que elimino de aqui?

Responder
oxciel
Novato
Novato
Mensajes: 3
Registrado: 06 Jul 2004, 15:44

que elimino de aqui?

Mensaje por oxciel » 11 Ene 2005, 01:00

Logfile of HijackThis v1.97.7

Scan saved at 7:00:16 PM, on 1/10/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\unlodctl.exe

D:\TRAB 1\programs\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Services] svssshost.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Registry Backup] regback.exe

O4 - HKLM\..\Run: [sjuxyz] C:\WINDOWS\sjuxyz.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DDStartup] c:\Program Files\Connectix\Connectix Desktop Designer\DDStartup.exe

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [Microsoft Services] svssshost.exe

O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Services] svssshost.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Microsoft Registry Backup] regback.exe

O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\goyo\Application Data\iptl.exe

O4 - HKCU\..\Run: [Hvgzg] C:\WINDOWS\System32\mrntpfrq.exe

O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WPCycle.exe] c:\Program Files\Connectix\Connectix Desktop Designer\WpCycleWin.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda platinum internet security\pavlsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: ChatSpace Java Client 4.0.0.301 - http://63.99.211.87/ChatSpace/Java/cms40301.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1091754979953

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} - http://www.dialermax.com/ruboskizo2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} - http://www.microsoft.com/en/us/default.aspxsecurity/controls/DoomCln.CAB

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1144.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F74D71A-1441-4FF6-A541-EA0A752669E5}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{96246010-D723-467A-9E2C-357A12BD80DA}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A84AFB-6A85-4509-A941-CA0FC3DE50D1}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D2E777-FEF2-43E0-9C33-BE659C3B4D79}: NameServer = 69.50.166.94,69.31.80.244

fircsix
Usuario Avanzado
Usuario Avanzado
Mensajes: 341
Registrado: 28 Nov 2004, 11:35
Ubicación: Buenos Aires Argentina

Mensaje por fircsix » 11 Ene 2005, 01:05

Primero antes que nada: Segui este tutorial



https://foros.zonavirus.com/viewtopic.php?t=4795



Segundo: Actualiza tu Sistema Operativo y el IE



Tercero: Descarga el Hijackthis 1.99



http://www.spywareinfo.com/~merijn/files/hijackthis.zip



Colócalo en una carpeta propia para el HijackThis (por ejemplo C:\Limpiar). Ejecútalo y presiona el botón "Do a system scan and save a logfile"; el programa realizará el escaneo e inmediatamente generará el Log, sólo te pedira el nombre del archivo y su ubicación, puedes simplemente guardarlo así como está. Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta a este tema.



Saludos.

fircsix
"El sabio es aquel que sabe sin saber por qué, lo demás es sólo aprendizaje."

fircsix
Usuario Avanzado
Usuario Avanzado
Mensajes: 341
Registrado: 28 Nov 2004, 11:35
Ubicación: Buenos Aires Argentina

Mensaje por fircsix » 11 Ene 2005, 01:07

Perdon pero la segunda indicacion no hace falta seguirla asi que solo esas dos. (perdon que postee dos veces pero aqui no puedo editar :? )



Saludos.

fircsix
"El sabio es aquel que sabe sin saber por qué, lo demás es sólo aprendizaje."

oxciel
Novato
Novato
Mensajes: 3
Registrado: 06 Jul 2004, 15:44

Mensaje por oxciel » 11 Ene 2005, 01:25

Logfile of HijackThis v1.99.0

Scan saved at 7:24:12 PM, on 1/10/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe

C:\WINDOWS\system32\unlodctl.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\IFACE.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\PAVJOBS.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\goyo\Local Settings\Temp\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Services] svssshost.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Registry Backup] regback.exe

O4 - HKLM\..\Run: [sjuxyz] C:\WINDOWS\sjuxyz.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DDStartup] c:\Program Files\Connectix\Connectix Desktop Designer\DDStartup.exe

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [Microsoft Services] svssshost.exe

O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Services] svssshost.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Microsoft Registry Backup] regback.exe

O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\goyo\Application Data\iptl.exe

O4 - HKCU\..\Run: [Hvgzg] C:\WINDOWS\System32\mrntpfrq.exe

O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WPCycle.exe] c:\Program Files\Connectix\Connectix Desktop Designer\WpCycleWin.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: ChatSpace Java Client 4.0.0.301 - http://63.99.211.87/ChatSpace/Java/cms40301.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab

O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} - http://www.dialermax.com/ruboskizo2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1144.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F74D71A-1441-4FF6-A541-EA0A752669E5}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{96246010-D723-467A-9E2C-357A12BD80DA}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A84AFB-6A85-4509-A941-CA0FC3DE50D1}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D2E777-FEF2-43E0-9C33-BE659C3B4D79}: NameServer = 69.50.166.94,69.31.80.244

O18 - Filter: text/html - {2D63ABB4-072E-4111-94D2-B70A03E1EA89} - C:\WINDOWS\system32\snnpapi.dll

O18 - Filter: text/plain - {2D63ABB4-072E-4111-94D2-B70A03E1EA89} - C:\WINDOWS\system32\snnpapi.dll

O23 - Service: Microsoft Security Subsystem Provider - Unknown - C:\WINDOWS\System32\mssp.exe (file missing)

O23 - Service: GEDZAC Service - Unknown - C:\WINDOWS\System32\UNPLAYERARP.COM (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Panda Antispam Server Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe

O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe

O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: VAIO Media Music Server (Application) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) - Unknown - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (file missing)

O23 - Service: VAIO Media Photo Server (Application) - Unknown - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) - Unknown - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (file missing)

oxciel
Novato
Novato
Mensajes: 3
Registrado: 06 Jul 2004, 15:44

Mensaje por oxciel » 11 Ene 2005, 02:21

Logfile of HijackThis v1.99.0

Scan saved at 8:21:34 PM, on 1/10/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE

C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Panda Software\Panda Platinum Internet Security\WebProxy.exe

C:\WINDOWS\system32\unlodctl.exe

C:\WINDOWS\system32\nlsfuncs.exe

C:\Program Files\Real\RealOne Player\RealPlay.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\goyo\Local Settings\Temp\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.univision.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Services] svssshost.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Microsoft Registry Backup] regback.exe

O4 - HKLM\..\Run: [sjuxyz] C:\WINDOWS\sjuxyz.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DDStartup] c:\Program Files\Connectix\Connectix Desktop Designer\DDStartup.exe

O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum Internet Security\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [Microsoft Services] svssshost.exe

O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum Internet Security\PasSrv.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Services] svssshost.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [Microsoft Registry Backup] regback.exe

O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\goyo\Application Data\iptl.exe

O4 - HKCU\..\Run: [Hvgzg] C:\WINDOWS\System32\mrntpfrq.exe

O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WPCycle.exe] c:\Program Files\Connectix\Connectix Desktop Designer\WpCycleWin.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: ChatSpace Java Client 4.0.0.301 - http://63.99.211.87/ChatSpace/Java/cms40301.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab

O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} - http://www.dialermax.com/ruboskizo2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1144.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F74D71A-1441-4FF6-A541-EA0A752669E5}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{96246010-D723-467A-9E2C-357A12BD80DA}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A84AFB-6A85-4509-A941-CA0FC3DE50D1}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D2E777-FEF2-43E0-9C33-BE659C3B4D79}: NameServer = 69.50.166.94,69.31.80.244

O18 - Filter: text/html - {2D63ABB4-072E-4111-94D2-B70A03E1EA89} - C:\WINDOWS\system32\snnpapi.dll

O18 - Filter: text/plain - {2D63ABB4-072E-4111-94D2-B70A03E1EA89} - C:\WINDOWS\system32\snnpapi.dll

O23 - Service: Microsoft Security Subsystem Provider - Unknown - C:\WINDOWS\System32\mssp.exe (file missing)

O23 - Service: GEDZAC Service - Unknown - C:\WINDOWS\System32\UNPLAYERARP.COM (file missing)

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Panda Antispam Server Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\PaSSrv.exe

O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service - Panda Software - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe

O23 - Service: Panda IManager Service - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum Internet Security\PsImSvc.exe

O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: VAIO Media Music Server (Application) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) - Unknown - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (file missing)

O23 - Service: VAIO Media Photo Server (Application) - Unknown - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) - Unknown - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (file missing)

Avatar de Usuario
caito
Usuario Avanzado
Usuario Avanzado
Mensajes: 1540
Registrado: 30 May 2004, 06:29
Ubicación: Argentina

Mensaje por caito » 11 Ene 2005, 05:33

Te conviene copiar estas instrucciones para consultarlas cuando no estes conectado a Internet.

1)Antes que nada vuelve a bajar el Hijack pero esta vez guárdalo en su propia carpeta por ej: C>Limpiar>Hijack

Baja este programa :( lo usarás luego para limpiar archivos innecesarios )



http://www.xs4all.nl/~mp2004/



2)Ahora asegúrate que sabes cual es la dirección de tu ISP:

http://whatsmyip.org/



Fijate que el número no sea similar a este :



69.50.166.94,69.31.80.244





3)Desactiva Restaurar sistema,arranca en Modo seguro,cierra todas las aplicaciones .

4)Lanza el Hijack y dale a Fix a estas :



C:\WINDOWS\system32\unlodctl.exe

C:\WINDOWS\system32\nlsfuncs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\snnpapi.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O4 - HKLM\..\Run: [Microsoft Services] svssshost.exe

O4 - HKLM\..\Run: [sjuxyz] C:\WINDOWS\sjuxyz.exe

O4 - HKLM\..\RunServices: [Microsoft Services] svssshost.exe

O4 - HKLM\..\RunServices: [Microsoft Services] svssshost.exe

O4 - HKCU\..\Run: [Iinl] C:\Documents and Settings\goyo\Application Data\iptl.exe

O4 - HKCU\..\Run: [Hvgzg] C:\WINDOWS\System32\mrntpfrq.exe

O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)



O15 - Trusted Zone: http://*.63.219.181.7

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab



O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/Downlo adManager.cab





O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} - http://www.dialermax.com/ruboskizo2.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab



O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?



O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1144.exe



Las entradas 017 las borras únicamente si no pertenecen a tu Servidor de Internet:( ver punto 2)

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F74D71A-1441-4FF6-A541-EA0A752669E5}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{96246010-D723-467A-9E2C-357A12BD80DA}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A84AFB-6A85-4509-A941-CA0FC3DE50D1}: NameServer = 69.50.166.94,69.31.80.244

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D2E777-FEF2-43E0-9C33-BE659C3B4D79}: NameServer = 69.50.166.94,69.31.80.244

O18 - Filter: text/html - {2D63ABB4-072E-4111-94D2-B70A03E1EA89} - C:\WINDOWS\system32\snnpapi.dll

O18 - Filter: text/plain - {2D63ABB4-072E-4111-94D2-B70A03E1EA89} - C:\WINDOWS\system32\snnpapi.dll

O23 - Service: Microsoft Security Subsystem Provider - Unknown - C:\WINDOWS\System32\mssp.exe (file missing)

O23 - Service: GEDZAC Service - Unknown - C:\WINDOWS\System32\UNPLAYERARP.COM (file missing)

O23 - Service: VAIO Media Music Server (UPnP) - Unknown - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) - Unknown - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe (file missing)

Haz que se vean todos los archivos :

Para configurar Windows XP para que muestre las extensiones de archivo:



Haga clic en Mi PC.

Haga clic en el menú Herramientas, y después en Opciones de carpeta.

Haga clic en la pestaña Ver.

Quite la marca en "Ocultar extensiones de archivo para tipos de archivo conocidos".

En la carpeta "Archivos ocultos" seleccione "Mostrar archivos y carpetas ocultos".

Quite la marca en "Ocultar archivos protegidos del sistema operativo".

Haga clic en Aplicar, y después en Aceptar.



Busca estos y si están los eliminas:



svssshost.exe

sjuxyz.exe

mrntpfrq.exe

dfshf.exe

unlodctl.exe

nlsfuncs.exe

Borra esta carpeta :

Documents and Settings\goyo\Application Data\iptl.exe

Con el disk Cleaner borra Archivos Temp. de Internet,cookies,etc)

Pasa el Adaware Se actualizado.

Reinicia en modo normal y pega un nuevo log.

Salu2

Caito

Responder

Volver a “Foro HijackThis - copia y pega tu log”