Por favor a los q sepan acerca de este tema necito eliminar este trojan de mi PC
Ya intente todo y no puedo necesito AYUDA
Este mi log de mi PC
Logfile of HijackThis v1.99.1
Scan saved at 07:58:26 , on 12/06/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\System32\llssrv.exe
C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\loadwc.exe
C:\WINNT\loadqm.exe
C:\ARCHIV~1\PERSYS~1\Perav\PAV.EXE
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\spool\drivers\w32x86\hpzstatn.exe
c:\winnt\system32\pstores.exe
C:\Archivos de programa\RegCleaner\RegCleanr.exe
C:\WINNT\System32\ddhelp.exe
C:\ARCHIV~1\PLUS!\MICROS~1\IEXPLORE.EXE
D:\Antivirus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://195.95.218.172/index.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://searchcentral.cc/search.php?v=4&aff=3318R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://searchcentral.cc/index.php?v=4&aff=3318R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://195.95.218.172/index.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://195.95.218.172/index.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://195.95.218.172/index.phpR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://195.95.218.172/index.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://195.95.218.172/index.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts file is located at: C:\WINNT\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINNT\System32\WStart.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\System32\nsg5.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [PayTime] C:\WINNT\System32\paytime.exe
O4 - HKLM\..\Run: [regsync] C:\WINNT\System32\regsync.exe
O4 - HKLM\..\Run: [PAV.EXE] C:\ARCHIV~1\PERSYS~1\Perav\PAV.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PayTime] C:\WINNT\System32\paytime.exe
O4 - Global Startup: Actualización de PER Antivirus.lnk = C:\Archivos de programa\Persystems\Perav\PERUPD.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.bestcounter.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 195.95.218.170
O15 - Trusted IP range: 195.95.218.170 (HKLM)
O16 - DPF: v3cab -
http://searchmiracle.com/cab/v3cab.cabO16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:osuch.mht!http://bestcounter.biz/dl/adv515/x.chm::/load.exe
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} -
http://akamai.downloadv3.com/binaries/IA/svcsysnet32_ES.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTicketsIns....cab?refid=2732O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adsl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adsl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 200.48.225.130 200.48.225.146
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINNT\System32\spool\drivers\w32x86\hpzstatn.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: PER Antivirus (pav_service) - PER SYSTEMS S.A. - C:\Archivos de programa\Persystems\Perav\PERVAC.EXE
O23 - Service: The Hacker Antivirus (The_Hacker_Antivirus) - Unknown owner - C:\ARCHIV~1\THEHAC~1\THD32.EXE (file missing)
O23 - Service: The Hacker Service Manager (T_H_S_M) - Unknown owner - C:\ARCHIV~1\THEHAC~1\THSM.EXE (file missing)
************jk1307***************
AYUDA con Trojan.Spy.HTML.Smithfraud.c, kiero eliminarlo este maldito troyano
Jun 13 2005, 02:26 AM
