muchos problemass!!! de nuevo el se.dll!!! startpage!!! cws!

[wau]

holA GENTEEE !!! necesito su ayuda...

mi pc parecia limpia... pero noooo, de nuevo este maldito se.dll aunque no esté ni siquiera enm los temporales...

le pasé el spybot , ad-ware, cwsheeder, elistar, spysweeper, trojanhunter, smartkiller... etc... mi antivirus (AVG), norton on line, rav, etc... de todo... y despues de un tiempo 1 diaaaa!!! aparecio de nuevoooo , me lo advirtió el spyguard... tengo que eliminar cosas del registro??? que hago para que desaparezca este maldito archivooo.

si puede alguien ayudarme es agradecido... es la Pc de mi trabajo... está en red... las otras pc estan limpias... ademas tengo firewalll (sygate)

mi log...

Logfile of HijackThis v1.99.0

Scan saved at 05:09:03 p.m., on 22/02/2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\ARCHIVOS DE PROGRAMA\SYGATE\SPF\SMC.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGEMC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGMAIN.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.123.1:21;gopher=192.168.123.1:119;http=192.168.123.1:6588;https=192.168.123.1:6588;socks=192.168.123.1:119

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [SiS Tray] C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [SmcService] C:\ARCHIVOS DE PROGRAMA\SYGATE\SPF\SMC.EXE

O4 - HKLM\..\RunOnce: [MRUBlaster] C:\ARCHIVOS DE PROGRAMA\MRU-BLASTER\indexcleaner.exe -CC

O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Archivos de programa\MRU-Blaster\mrublaster.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1



y mi staruplist... perdon si es muy largo... es por si de algo sirve....



StartupList report, 22/02/2005, 05:09:15 p.m.

StartupList version: 1.52.2

Started from : C:\HIJACKTHIS\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================



Running processes:



C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\ARCHIVOS DE PROGRAMA\SYGATE\SPF\SMC.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGEMC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGMAIN.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

C:\WINDOWS\NOTEPAD.EXE



--------------------------------------------------



Listing of startup folders:



Shell folders Startup:

[C:\WINDOWS\Menú Inicio\Programas\Inicio]

Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe

MRU-Blaster Silent Clean.lnk = C:\Archivos de programa\MRU-Blaster\mrublaster.exe



Shell folders AltStartup:

*Folder not found*



User shell folders Startup:

*Folder not found*



User shell folders AltStartup:

*Folder not found*



Shell folders Common Startup:

[C:\WINDOWS\All users\Menú Inicio\Programas\Inicio]

*No files*



Shell folders Common AltStartup:

*Folder not found*



User shell folders Common Startup:

*Folder not found*



User shell folders Alternate Common Startup:

*Folder not found*



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run



CountrySelection = pctptt.exe

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

LoadQM = loadqm.exe

SiS Tray = C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

TaskMonitor = C:\WINDOWS\taskmon.exe

AVG7_CC = C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

AVG7_EMC = C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

AVG7_AMSVR = C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

SmcService = C:\ARCHIV~1\SYGATE\SPF\SMC.EXE -startgui



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce



MRUBlaster = C:\ARCHIVOS DE PROGRAMA\MRU-BLASTER\indexcleaner.exe -CC



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx



*No values found*



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices



LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

SmcService = C:\ARCHIVOS DE PROGRAMA\SYGATE\SPF\SMC.EXE



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce



*No values found*



--------------------------------------------------



Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run



*No values found*



--------------------------------------------------



Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce



*No values found*



--------------------------------------------------



Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx



*Registry key not found*



--------------------------------------------------



Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices



*No values found*



--------------------------------------------------



Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce



*No values found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run



[OptionalComponents]

*No values found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*



--------------------------------------------------



Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*



--------------------------------------------------



File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command



(Default) = "%1" %*



--------------------------------------------------



File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command



(Default) = "%1" %*



--------------------------------------------------



File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command



(Default) = "%1" %*



--------------------------------------------------



File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command



(Default) = "%1" %*



--------------------------------------------------



File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command



(Default) = "%1" /S



--------------------------------------------------



File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command



(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*



--------------------------------------------------



File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command



(Default) = C:\WINDOWS\NOTEPAD.EXE %1



--------------------------------------------------



Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)



[SetupcPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf



[AppletsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf



[FontsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf



[{5A8D6EE0-3E18-11D0-821E-444553540000}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36



[PerUser_ICW_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf



[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}



[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP



[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36



[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf



[PerUser_Msinfo] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf



[PerUser_Msinfo2] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf



[MotownMmsysPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf



[MotownAvivideoPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf



[MotownMPlayPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf



[PerUser_Base] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf



[ShellPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf



[Shell2PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf



[PerUser_winbase_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf



[PerUser_winapps_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf



[PerUser_LinkBar_URLs] *

StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L



[TapiPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf



[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1



[PerUserOldLinks] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf



[MmoptRegisterPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf



[OlsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf



[PerUser_Paint_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf



[PerUser_Calc_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf



[PerUser_dxxspace_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf



[PerUser_MSBackup_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 C:\WINDOWS\INF\applets1.inf



[PerUser_CVT_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf



[PerUser_Enable_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf



[MotownRecPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf



[PerUser_Vol] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf



[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf



[PerUser_RNA_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf



[PerUser_DCC_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf



[PerUser_Wingames_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_Sysmon_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_Sysmeter_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_netwatch_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_CharMap_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_Onlinelnks_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_Dialer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf



[PerUser_ClipBrd_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf



[MmoptMusicaPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf



[MmoptJunglePerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf



[MmoptRobotzPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf



[MmoptUtopiaPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf



[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf



[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95



[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}



[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}



[OlsCompuservePerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf



[OlsTelefonicaIPPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsTelefonicaIPPerUser 64 C:\WINDOWS\INF\ols.inf



[Shell3PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf



[Theme_Windows_PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf



[Theme_MoreWindows_PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf



[NetservrPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 C:\WINDOWS\INF\netservr.inf



[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUserIE



[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub



[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl



[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub



[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP



--------------------------------------------------



Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps



*Registry key not found*



--------------------------------------------------



Load/Run keys from C:\WINDOWS\WIN.INI:



load==ptsnoop.exe

run==C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched



--------------------------------------------------



Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:



Shell=Explorer.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv



--------------------------------------------------



Checking for EXPLORER.EXE instances:



C:\WINDOWS\Explorer.exe: PRESENT!



C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present



--------------------------------------------------



C:\WINDOWS\WININIT.INI listing:



*File not found*



--------------------------------------------------



C:\WINDOWS\WININIT.BAK listing:

(Created 22/2/2005, 15:55:12)



[rename]

NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp



--------------------------------------------------



C:\AUTOEXEC.BAT listing:



C:\ARCHIV~1\GRISOFT\AVGFRE~1\BOOTUP.EXE

ECHO OFF

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM;C:\;C:\DOS;C:\NC

SET DIRCMD=/O:N

SET FOXPROCFG=c:\fp26cfg\config.fp

SET LVDISCO=f:\

REM LH C:\WINDOWS\COMMAND\DOSKEY.COM

REM LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:mscd001

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)

mode con codepage select=850

keyb sp,,C:\WINDOWS\COMMAND\keyboard.sys

DEL c:\fp26cfg\*.tmp

SUBST x: c:\!soft\office2k



--------------------------------------------------



C:\CONFIG.SYS listing:



device=C:\WINDOWS\himem.sys

files=75

dos=high,umb

device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)

Country=054,850,C:\WINDOWS\COMMAND\country.sys



--------------------------------------------------



C:\WINDOWS\WINSTART.BAT listing:



*File not found*



--------------------------------------------------



C:\WINDOWS\DOSSTART.BAT listing:



*File not found*



--------------------------------------------------



Checking for superhidden extensions:



.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden



--------------------------------------------------



Verifying REGEDIT.EXE integrity:



- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.



Registry check failed!



--------------------------------------------------



Enumerating Browser Helper Objects:



(no name) - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

SpywareGuard Download Protection - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

(no name) - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}



--------------------------------------------------



Enumerating Task Scheduler jobs:



*No jobs found*



--------------------------------------------------



Enumerating Download Program Files:



[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd



[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd



[Internet Explorer Classes for Java]

CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab

OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd



[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



[Update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38102.6078125



[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB



[Java Plug-in 1.3.1_15]

InProcServer32 = C:\Archivos de programa\JavaSoft\JRE\1.3.1_15\bin\npjava131_15.dll

CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab



[Java Plug-in 1.3.1_15]

InProcServer32 = C:\Archivos de programa\JavaSoft\JRE\1.3.1_15\bin\npjava131_15.dll

CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab



[Symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL

CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab



[Symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL

CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab



[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab



[CRAVOnline Object]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RAVONLINE.DLL

CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab



[WScanCtl Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBSCAN.DLL

CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab



[AvxScanOnline Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX

CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab



--------------------------------------------------



Enumerating Winsock LSP files:



NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll

Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll

Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll



--------------------------------------------------



Enumerating Win9x VxD services:



VNETSUP: vnetsup.vxd

NDIS: ndis.vxd,ndis2sup.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

COMBUFF: *COMBUFF

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *mtrr

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VRTWD: C:\WINDOWS\SYSTEM\vrtwd.386

VFIXD: C:\WINDOWS\SYSTEM\vfixd.vxd

VNETBIOS: vnetbios.vxd

NDISWAN: ndiswan.vxd

VREDIR: vredir.vxd

DFS: dfs.vxd

VSERVER: vserver.vxd

Teefer: C:\WINDOWS\SYSTEM\Teefer.vxd



--------------------------------------------------



Enumerating ShellServiceObjectDelayLoad items:



WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL



--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run



*Registry key not found*



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run



*Registry key not found*



--------------------------------------------------



End of report, 25.800 bytes

Report generated in 0,895 seconds



Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[caito]

Yo veo tu log limpio :shock:

Salu2

Caito

[maura63]

Yo tambien lo veo limpio :shock:



Saludos

maura63

[maura63]

Ojo¡¡¡¡¡¡



Verifying REGEDIT.EXE integrity:



- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.



Registry check failed!





Fallo en el chequeo del registro.



Saludos

maura63

[msc hotline sat]

Sabed que en la version que estamos haciendo del ELISTARA, y que posiblemente postearé hoy, se incluirá el control y eliminacion del Starâge que genera el SE. en cuestion



Además añadiremos en ella la utilidad, ELIADCLA.EXE y la eliminacion del TOOLBAR AZESEARCH



Será la version 5-0 del ELISTARA.EXE



saludos



ms, 23-02-2005

[wau]

voy a ESTAR ESPERANDO CON MUCHAS GANAS ESTA NUEVA VERSION...



en una respuesta anterior me dijeron que el scaneo del registro no habia podido hacerse... que hago para saber si esta OK??



y alguin sabe porque es que despues de un tiempo este archivo se.dll vuelve a aparecer??? asi de la nada??

nooo ya, en este mismo intsante se me acaba de aparecer de nuevo!!! noooo!!! esta vez el archivo es c:\windows\system\IFFOIA.DLL me lo está mostrando el spywareguard... me tiene repodrido esto...

que pasa si elimino los archivos dll de esa carpeta?? se los puedo mostrar para que alguno me diga cual saco???

[wau]

le pasé la nueva del elistara , en realida habia pasado la version 4.9 y me elimino algo. despues le pasé la 5 y no encuentra nada... los demas programas tampo encuentran nada... pero se ve que algo sigue porque el spywareblaster sigue sin poder andar...



mi,log....

Logfile of HijackThis v1.99.0

Scan saved at 12:51:49 p.m., on 24/02/2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGEMC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGMAIN.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.123.1:21;gopher=192.168.123.1:119;http=192.168.123.1:6588;https=192.168.123.1:6588;socks=192.168.123.1:119

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [SiS Tray] C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\SYGATE\SPF\SMC.EXE -startgui

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [SmcService] C:\ARCHIVOS DE PROGRAMA\SYGATE\SPF\SMC.EXE

O4 - HKLM\..\RunOnce: [MRUBlaster] C:\ARCHIVOS DE PROGRAMA\MRU-BLASTER\indexcleaner.exe -CC

O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Archivos de programa\MRU-Blaster\mrublaster.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1



y el startup



StartupList report, 24/02/2005, 12:52:06 p.m.

StartupList version: 1.52.2

Started from : C:\HIJACKTHIS\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================



Running processes:



C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGEMC.EXE

C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGMAIN.EXE

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

C:\WINDOWS\NOTEPAD.EXE



--------------------------------------------------



Listing of startup folders:



Shell folders Startup:

[C:\WINDOWS\Menú Inicio\Programas\Inicio]

Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe

MRU-Blaster Silent Clean.lnk = C:\Archivos de programa\MRU-Blaster\mrublaster.exe



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run



CountrySelection = pctptt.exe

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

LoadQM = loadqm.exe

SiS Tray = C:\ARCHIVOS DE PROGRAMA\SIS630_V1.03.51\UTILITY\SISTRAY.EXE

TaskMonitor = C:\WINDOWS\taskmon.exe

AVG7_CC = C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

AVG7_EMC = C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

AVG7_AMSVR = C:\ARCHIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

SmcService = C:\ARCHIV~1\SYGATE\SPF\SMC.EXE -startgui



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce



MRUBlaster = C:\ARCHIVOS DE PROGRAMA\MRU-BLASTER\indexcleaner.exe -CC



--------------------------------------------------



Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices



LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

SmcService = C:\ARCHIVOS DE PROGRAMA\SYGATE\SPF\SMC.EXE



--------------------------------------------------



File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command



(Default) = C:\WINDOWS\NOTEPAD.EXE %1



--------------------------------------------------



Load/Run keys from C:\WINDOWS\WIN.INI:



load==ptsnoop.exe

run==C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched



--------------------------------------------------



Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:



Shell=Explorer.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv



--------------------------------------------------



C:\AUTOEXEC.BAT listing:



C:\ARCHIV~1\GRISOFT\AVGFRE~1\BOOTUP.EXE

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\SYSTEM;C:\;C:\DOS;C:\NC

SET DIRCMD=/O:N

SET FOXPROCFG=c:\fp26cfg\config.fp

SET LVDISCO=f:\

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)

mode con codepage select=850

keyb sp,,C:\WINDOWS\COMMAND\keyboard.sys

DEL c:\fp26cfg\*.tmp

SUBST x: c:\!soft\office2k



--------------------------------------------------





Enumerating Browser Helper Objects:



(no name) - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

SpywareGuard Download Protection - C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\DLPROTECT.DLL - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

(no name) - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}



--------------------------------------------------



Enumerating Download Program Files:



[Shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



[Update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38102.6078125



[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB



[Symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL

CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab



[Symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL

CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab



[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab



[CRAVOnline Object]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RAVONLINE.DLL

CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab



[WScanCtl Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBSCAN.DLL

CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab



[AvxScanOnline Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX

CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab



--------------------------------------------------



Enumerating ShellServiceObjectDelayLoad items:



WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL



--------------------------------------------------

End of report, 6.351 bytes

Report generated in 0,183 seconds



Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only



saludos

[maura63]

Pues tu log sigue limpio. Se muestras archivos y carpetas ocultos del sistema :?:



Prueba de eliminar estas



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank



Saludos

maura63