alguien me puede echar una mano???

euroraul · Mensaje por **euroraul** » 09 Oct 2004, 04:48

Hola. Me acaban de dar el ordenador nuevo y estoy a punto de tirarlo por el balcón. A ver si alguien me puede echar una manita por favor, que llevo mas de 3 horas leyendo post y probando cosas y no hay manera... Me explico:

Tengo el panda antivirus actualizado, pero al abrir el ie me redirecciona a una pagina con muchos simbolos raros y si escribo alguna direccion no me abre ninguna. he probado analizar el sistema con el ad-aware, el spybot, el panda... lo menos 4 o 5 diferentes y todos me encuentran spywares pero aunque los elimino e inmunizo el sistema me vuelven a aparecer si lo escaneo de nuevo y no se soluciona el problema. he probado arrancar el ordenador en modo seguro y analizar,eliminar e inmunizar y aun asi sigo sin solucionarlo. Al analizarlo con el hjackthis aparaecen unos ficheros que tienen el mismo nombre de la pagina a la que se me redirecciona el ie, los elimino pero vuelven a aprecer... no se si me explico bien...

el caso es que no puedo acceder a ninguna pagina en el ie (excepto si entro desde el correo del msn que entonces si que me deja), y ya no se que mas probar. si alguien me puede ayudar me hase un favor grandisimo.

gracias y un saludo

esta es la pagina a la que me redirecciona ( no se si vale para algo)

http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2e%65%2d%66%69%6e%64%65%72%2e%63%63/%68%70/

el antivirus symantec online me detecta estos 4 virus, pero la verdad es que estoy muy verde de to esto

C:\WINDOWS\dpe.dll is infected with Trojan.StartPage

C:\Archivos de programa\GIANT Company Software\GIANT AntiSpyware\Quarantine\AFE5402D-14E9-40FF-8556-70AD14\FB196947-4729-4BFF-ACAB-78E6D3 is infected with Trojan.StartPage

C:\Archivos de programa\GIANT Company Software\GIANT AntiSpyware\Quarantine\6DFFFA63-CBDA-4D19-B154-D2B838\23A63BC9-5DB0-4CC7-8A32-B1D052 is infected with Trojan.StartPage

C:\Archivos de programa\GIANT Company Software\GIANT AntiSpyware\Quarantine\62BA1DE5-39D4-4546-B07C-797AB5\DCB9E800-5C50-4B97-98B4-541C6F is infected with Trojan.StartPage

y el ad-aware me pone esto en el scan log

Ad-Aware SE Build 1.05

Logfile Created on:sábado, 09 de octubre de 2004 4:37:31

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch(TAC index:10):12 total references

MRU List(TAC index:0):9 total references

Other(TAC index:5):18 total references

Tracking Cookie(TAC index:3):2 total references

Windows(TAC index:3):2 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

09-10-2004 4:37:31 - Scan started. (Full System Scan)

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 608

ThreadCreationTime : 09-10-2004 1:35:22

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 656

ThreadCreationTime : 09-10-2004 1:35:23

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 680

ThreadCreationTime : 09-10-2004 1:35:25

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 724

ThreadCreationTime : 09-10-2004 1:35:25

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicación de servicios y controlador

InternalName : services.exe

LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 736

ThreadCreationTime : 09-10-2004 1:35:25

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 916

ThreadCreationTime : 09-10-2004 1:35:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 960

ThreadCreationTime : 09-10-2004 1:35:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1104

ThreadCreationTime : 09-10-2004 1:35:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1244

ThreadCreationTime : 09-10-2004 1:35:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1316

ThreadCreationTime : 09-10-2004 1:35:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:11 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1532

ThreadCreationTime : 09-10-2004 1:35:27

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

#:12 [pavfires.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\

ProcessID : 1700

ThreadCreationTime : 09-10-2004 1:35:27

BasePriority : Normal

FileVersion : 1, 3, 1, 9

ProductVersion : 7, 6, 0, 0

ProductName : Platinum 7 Pavfires

CompanyName : Panda Software

FileDescription : Personal Firewall Service

InternalName : Pavfires

LegalCopyright : Panda Software Copyright © 2003

OriginalFilename : Pavfires.exe

#:13 [pavsrv51.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 1736

ThreadCreationTime : 09-10-2004 1:35:27

BasePriority : High

FileVersion : 6, 3, 0, 530

ProductVersion : 6.3

ProductName : Panda Antivirus

CompanyName : Panda Software

FileDescription : Panda Antivirus Service for Windows NT/2000

InternalName : pavsrv

LegalCopyright : Copyright © Panda Software 2003

OriginalFilename : pavsrv.exe

#:14 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 260

ThreadCreationTime : 09-10-2004 1:35:28

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:15 [avengine.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 408

ThreadCreationTime : 09-10-2004 1:35:28

BasePriority : Normal

FileVersion : 6, 3, 0, 492

ProductVersion : 6.3

ProductName : Panda Antivirus Windows NT/2000

CompanyName : Panda Software

FileDescription : Proceso análisis independiente

InternalName : avengine

LegalCopyright : Copyright © Panda Software 1990-2002

OriginalFilename : avengine.exe

#:16 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1588

ThreadCreationTime : 09-10-2004 1:35:32

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador de Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : EXPLORER.EXE

#:17 [apvxdwin.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 1952

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

FileVersion : 2, 14, 2, 0

ProductVersion : 7.00

ProductName : Panda Antivirus Platinum

CompanyName : Panda Software International

FileDescription : Platinum permanent protection

InternalName : Apvxdwin.exe

LegalCopyright : Panda Software. 2003 All rights reserved

#:18 [smtray.exe]

FilePath : C:\Archivos de programa\Analog Devices\SoundMAX\

ProcessID : 1960

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

FileVersion : 3, 2, 12, 0

ProductVersion : 3, 2, 12, 0

ProductName : SoundMAX Integrated Digital Audio

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX System Tray

InternalName : SMTray

LegalCopyright : Copyright © 2001 Analog Devices

OriginalFilename : SMTray.exe

#:19 [hpgs2wnd.exe]

FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\

ProcessID : 1000

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : Hewlett-Packard hpgs2wnd

CompanyName : Hewlett-Packard

FileDescription : hpgs2wnd

InternalName : hpgs2wnd

LegalCopyright : Copyright © 2001

OriginalFilename : hpgs2wnd.exe

#:20 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1032

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

#:21 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1296

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

#:22 [msnmsgr.exe]

FilePath : C:\Archivos de programa\MSN Messenger\

ProcessID : 1340

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

FileVersion : 6.2.0137

ProductVersion : Version 6.2

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

#:23 [msmsgsvc.exe]

FilePath : C:\WINDOWS\System\

ProcessID : 1360

ThreadCreationTime : 09-10-2004 1:35:34

BasePriority : Normal

#:24 [hpgs2wnf.exe]

FilePath : C:\ARCHIV~1\HEWLET~1\HPSHAR~1\

ProcessID : 1780

ThreadCreationTime : 09-10-2004 1:35:35

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : hpgs2wnf Module

FileDescription : hpgs2wnf Module

InternalName : hpgs2wnf

LegalCopyright : Copyright 2001

OriginalFilename : hpgs2wnf.EXE

#:25 [pavproxy.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 2464

ThreadCreationTime : 09-10-2004 1:35:45

BasePriority : Normal

FileVersion : 3, 6, 10, 24

ProductVersion : 3, 6, 10, 24

ProductName : Mail Resident

CompanyName : Panda Software

FileDescription : PavProxy

InternalName : PavProxy

LegalCopyright : Copyright © 2002

OriginalFilename : PavProxy.exe

#:26 [iexplore.exe]

FilePath : C:\Archivos de programa\Internet Explorer\

ProcessID : 2820

ThreadCreationTime : 09-10-2004 1:46:50

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : IEXPLORE.EXE

#:27 [ad-aware.exe]

FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3692

ThreadCreationTime : 09-10-2004 2:37:18

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 9

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{bd0022a3-a43f-4f44-b64f-53ea7575f097}

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{834261e1-dd97-4177-853b-c907e5d5bd6e}

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{834261e1-dd97-4177-853b-c907e5d5bd6e}

Value :

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek.1

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek.1

Value :

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek

Value :

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{834261e1-dd97-4177-853b-c907e5d5bd6e}

Windows Object Recognized!

Type : RegData

Data : http://%65%68%74%74%70%2e%63%63/?

Category : Vulnerability

Comment : URL Prefix Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\url\defaultprefix

Value :

Data : http://%65%68%74%74%70%2e%63%63/?

Windows Object Recognized!

Type : RegData

Data : http://%65%68%74%74%70%2e%63%63/?

Category : Vulnerability

Comment : URL Prefix Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\url\prefixes

Value : www

Data : http://%65%68%74%74%70%2e%63%63/?

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 10

Objects found so far: 19

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bare-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Default_Search_URL

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistante-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : CustomizeSearch

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\Searche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchURLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\SearchURL

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefixehttp.cc

Other Object Recognized!

Type : RegData

Data : "http://%65%68%74%74%70%2E%63%63/?"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

Value :

Data : "http://%65%68%74%74%70%2E%63%63/?"

Possible Browser Hijack attempt : SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixeswwwehttp.cc

Other Object Recognized!

Type : RegData

Data : "http://%65%68%74%74%70%2E%63%63/?"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes

Value : www

Data : "http://%65%68%74%74%70%2E%63%63/?"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainStart Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Bare-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainDefault_Search_URLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Default_Search_URL

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchSearchAssistante-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchCustomizeSearche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Search

Value : CustomizeSearch

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Searche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Search

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchURLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 18

Objects found so far: 37

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : jesus roman@mercury.bravenet[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:jesus roman@mercury.bravenet.com/

Expires : 09-10-2004 8:06:40

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : jesus roman@tribalfusion[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:jesus roman@tribalfusion.com/

Expires : 01-01-2038 2:00:00

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 39

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 39

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 39

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

Value :

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Search Bar

CoolWebSearch Object Recognized!

Type : File

Data : hosts

Category : Malware

Comment :

Object : C:\WINDOWS\

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 4

Objects found so far: 43

4:43:53 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:06:21.797

Objects scanned:72732

Objects identified:34

Objects ignored:0

New critical objects:34

Pues nada, eso es todo. un saludo.

caito · Mensaje por **caito** » 09 Oct 2004, 05:07

Antes que nada si tienes XP o Millenium debes deshabilitar Restaurar Sistema :

http://www.arwinianos.net/foro/index.php/topic,39.0

Ahora lanza un antivirus on line , hazlo en Modo Seguro y si tienes ADSL elige "con funciones de red" y en Xp o ME deshabilita Restaurar sistema :

https://www.virustotal.com/es/

Baja,actualiza y ejecuta :

http://www.zonavirus.com/descargas/spybot-sd.asp

Haz que solucione todo lo que te encuentre.

Borra Archivos temporales de Internet,cookies,historial y contenido de carpeta Temp,vacía la Papelera de Reciclaje.

Arranca en modo Normal, habilita Restaurar sistema.

Baja,actualiza y ejecuta:

http://www.javacoolsoftware.com/spywareblaster.html

Cuenta cómo te fue.

Salu2

Caito

caito · Mensaje por **caito** » 09 Oct 2004, 05:09

Antes que nada si tienes XP o Millenium debes deshabilitar Restaurar Sistema :

http://www.arwinianos.net/foro/index.php/topic,39.0

Ahora lanza un antivirus on line , hazlo en Modo Seguro y si tienes ADSL elige "con funciones de red" y en Xp o ME deshabilita Restaurar sistema :

https://www.virustotal.com/es/

Baja,actualiza y ejecuta :

http://www.zonavirus.com/descargas/spybot-sd.asp

Haz que solucione todo lo que te encuentre.

Borra Archivos temporales de Internet,cookies,historial y contenido de carpeta Temp,vacía la Papelera de Reciclaje.

Arranca en modo Normal, habilita Restaurar sistema.

Baja,actualiza y ejecuta:

http://www.javacoolsoftware.com/spywareblaster.html

Cuenta cómo te fue.

Salu2

Caito

euroraul · Mensaje por **euroraul** » 09 Oct 2004, 16:18

He hecho todo lo que ponias Caito y aun asi me sigue secuestrando la pagina a la que ponia antes. Al intentar escribir una nueva direccion, me sale siempre algo del tipo: http://ehttp.cc/?www.google.es y no encuentra nunca la direccion.

Al pasarle el ad-aware sale lo siguiente:

Ad-Aware SE Build 1.05

Logfile Created on:sábado, 09 de octubre de 2004 16:14:42

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch(TAC index:10):12 total references

MRU List(TAC index:0):19 total references

Other(TAC index:5):18 total references

Tracking Cookie(TAC index:3):2 total references

Windows(TAC index:3):3 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

09-10-2004 16:14:42 - Scan started. (Full System Scan)

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

MRU List Object Recognized!

Location: : S-1-5-21-436374069-1336601894-682003330-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 452

ThreadCreationTime : 09-10-2004 14:04:34

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 500

ThreadCreationTime : 09-10-2004 14:04:34

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 680

ThreadCreationTime : 09-10-2004 14:04:37

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 724

ThreadCreationTime : 09-10-2004 14:04:37

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Aplicación de servicios y controlador

InternalName : services.exe

LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 736

ThreadCreationTime : 09-10-2004 14:04:37

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 904

ThreadCreationTime : 09-10-2004 14:04:37

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 960

ThreadCreationTime : 09-10-2004 14:04:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1104

ThreadCreationTime : 09-10-2004 14:04:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1196

ThreadCreationTime : 09-10-2004 14:04:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1316

ThreadCreationTime : 09-10-2004 14:04:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:11 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1536

ThreadCreationTime : 09-10-2004 14:04:38

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

#:12 [pavfires.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\

ProcessID : 1704

ThreadCreationTime : 09-10-2004 14:04:39

BasePriority : Normal

FileVersion : 1, 3, 1, 9

ProductVersion : 7, 6, 0, 0

ProductName : Platinum 7 Pavfires

CompanyName : Panda Software

FileDescription : Personal Firewall Service

InternalName : Pavfires

LegalCopyright : Panda Software Copyright © 2003

OriginalFilename : Pavfires.exe

#:13 [pavsrv51.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 1808

ThreadCreationTime : 09-10-2004 14:04:39

BasePriority : High

FileVersion : 6, 3, 0, 530

ProductVersion : 6.3

ProductName : Panda Antivirus

CompanyName : Panda Software

FileDescription : Panda Antivirus Service for Windows NT/2000

InternalName : pavsrv

LegalCopyright : Copyright © Panda Software 2003

OriginalFilename : pavsrv.exe

#:14 [smagent.exe]

FilePath : C:\Archivos de programa\Analog Devices\SoundMAX\

ProcessID : 1948

ThreadCreationTime : 09-10-2004 14:04:39

BasePriority : Normal

FileVersion : 3, 2, 6, 0

ProductVersion : 3, 2, 6, 0

ProductName : SoundMAX service agent

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX service agent component

InternalName : SMAgent

LegalCopyright : Copyright © 2002

OriginalFilename : SMAgent.exe

#:15 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2008

ThreadCreationTime : 09-10-2004 14:04:39

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:16 [avengine.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 444

ThreadCreationTime : 09-10-2004 14:04:40

BasePriority : Normal

FileVersion : 6, 3, 0, 492

ProductVersion : 6.3

ProductName : Panda Antivirus Windows NT/2000

CompanyName : Panda Software

FileDescription : Proceso análisis independiente

InternalName : avengine

LegalCopyright : Copyright © Panda Software 1990-2002

OriginalFilename : avengine.exe

#:17 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1508

ThreadCreationTime : 09-10-2004 14:04:44

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Explorador de Windows

InternalName : explorer

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : EXPLORER.EXE

#:18 [apvxdwin.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 184

ThreadCreationTime : 09-10-2004 14:04:45

BasePriority : Normal

FileVersion : 2, 14, 2, 0

ProductVersion : 7.00

ProductName : Panda Antivirus Platinum

CompanyName : Panda Software International

FileDescription : Platinum permanent protection

InternalName : Apvxdwin.exe

LegalCopyright : Panda Software. 2003 All rights reserved

#:19 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 260

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

#:20 [rpc.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 628

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

#:21 [smtray.exe]

FilePath : C:\Archivos de programa\Analog Devices\SoundMAX\

ProcessID : 504

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

FileVersion : 3, 2, 12, 0

ProductVersion : 3, 2, 12, 0

ProductName : SoundMAX Integrated Digital Audio

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX System Tray

InternalName : SMTray

LegalCopyright : Copyright © 2001 Analog Devices

OriginalFilename : SMTray.exe

#:22 [asusprob.exe]

FilePath : C:\Program Files\ASUS\Probe\

ProcessID : 852

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

#:23 [hpgs2wnd.exe]

FilePath : C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\

ProcessID : 1008

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : Hewlett-Packard hpgs2wnd

CompanyName : Hewlett-Packard

FileDescription : hpgs2wnd

InternalName : hpgs2wnd

LegalCopyright : Copyright © 2001

OriginalFilename : hpgs2wnd.exe

#:24 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1096

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

#:25 [msnmsgr.exe]

FilePath : C:\Archivos de programa\MSN Messenger\

ProcessID : 1232

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

FileVersion : 6.2.0137

ProductVersion : Version 6.2

ProductName : MSN Messenger

CompanyName : Microsoft Corporation

FileDescription : MSN Messenger

InternalName : msnmsgr

LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004

LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msnmsgr.exe

#:26 [msmsgsvc.exe]

FilePath : C:\WINDOWS\System\

ProcessID : 1312

ThreadCreationTime : 09-10-2004 14:04:46

BasePriority : Normal

#:27 [hpgs2wnf.exe]

FilePath : C:\ARCHIV~1\HEWLET~1\HPSHAR~1\

ProcessID : 2004

ThreadCreationTime : 09-10-2004 14:04:47

BasePriority : Normal

FileVersion : 2,4,0,26

ProductVersion : 2,4,0,26

ProductName : hpgs2wnf Module

FileDescription : hpgs2wnf Module

InternalName : hpgs2wnf

LegalCopyright : Copyright 2001

OriginalFilename : hpgs2wnf.EXE

#:28 [pavproxy.exe]

FilePath : C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\

ProcessID : 2484

ThreadCreationTime : 09-10-2004 14:04:55

BasePriority : Normal

FileVersion : 3, 6, 10, 24

ProductVersion : 3, 6, 10, 24

ProductName : Mail Resident

CompanyName : Panda Software

FileDescription : PavProxy

InternalName : PavProxy

LegalCopyright : Copyright © 2002

OriginalFilename : PavProxy.exe

#:29 [iexplore.exe]

FilePath : C:\Archivos de programa\Internet Explorer\

ProcessID : 2536

ThreadCreationTime : 09-10-2004 14:04:59

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : IEXPLORE.EXE

#:30 [iexplore.exe]

FilePath : C:\Archivos de programa\Internet Explorer\

ProcessID : 1164

ThreadCreationTime : 09-10-2004 14:09:30

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.

OriginalFilename : IEXPLORE.EXE

#:31 [ad-aware.exe]

FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3592

ThreadCreationTime : 09-10-2004 14:14:28

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 19

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{bd0022a3-a43f-4f44-b64f-53ea7575f097}

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{834261e1-dd97-4177-853b-c907e5d5bd6e}

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{834261e1-dd97-4177-853b-c907e5d5bd6e}

Value :

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek.1

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek.1

Value :

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : analyzeie.dompeek

Value :

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{834261e1-dd97-4177-853b-c907e5d5bd6e}

Windows Object Recognized!

Type : RegData

Data :

Category : Vulnerability

Comment : Manual changing of browser start-page restricted

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\software\policies\microsoft\internet explorer\control panel

Value : Homepage

Data :

Windows Object Recognized!

Type : RegData

Data : http://%65%68%74%74%70%2e%63%63/?

Category : Vulnerability

Comment : URL Prefix Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\url\defaultprefix

Value :

Data : http://%65%68%74%74%70%2e%63%63/?

Windows Object Recognized!

Type : RegData

Data : http://%65%68%74%74%70%2e%63%63/?

Category : Vulnerability

Comment : URL Prefix Possibly Compromised

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\url\prefixes

Value : www

Data : http://%65%68%74%74%70%2e%63%63/?

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 11

Objects found so far: 30

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bare-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Default_Search_URL

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistante-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : CustomizeSearch

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\Searche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchURLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\SearchURL

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefixehttp.cc

Other Object Recognized!

Type : RegData

Data : "http://%65%68%74%74%70%2E%63%63/?"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

Value :

Data : "http://%65%68%74%74%70%2E%63%63/?"

Possible Browser Hijack attempt : SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixeswwwehttp.cc

Other Object Recognized!

Type : RegData

Data : "http://%65%68%74%74%70%2E%63%63/?"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes

Value : www

Data : "http://%65%68%74%74%70%2E%63%63/?"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainStart Pagee-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%68%70/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainSearch Bare-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\MainDefault_Search_URLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main

Value : Default_Search_URL

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchSearchAssistante-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchCustomizeSearche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Search

Value : CustomizeSearch

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Searche-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Search

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Possible Browser Hijack attempt : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchURLe-finder.cc

Other Object Recognized!

Type : RegData

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Category : Vulnerability

Comment : Possible Browser Hijack attempt

Rootkey : HKEY_USERS

Object : S-1-5-21-436374069-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL

Value :

Data : "http://%68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2E%65%2D%66%69%6E%64%65%72%2E%63%63/%73%65%61%72%63%68/"

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 18

Objects found so far: 48

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : jesus roman@mercury.bravenet[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:jesus roman@mercury.bravenet.com/

Expires : 09-10-2004 8:06:40

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : jesus roman@tribalfusion[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:jesus roman@tribalfusion.com/

Expires : 01-01-2038 2:00:00

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 50

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 50

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 50

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}

Value :

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Search Bar

CoolWebSearch Object Recognized!

Type : File

Data : hosts

Category : Malware

Comment :

Object : C:\WINDOWS\

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 4

Objects found so far: 54

16:18:06 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:03:24.172

Objects scanned:69334

Objects identified:35

Objects ignored:0

New critical objects:35

De todas formas muchas gracias Caito. UN saludo.

caito · Mensaje por **caito** » 09 Oct 2004, 18:54

Baja este programa :

http://www.zonavirus.com/descargas/hijackthis.zip

Lo ejecutas y pulsa Scan, luego el log que te arroje lo copias y pegas como respuesta a este tema ( hazlo en modo normal y con todo cerrado ).

Salu2

euroraul · Mensaje por **euroraul** » 09 Oct 2004, 21:02

esto es lo q me sale con el hjackthis:

Logfile of HijackThis v1.98.2

Scan saved at 20:59:39, on 09/10/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\WINDOWS\system32\rpc.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System\MSMSGSVC.exe

C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\DOCUME~1\JESUSR~1\CONFIG~1\Temp\$wc\HIJACK~1.EXE

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O4 - HKLM\..\Run: [Remote Procedure Call For Windows 32bit.] rpc.exe

O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\RunServices: [Remote Procedure Call For Windows 32bit.] rpc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe

O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

un saludo

caito · Mensaje por **caito** » 10 Oct 2004, 01:43

Primero elimina el Hijack This, bájalo otra vez pero guárdalo en una carpeta , por ej. C>Limpiar>Hijack.

Arranca en Modo Seguro , ejecuta el Hijack y dale a Fix a estas :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com %00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com %00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O4 - HKLM\..\Run: [Remote Procedure Call For Windows 32bit.] rpc.exe

O4 - HKLM\..\RunServices: [Remote Procedure Call For Windows 32bit.] rpc.exe

O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe –FastScan

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present>Sólo si las restricciones no las has puesto tu

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

Luego arranca en Modo Seguro y elimina estas si aún existen :

C:\WINDOWS\dpe.dll

C:\WINDOWS\System32\rpc.exe

Reinicia y baja este programa :

BUSCAREG.EXE: BUSCA UNA CADENA EN EL REGISTRO Y PINCHANDO ENCIMA DE LAS ENCONTRADAS PERMITE BORRARLAS MUY FACILMENTE. ADEMAS CREA FICHERO EXPORTACION DEL REGISTRO POR SI SE NECESITA VOLVER ATRAS:

Pon esta entrada para que la busque y la elimine :

C:\WINDOWS\dpe.dll

http://www.zonavirus.com/descargas/buscareg.asp

Borra Archivos Temporales de Internet,cookies,historial,contenido de carpeta Temp y vacía la Papelera.

Arranca normal y cuenta cómo te fue ( si no se arregló envía un nuevo log ).

Salu2

Caito

euroraul · Mensaje por **euroraul** » 10 Oct 2004, 18:49

He hecho todo lo que dijistes caito, pero cuando busco en el buscareg la cadena c:\windows\dpe.dll no me encuentra nada, y esto sigue con la pagoina secuestrada y no me deja abrir ninguna direccion en el ie.

tengo puesto la google toolbar y si busco algo en ella si que me permite entrar en la pagina que sea.

ufff tengo un lio ya con esto!!! el ad-aware y el spybot me siguen dando la misma lectura de que encuentran los mismos spywares del principio.

Muchas gracias y un saludo

caito · Mensaje por **caito** » 10 Oct 2004, 18:57

Puede haber algún archivo que no se muestre por ser oculto o de sistema, mira esto :

http://www.arwinianos.net/foro/index.php/topic,39.0

Luego de hacer que se vean todos los archivos corre en modo normal el Hijack y veremos.

Salu2

Caito

Pd : dices que el AdAware y el Spy siguen encontrando los mismos spiwares que al comienzo, es que no te arreglan nada ?

Los corres en Modo Seguro y deshabilitando Restaurar sistema ?

Le pones que solucione todos los elementos "malos" ?

euroraul · Mensaje por **euroraul** » 10 Oct 2004, 23:44

Tampoco asi me sale ninguna cadena con el buscareg. Si, los analizo en modo seguro y ya he deshabilitado restaurar sistema. El adware y el spybot me detectan los spywares y los eliminan, pero al reañlizar una nueva busqueda siguen estando alli. con el hijacks pasa lo mismo, le doy a fix todos los elementos malos y se eliminan, aunque al volver a analizarlos siguen estando alli.

Un saludo

euroraul · Mensaje por **euroraul** » 10 Oct 2004, 23:48

ahh perdona, esto es lo que me sale cuando en el hijack despues de haber puesto que se mmuestren los elementos ocultos

Logfile of HijackThis v1.98.2

Scan saved at 23:47:30, on 10/10/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

C:\Archivos de programa\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System\MSMSGSVC.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\wincmd\WINCMD32.EXE

C:\limpiar\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar.dll

O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [StorageGuard] "C:\Archivos de programa\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Archivos de programa\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Archivos de programa\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Archivos de programa\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Archivos de programa\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Archivos de programa\Google\googletoolbar.dll/cmtrans.html

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

un saludo

caito · Mensaje por **caito** » 11 Oct 2004, 02:11

Reinicia en Modo seguro

Abre el Hijack (nada más )(¡)

Scan y luego Fix a estas :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com %00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com %00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com %00@www.e-finder.cc/search/ (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> SOLO si las restricciones no las has puesto a propósito

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) –

Cierra el HijackThis, elimina los archivos temporales y cookies( no solamente los archivos temporales de Internet sino también los de sistema), te puedes descargar el Disk Cleaner:

http://www.trucoswindows.net/detalles-110-...ner_151190.html

Lo instalas, lo corres, marcas las casillas System Tempory Files,Tempory Internet Files , Internet Cookies y las demás que quieras marcar después le das a Clean.

Elimina esta carpeta y todo su contenido

C:\WINDOWS\System32\P2P Networking\

Reinicia normalmente el sistema y postea otro log.

Salu2

Caito

euroraul · Mensaje por **euroraul** » 11 Oct 2004, 03:45

Caito he hecho todo tal y como me dijistes, pero el trasto este no me responde. al arrancar en modo normal y abrir el ie sigue secuestrandome la pagina a la misma q antes, y si trato de escribir una pagina web sale el mismo error. ahora el en el hitjack me aparece lo siguiente una vez arrancado en modo normal y despues de hacer todas tus indicaciones:

Logfile of HijackThis v1.98.2

Scan saved at 3:44:26, on 11/10/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Archivos de programa\VERITAS Software\Update Manager\sgtray.exe

C:\Archivos de programa\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System\MSMSGSVC.exe

C:\ARCHIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\limpiar\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll

O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [StorageGuard] "C:\Archivos de programa\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe

O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

De todas formas te agradezco mucho tu ayuda. un saludo.

caito · Mensaje por **caito** » 11 Oct 2004, 06:58

Creo que sé lo que pasa , es un error mío, no te advertí que debes deshabilitar Restaurar Sistema antes de realizar las modificaciones con el Hijack This y cuando eliminas cualquier archivo infectado !!!!!

Haz lo mismo que te puse arriba pero antes Deshabilita Restaurar sistema ,

luego lo puedes habilitar otra vez.

Salu2

Caito :(

euroraul · Mensaje por **euroraul** » 11 Oct 2004, 20:14

Caito ya puedo otra vez escribir direcciones y no me secuestra la pagina. Un millon de gracias!!!!! Eres un máquina killo!! Un saludo y gracias de nuevo!!

caito · Mensaje por **caito** » 11 Oct 2004, 21:55

Bueno por fin :D

Ya sabes dondo encontrarnos :lol:

Salu2

Caito

raziel_ce · Mensaje por **raziel_ce** » 14 Oct 2004, 21:28

hola me pasa lo mismo ya intente todo y vuelve coolwwwsearch borro dpe.dll y vuelve a salir en buscareg igual :?

en el hujackthis me sale esto :

Logfile of HijackThis v1.98.2

Scan saved at 01:23:47 p.m., on 14/10/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Navnt\navapsvc.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System\MSMSGSVC.exe

C:\Program Files\Navnt\navapw32.exe

C:\PROGRA~1\Navnt\npssvc.exe

C:\PROGRA~1\Navnt\alertsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Winamp\winamp.exe

C:\Documents and Settings\carlos\My Documents\Unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe

O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\Navnt\defalert.exe

O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

caito · Mensaje por **caito** » 14 Oct 2004, 22:52

Te respondo en :

https://foros.zonavirus.com/viewtopic.php?t=3337

Se recuerda que no se deben abrir más de un post :!:

Salu2

Caito

alguien me puede echar una mano???

alguien me puede echar una mano???

no hay forma

a ver si ahora...

nada

no hay manera