ventanas de publicidad

[guicho_rayado]

se abren ventanas de publicidad y me cambia la pagina de inicio pore esta http://www.findyourneed.com o algo asi



este el el log



ayudenme porfa





gracias



unning processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\COMPAQ\ACLIENT\ACLIENT.exe

C:\Windows\IA\command.exe

C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe

C:\Windows\Cpqdiag\Cpqdfwag.exe

C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe

C:\Windows\system32\crypserv.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Network Monitor\netmon.exe

C:\Windows\System32\NMSSvc.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Windows\system32\slserv.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe

C:\Windows\system32\MsgSys.EXE

C:\Windows\Explorer.EXE

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\kybrdff_e49.exe

C:\nwnmff_e49.exe

C:\dfndrff_e49.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1\ECURIT~1\logonui.exe

C:\Documents and Settings\Administrator\My Documents\F?nts\?canregw.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis 1.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.mx/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://mx.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://mx.search.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mx.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://mx.search.yahoo.com

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: T1msn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es-mx\msntb.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [72B6C0DF] C:\Windows\System32\yhoevpymcd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [cxi0683a] RUNDLL32.EXE w07cb76d.dll,n 006068340000000a07cb76d

O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e49.exe

O4 - HKLM\..\Run: [newname] C:\\nwnmff_e49.exe

O4 - HKLM\..\Run: [defender] C:\\dfndrff_e49.exe

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe

O4 - HKLM\..\RunServices: [D89FD0F4] C:\Windows\System32\yhoevpymcd.exe

O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Lerm] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ECURIT~1\logonui.exe" -vt tzt

O4 - HKCU\..\Run: [Deaipq] C:\Documents and Settings\Administrator\My Documents\F?nts\?canregw.exe

O4 - Startup: AUTOEXEC.BAT

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Yahoo! Servicios - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvcmx.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\Windows\IA\command.exe

O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe

O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe

O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe

O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe

O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

[msc hotline sat]

Log incompleto, Falta cabecera



En cualquier caso, antes lance estas utilidades para eliminar viejos conocidos:





ELITRIIP:

http://www.zonavirus.com/descargas/elitriip.asp



ELISTARA:

http://www.zonavirus.com/descargas/elistara.asp





Tras lanzarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso



Luego, ademas del infosat.txt, postee el log del HJT actualizado y completo, gracias



saludos





ms, 7-11-2006

[guicho_rayado]

el log actualizado:



Logfile of HijackThis v1.99.1

Scan saved at 10:21:48 a.m., on 07/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1\ECURIT~1\logonui.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Documents and Settings\Administrator\My Documents\F?nts\?canregw.exe

C:\COMPAQ\ACLIENT\ACLIENT.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Windows\IA\command.exe

C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe

C:\Windows\Cpqdiag\Cpqdfwag.exe

C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe

C:\Windows\system32\crypserv.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Network Monitor\netmon.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Windows\system32\slserv.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe

C:\Windows\system32\MsgSys.EXE

C:\Windows\system32\svchost.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis 1.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.mx/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://mx.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://mx.search.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mx.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://mx.search.yahoo.com

R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: T1msn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es-mx\msntb.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [72B6C0DF] C:\Windows\System32\yhoevpymcd.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O4 - HKLM\..\Run: [cxi0683a] RUNDLL32.EXE w07cb76d.dll,n 006068340000000a07cb76d

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe

O4 - HKLM\..\RunServices: [D89FD0F4] C:\Windows\System32\yhoevpymcd.exe

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Administrator\My Documents\programas\ELISTARA.161106.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Lerm] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ECURIT~1\logonui.exe" -vt tzt

O4 - HKCU\..\Run: [Deaipq] C:\Documents and Settings\Administrator\My Documents\F?nts\?canregw.exe

O4 - Startup: AUTOEXEC.BAT

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Yahoo! Servicios - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvcmx.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\Windows\IA\command.exe

O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe

O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe

O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe

O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe

O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe





y el fichero info.txt







Fri Oct 20 11:44:17 2006

EliStartPage v12.54 (c)2006 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\SHELLSERVICEOBJECTDELAYLOAD]

Acceso Denegado al fichero

C:\WINDOWS\SYSTEM32\ENROL1931.DLL

Por favor, envienos una muestra del fichero

que podra copiar arrancando en Consola de Recuperación.

C:\WINDOWS\SYSTEM32\GUARD.TMP --> Eliminado Look2Me (notify)

Entrada Eliminada [HKLM\...\RunServices] "P2P Networking"="p2pnetworking.exe"



Fri Oct 20 11:50:14 2006

EliStartPage v12.54 (c)2006 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

[WinLogon\Notify\SHELLSERVICEOBJECTDELAYLOAD]

Acceso Denegado al fichero

C:\WINDOWS\SYSTEM32\ENROL1931.DLL

Por favor, envienos una muestra del fichero

que podra copiar arrancando en Consola de Recuperación.



Tue Nov 07 09:47:09 2006

EliTriIP v2.72 (c)2006 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS --> Eliminado

Entrada Eliminada [HKLM\...\Run] "Windows"="c:\\windows_e51.exe"



Tue Nov 07 09:57:23 2006

EliStartPage v12.65 (c)2006 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\PROGRAM FILES\DESKBAR\DESKBAR.DLL --> Softomate (BHO) Renombrado a .VIR

C:\WINDOWS\SYSTEM32\ATMTD.DLL --> Eliminado (Fichero Complementario).

Entrada Eliminada [HKLM\...\Run] "defender"="c:\\dfndrff_e51.exe"

Entrada Eliminada [HKLM\...\Run] "keyboard"="c:\\kybrdff_e51.exe"

Entrada Eliminada [HKLM\...\Run] "newname"="c:\\nwnmff_e51.exe"

Entrada Eliminada [HKLM\...\RunServices] "P2P Networking"="p2pnetworking.exe"

Eliminada Class, "{A8B28872-3324-4CD2-8AA3-7D555C872D96}" -> C:\Program Files\Deskbar\deskbar.dll

Eliminada Class, "{D7CC80D4-376C-4586-B023-4F35C2CEB28E}" -> C:\Program Files\Deskbar\deskbar.dll









que mas hago ?

[koga]

Hola, en el info solo veo lista por accion directa, ademas no veo la eliminacion de archivos temporales, le recomiendo que los vuelva a jecutar, tanto Elitriip como Elistara, y le diga si a todas las preguntas que le haga, y por ultimo asegurese que cuando salga la ventanita de elistara o Elitriip (dependiendo el caso), darle al boton EXPLORAR... y nos postea un nuevo infosat.



Ademas arranque en modo seguro y borre las siguientes entradas ejecutando el hijackthis, marca las casillas de la izquierda y les da FIX:

O23 - Service: Command Service (cmdService) - Unknown owner - C:\Windows\IA\command.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe







Saludos.

[msc hotline sat]

Y dado lo del command.exe, lanzar el ELIFEEBA, QUE ES LA UTILIDAD QUE CONTROLA AL FEEBS:



ELIFEEBA:





pues tambien hay que eliminar ficheros ZIP y demas





y para el NETMON.EXE tenemos el ELIMIMA.EXE ya que este fichero es el gusano del virus MIMAIL, pero no es de las utilidades disponibles en el foro, si bien eliminando la clave indicada por koga ya se solucionará dicho problema, y luego elimine el fichero





saludos



ms, 8-11-2006