Ayudenme a eliminar Troyano Trojan-Spy.HTML.SmitFraud.c

Estado
Cerrado para nuevas respuestas

jose_manu46

Nuevo Miembro
Miembro
En mi computadora se ha metido este troyano, de nombre Troyan-Spy.HTML.SmitFraud.exe , he buscado en varias paginas, me dicen que es un espia, bueno las caracteristicas son parecidas a la que todos dicen, APARECE COMO PAPEL TAPIZ EL FONDO AZUL diciendo SECURITY WARNING un cuadradito de un azul mas ocuro que el de la pantalla, el cual dice que se ha producido un error causado por tal troyano, al costado de fecha y hora me aparece una X diciendo que baje ANTIVIRUSGOLD, que no es mas que una trampa, bueno he usado varios metodos, el KILLBOX que la verdad no lo entiendo, ni funciona, el Adware Away que sinceramente no sirve para nada, he leido que debo usar el hijackthis ya lo baje, también el Disk Cleaner, pero no se como usarlos, mi sistema operativo es WinME, les puedo enviar el informe del HIJACKTHIS, espero que me ayuden :(
 

jose_manu46

Nuevo Miembro
Miembro
Luego de pasar el Antivirus Online que me dijeron y pasar el Ad-Aware en Modo Seguro (Safe Mode), pase el Hijackthis, y esto fue lo que me salio:

Logfile of HijackThis v1.99.1

Scan saved at 9:14:48 PM, on 6/12/2005

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MY DOCUMENTS\UMBRELLA\IMAGENES GUNBOUND\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...&s=search&i=enu

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu

F1 - win.ini: load=ptsnoop.exe

F1 - win.ini: run=C:\CPQS\BACKWEB\HELP\QRUNQ.PIF,

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\ATPART~1.DLL (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe

O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN

O4 - HKLM\..\Run: [Watch Dog Program] C:\COMPAQ\INTERNET\WATCHDOG.EXE

O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART

O4 - HKLM\..\Run: [CPQEASYACC] C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe

O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE

O4 - HKLM\..\Run: [System] C:\WINDOWS\System\plugin.exe

O4 - HKLM\..\Run: [THD32.EXE] C:\PROGRA~1\THEHAC~1\THD32.EXE /NOMSG

O4 - HKLM\..\Run: [TheHackerConsola] C:\PROGRA~1\THEHAC~1\THAV.EXE /NOPRE

O4 - HKLM\..\Run: [LogWatch] C:\WINDOWS\LogWat95.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"

O4 - HKLM\..\Run: [Windows ControlAd] C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLAD.EXE

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiKey] Atitask.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe

O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe

O4 - HKLM\..\RunServices: [T_H_S_M] C:\PROGRA~1\THEHAC~1\THSM.EXE

O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe

O4 - HKCU\..\Run: [areslite] "C:\PROGRAM FILES\ARES LITE EDITION\ARESLITE.EXE" -h

O4 - HKCU\..\Run: [ESPN BottomLine] C:\PROGRAM FILES\ESPN\BOTTOMLINE\BLINE.EXE

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet

O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\hookdump.exe

O4 - Startup: Reminder-cpq40301.lnk = C:\Program Files\Introreg\PIPELINE\REMIND32.EXE

O4 - Startup: Launchpad.lnk = C:\ICM532\Launchpad.exe

O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Tools_95\IMGSTART.EXE

O4 - Startup: Zip Disk Icons.lnk = C:\Program Files\Tools_95\IMGICON.EXE

O4 - Startup: Iomega Watch.lnk = C:\Program Files\Tools_95\IOWATCH.EXE

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Compaq Wireless Configuration.lnk = C:\My Documents\driver\configA.exe

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: ru-mx - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\ru-pe\0.html (file missing)

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE

O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtw32.dll

O12 - Plugin for .pe/pucp/pubweb/puwpubli/puwpubli;jsessionid=6e2f5242042e4d1bbde98944ebe67e67IPw_i-4KC?accion=VerContenido&CodigoDocumento=0000000000039290&enIntranet=1: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/035f2ea7058bba...RdxIE601_es.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...de11ed2adb8ceb0

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} (PremiumInternacional Class) - http://www.accesoplugin.com/dialercab/PPremiumInternacional.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/es/SysWebTelecomInt.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab

O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

q mas hago, si pueden una solucion definitiva. :confused:
 
Estado
Cerrado para nuevas respuestas
Arriba Pie