
Affected Software:
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Description:
A canonicalization vulnerability exists in ASP.NET, which could allow a malicious user to access secure and protected files. The security mechanisms of an ASP.NET Web site can be bypassed to allow the malicious user unauthorized access.
Patch Information:
http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx
Workaround Fixes:
Apply the mitigation code module discussed in Microsoft Knowledge Base Article 887289. The mitigation code module provides protection on a server-basis.
Make the following changes in the GLOBAL.ASAX file in the application root directory for each application on an affected system as an alternative to installing the module on a per-application basis:
<script runat=server language=cs>
void Application_BeginRequest(object src, EventArgs e)
{ if (Request.Path.IndexOf('\\') >= 0 || System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) { throw new HttpException(404, "not found"); }}
</script>
Install and use URLScan to help protect systems against a large number of issues stemming from improperly formed URL requests, including the publicly described issues addressed by this bulletin. Note however that URLScan does not protect your system as comprehensively as either the mitigation code module or the GLOBAL.ASAX script.
More information on URLScan is available in the following page: http://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asp
Esto me lo dice el trend micro que quiere decir??????????? por favor ayudaaaaaaaaa
Mr_X:
1.- No desesperes
2.- ¿Pasaste los programas que te recomendó Liamngls?
3.- No te exaltes, que no pasa nada
4.- Eso de TrendMicro ¿de dónde lo sacaste?
5.- Regálanos un Log del HijackThis (clic) y otro del Autoruns de Sysinternals (clic): descomprime el archivo, doble clic al archivo AUTORUNS.EXE, dale a la tecla "Esc", ve al menú "Options" y marca las tres primeras opciones y oprime la tecla F5, deja que termine de revisar, ve al menú "File", "Save as", dale un nombre y guárdalo, ahora abre el archivo en el Bloc de notas, copia el contenido y pégalo aquí...
yuly:
Logfile of HijackThis v1.99.1
Scan saved at 20:01:46, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
C:\ARCHIV~1\mcafee.com\agent\mcagent.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Archivos comunes\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
c:\archiv~1\mcafee.com\vso\mcvsftsn.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\YULY~1.YUL\CONFIG~1\Temp\Rar$EX65.531\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ono.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46E88C13-C1AF-4C27-BAFE-A3FA96995A0D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\ARCHIV~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [McAfee Guardian] C:\Archivos de programa\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NexusServer] C:\Archivos de programa\Archivos comunes\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe -SelfLaunch
O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Archivos de programa\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4719/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
log del hijack
yuly:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ISUSScheduler InstallShield Update Service Scheduler (Not verified) InstallShield Software Corporation c:\archivos de programa\archivos comunes\installshield\updateservice\issch.exe
+ McAfee Guardian McAfee Guardian Agent (Not verified) Network Associates, Inc. c:\archivos de programa\mcafee\mcafee shared components\guardian\cmgrdian.exe
+ MCAgentExe McAfee SecurityCenter Agent (Not verified) McAfee, Inc c:\archivos de programa\mcafee.com\agent\mcagent.exe
+ MCUpdateExe McAfee SecurityCenter Update Engine (Not verified) McAfee, Inc c:\archivos de programa\mcafee.com\agent\mcupdate.exe
+ MSKDetectorExe McAfee SpamKiller Account Detector (Not verified) McAfee, Inc. c:\archivos de programa\mcafee\spamkiller\mskdetct.exe
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ NexusServer c:\archivos de programa\archivos comunes\canopus shared\procoder 2\kernel\pnxservr.exe
+ OASClnt McAfee VirusScan OAS Client (Not verified) McAfee, Inc. c:\archivos de programa\mcafee.com\vso\oasclnt.exe
+ QuickTime Task (Not verified) Apple Computer, Inc. c:\archivos de programa\quicktime\qttask.exe
+ SoundMan Realtek Sound Manager (Not verified) Realtek Semiconductor Corp. c:\windows\soundman.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_06\bin\jusched.exe
+ VirusScan Online McAfee VirusScan ActiveShield Resource (Not verified) McAfee, Inc. c:\archivos de programa\mcafee.com\vso\mcvsshld.exe
+ VSOCheckTask McAfee VirusScan Command Handler (Not verified) McAfee, Inc. c:\archivos de programa\mcafee.com\vso\mcmnhdlr.exe
+ Zone Labs Client Zone Labs Client (Verified) Check Point Software Technologies Inc. c:\archivos de programa\zone labs\zonealarm\zlclient.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio
+ Inicio rápido de Adobe Reader.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\archivos de programa\adobe\acrobat 7.0\reader\reader_sl.exe
C:\Documents and Settings\yuly.YULY-BD3C913EA3\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ msnmsgr MSN Messenger (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msnmsgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\pkmcdo.dll
+ msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msgrapp.dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Carpetas Web Microsoft Web Folders (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\msonsext.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_06\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ McAfee VirusScan McAfee VirusScan Shell Extension Module (Not verified) McAfee, Inc. c:\archivos de programa\mcafee.com\vso\mcvsshl.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ Analizar mediante McAfee.com - Mi equipo (YULY-BD3C913EA3-yuly).job McAfee VirusScan Command Handler (Not verified) McAfee, Inc. c:\archivos de programa\mcafee.com\vso\mcmnhdlr.exe
+ Detectar virus mediante McAfee.com - Mi equipo (YULY-BD3C913EA3-mama).job McAfee VirusScan Command Handler (Not verified) McAfee, Inc. c:\archivos de programa\mcafee.com\vso\mcmnhdlr.exe
HKLM\System\CurrentControlSet\Services
+ McDetect.exe McAfee WSC Integration Service (Not verified) McAfee, Inc c:\archivos de programa\mcafee.com\agent\mcdetect.exe
+ McShield On-Access Scanner service (Not verified) McAfee Inc. c:\archivos de programa\mcafee.com\vso\mcshield.exe
+ McTskshd.exe McAfee Task Scheduler (Not verified) McAfee, Inc c:\archivos de programa\mcafee.com\agent\mctskshd.exe
+ vsmon Monitors internet traffic and generates alerts for disallowed access. (Verified) Check Point Software Technologies Inc. c:\windows\system32\zonelabs\vsmon.exe
HKLM\System\CurrentControlSet\Services
+ ALCXSENS Sensaura WDM 3D Audio Driver (Not verified) Sensaura Ltd c:\windows\system32\drivers\alcxsens.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) (Not verified) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ GMSIPCI File not found: E:\INSTALL\GMSIPCI.SYS
+ hardlock Hardlock Device Driver for Windows NT (Not verified) Aladdin Knowledge Systems c:\windows\system32\drivers\hardlock.sys
+ Haspnt HASP Kernel Device Driver for Windows NT (Not verified) Aladdin Knowledge Systems c:\windows\system32\drivers\haspnt.sys
+ sfdrv01 StarForce Protection Environment Driver (Not verified) Protection Technology c:\windows\system32\drivers\sfdrv01.sys
+ sfhlp02 StarForce Protection Helper Driver (Not verified) Protection Technology c:\windows\system32\drivers\sfhlp02.sys
+ sfvfs02 StarForce Protection VFS Driver (Not verified) Protection Technology c:\windows\system32\drivers\sfvfs02.sys
+ vsdatant TrueVector Device Driver (Verified) Check Point Software Technologies Inc. c:\windows\system32\vsdatant.sys
+ yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter (Not verified) Marvell Semiconductor Inc. c:\windows\system32\drivers\yukonwxp.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
este es el log del autoruns
a las preguntas
si pase los programas y el trend micro lo saque de un escaneo online
Mr_X:
Reinicia en Modo seguro, ejecuta el HijackThis (NO LO HAGAS DESDE EL WINRAR, extraelo a un directorio y hazlo desde ahí), selecciona la opción 'Do a system scan only' y marca la casilla a la izquierda de las siguientes entradas y dale al botón Fix checked:
--- Código: ---R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {46E88C13-C1AF-4C27-BAFE-A3FA96995A0D} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
--- Fin del código ---
Reinicia normal, actualiza el McAfee y pásalo... Saca nuevos Logs...
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa