Mi log del HiJack, ayuda!

Estado
Cerrado para nuevas respuestas

Dj zoros

Nuevo Miembro
Miembro
#1
Running Processes:

-----------------

#1: [KERNEL32.DLL]

File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL

ProcessID: 4293855449

Priority: High

File Size: 468 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1991-1999

Company Name: Microsoft Corporation

File Description: Componente del núcleo del kernel Win32

Internal Name: KERNEL32

Original Filename: KERNEL32.DLL

Product Name: Sistema operativo Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#2: [KERNEL32.DLL]

File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL

ProcessID: 4294958145

Priority: Normal

File Size: 468 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1991-1999

Company Name: Microsoft Corporation

File Description: Componente del núcleo del kernel Win32

Internal Name: KERNEL32

Original Filename: KERNEL32.DLL

Product Name: Sistema operativo Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#3: [SPOOL32.EXE]

File Path: C:\WINDOWS\SYSTEM\SPOOL32.EXE

ProcessID: 4294956121

Priority: Normal

File Size: 44 KB

Version: 4.10.0.1998

File Version: 4.10.1998

Product Version: 4.10.1998

Copyright: Copyright © Microsoft Corp. 1994 - 1998

Company Name: Microsoft Corporation

File Description: Spooler Sub System Process

Internal Name: spool32

Original Filename: spool32.exe

Product Name: Microsoft® Windows® Operating System

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#4: [MPREXE.EXE]

File Path: C:\WINDOWS\SYSTEM\MPREXE.EXE

ProcessID: 4294952621

Priority: Normal

File Size: 28 KB

Version: 4.10.0.1998

File Version: 4.10.1998

Product Version: 4.10.1998

Copyright: Copyright © Microsoft Corp. 1993-1998

Company Name: Microsoft Corporation

File Description: WIN32 Network Interface Service Process

Internal Name: MPREXE

Original Filename: MPREXE.EXE

Product Name: Microsoft® Windows® Operating System

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#5: [MSTASK.EXE]

File Path: C:\WINDOWS\SYSTEM\MSTASK.EXE

ProcessID: 4294857957

Priority: Normal

File Size: 116 KB

Version: 4.71.1959.1

File Version: 4.71.1959.1

Product Version: 4.71.1959.1

Copyright: Copyright © Microsoft Corp. 1997

Company Name: Microsoft Corporation

File Description: Motor de Programador de tareas

Internal Name: TaskScheduler

Original Filename: mstask.exe

Product Name: Programador de tareas de Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#6: [KERNEL32.DLL]

File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL

ProcessID: 4294843625

Priority: Normal

File Size: 468 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1991-1999

Company Name: Microsoft Corporation

File Description: Componente del núcleo del kernel Win32

Internal Name: KERNEL32

Original Filename: KERNEL32.DLL

Product Name: Sistema operativo Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#7: [EXPLORER.EXE]

File Path: C:\WINDOWS\EXPLORER.EXE

ProcessID: 4294861849

Priority: Normal

File Size: 176 KB

Version: 4.72.3110.1

File Version: 4.72.3110.1

Product Version: 4.72.3110.1

Copyright: © Microsoft Corporation 1981-1997

Company Name: Microsoft Corporation

File Description: Explorador de Windows

Internal Name: explorer

Original Filename: EXPLORER.EXE

Product Name: Sistema operativo Microsoft® Windows NT®

Created on: 05/05/99 10:22:00 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#8: [TASKMON.EXE]

File Path: C:\WINDOWS\TASKMON.EXE

ProcessID: 4294787421

Priority: Normal

File Size: 28 KB

Version: 4.10.0.1998

File Version: 4.10.1998

Product Version: 4.10.1998

Copyright: Copyright © Microsoft Corp. 1998

Company Name: Microsoft Corporation

File Description: Task Monitor

Internal Name: TaskMon

Original Filename: TASKMON.EXE

Product Name: Microsoft® Windows® Operating System

Created on: 05/05/99 10:22:00 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#9: [SYSTRAY.EXE]

File Path: C:\WINDOWS\SYSTEM\SYSTRAY.EXE

ProcessID: 4294796689

Priority: Normal

File Size: 32 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1993-1998

Company Name: Microsoft Corporation

File Description: Subprograma Bandeja de sistema

Internal Name: SYSTRAY

Original Filename: SYSTRAY.EXE

Product Name: Sistema operativo Microsoft® Windows®

Created on: 05/05/99 10:22:00 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#10: [PCTVOICE.EXE]

File Path: C:\WINDOWS\PCTVOICE.EXE

ProcessID: 4294826793

Priority: Normal

File Size: 176 KB

Version: 12.300.18.0

File Version: 12, 300, 18, 0

Product Version: 12, 0300, 0018

Copyright: Copyright © 2001

Company Name: 0

File Description: pctvoice MFC Application

Internal Name: pctvoice

Original Filename: pctvoice.EXE

Product Name: pctvoice Application

Created on: 11/06/04 04:28:26 p.m.

Last accessed: 15/11/04

Last modified: 18/07/03 03:01:42 a.m.

#11: [LOADQM.EXE]

File Path: C:\WINDOWS\LOADQM.EXE

ProcessID: 4294826053

Priority: Normal

File Size: 7 KB

Version: 5.4.1103.3

File Version: 5.4.1103.3

Product Version: 5.4.1103.3

Copyright: Copyright © Microsoft Corp. 1981-1999

Company Name: Microsoft Corporation

File Description: Microsoft QMgr

Internal Name: LOADQM.EXE

Original Filename: LOADQM.EXE

Product Name: QMgr Loader

Created on: 11/06/04 06:38:10 p.m.

Last accessed: 15/11/04

Last modified: 03/05/00 05:23:10 p.m.

#12: [REALSCHED.EXE]

File Path: C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE

ProcessID: 4294828881

Priority: Normal

File Size: 176 KB

Version: 0.1.0.3034

File Version: 0.1.0.3034

Product Version: 0.1.0.3034

Copyright: Copyright © RealNetworks, Inc. 1995-2004

Company Name: RealNetworks, Inc.

File Description: RealNetworks Scheduler

Internal Name: schedapp

Original Filename: realsched.exe

Product Name: RealPlayer (32-bit)

Created on: 04/08/04 03:55:17 p.m.

Last accessed: 15/11/04

Last modified: 04/08/04 03:55:18 p.m.

#13: [SYSTIME.EXE]

File Path: C:\WINDOWS\SYSTEM\SYSTIME.EXE

ProcessID: 4294819669

Priority: Normal

File Size: 2 KB

Created on: 13/11/04 06:08:59 p.m.

Last accessed: 15/11/04

Last modified: 13/11/04 06:09:00 p.m.

#14: [KEYHOOK.EXE]

File Path: C:\WINDOWS\SYSTEM\KEYHOOK.EXE

ProcessID: 4294807969

Priority: Normal

File Size: 244 KB

Version: 0.0.0.3540

File Version: 0.0.0.3540

Product Version: 0.0.0.3540

Copyright: Copyright © Silicon Integrated Systems Corp. 1998-2002

Company Name: Silicon Integrated Systems Corporation

File Description: SiS Compatible Super VGA Keyboard Daemon

Internal Name: KEYHOOK 3.54.50

Original Filename: KEYHOOK.EXE

Product Name: SIS ® Compatible Super VGA keyboard daemon

Created on: 14/11/04 09:22:00 p.m.

Last accessed: 15/11/04

Last modified: 30/10/03 02:09:36 p.m.

#15: [SYSTIME.EXE]

File Path: C:\WINDOWS\SYSTEM\SYSTIME.EXE

ProcessID: 4294719277

Priority: Normal

File Size: 2 KB

Created on: 13/11/04 06:08:59 p.m.

Last accessed: 15/11/04

Last modified: 13/11/04 06:09:00 p.m.

#16: [DDHELP.EXE]

File Path: C:\WINDOWS\SYSTEM\DDHELP.EXE

ProcessID: 4294716145

Priority: Real Time

File Size: 48 KB

Version: 4.6.3.518

File Version: 4.06.03.0518

Product Version: 4.06.03.0518

Copyright: Copyright © Microsoft Corp. 1994-1999

Company Name: Microsoft Corporation

File Description: Microsoft DirectX Helper

Internal Name: ddhelp.exe

Original Filename: ddhelp.exe

Product Name: Microsoft® DirectX for Windows® 95 and 98

Created on: 13/11/04 06:08:59 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#17: [SISTRAY.EXE]

File Path: C:\WINDOWS\SYSTEM\SISTRAY.EXE

ProcessID: 4294762877

Priority: Normal

File Size: 652 KB

Version: 0.0.0.3540

File Version: 0.0.0.3540

Product Version: 0.0.0.3540

Copyright: Copyright © Silicon Integrated Systems Corp. 1998-2002

Company Name: Silicon Integrated Systems Corporation

File Description: SiS Compatible Super VGA Tray Application

Internal Name: SISTRAY 3.54.50

Original Filename: SISTRAY.EXE

Product Name: SiS ® Compatible Super VGA SiSTray application

Created on: 14/11/04 09:21:57 p.m.

Last accessed: 15/11/04

Last modified: 30/10/03 02:10:20 p.m.

#18: [EIEJCOHL.EXE]

File Path: C:\WINDOWS\SYSTEM\SR64\EIEJCOHL.EXE

ProcessID: 4294642997

Priority: Normal

File Size: 18 KB

Created on: 15/11/04 12:54:13 p.m.

Last accessed: 15/11/04

Last modified: 14/11/04 09:26:32 p.m.

#19: [WMIEXE.EXE]

File Path: C:\WINDOWS\SYSTEM\WMIEXE.EXE

ProcessID: 4294605853

Priority: Normal

File Size: 16 KB

Version: 5.0.1755.1

File Version: 5.00.1755.1

Product Version: 5.00.1755.1

Copyright: Copyright © Microsoft Corp. 1981-1998

Company Name: Microsoft Corporation

File Description: WMI service exe housing

Internal Name: wmiexe

Original Filename: wmiexe.exe

Product Name: Microsoft® Windows NT® Operating System

Created on: 15/11/04 12:54:13 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#20: [MSNMSGR.EXE]

File Path: C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

ProcessID: 4294735109

Priority: Normal

File Size: 4768 KB

Version: 6.2.0.137

File Version: 6.2.0137

Product Version: Version 6.2

Copyright: Copyright © Microsoft Corporation 1997-2004

Company Name: Microsoft Corporation

File Description: MSN Messenger

Internal Name: msnmsgr

Original Filename: msnmsgr.exe

Product Name: MSN Messenger

Created on: 28/05/04 10:22:04 p.m.

Last accessed: 15/11/04

Last modified: 11/06/04 07:13:04 p.m.

#21: [HIJACK.EXE]

File Path: C:\ARCHIVOS DE PROGRAMA\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE

ProcessID: 4294409765

Priority: Normal

File Size: 392 KB

Version: 2.0.0.0

File Version: 2, 0, 0, 0

Product Version: 2, 0, 0, 0

Copyright: Copyright © 2003

Company Name: ,

File Description: HiJack MFC Application

Internal Name: System Hijack Scanner

Original Filename: HiJack.EXE

Product Name: System Hijack Scanner

Created on: 26/04/04 08:34:14 p.m.

Last accessed: 15/11/04

Last modified: 26/04/04 08:34:14 p.m.

System Hijack Scanner Entries:

---------------

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page=http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Local Page=http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Local Page=http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar, LinksFolderName=Vínculos

R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main, start page_bak=http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, proxyOverride=<local>

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini [windows]: Run=hpfsched

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\SYSTEM\UOAELU.DLL (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL

O3 - ToolBar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll

O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe (file missing)

O4 - HKLM\..\Run: [IrMon] IrMon.exe (file missing)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd (file missing)

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe (file missing)

O4 - HKLM\..\Run: [LoadQM] loadqm.exe (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime (file missing)

O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE (file missing)

O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe (file missing)

O4 - HKLM\..\Run: [WebRebates0] "C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\WebRebates0.exe" (file missing)

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (file missing)

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Shareaza] "C:\ARCHIVOS DE PROGRAMA\SHAREAZA\SHAREAZA.EXE" -tray (file missing)

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE (file missing)

O4 - HKCU\..\Run: [PrjLithium] C:\Archivos de programa\Project Lithium\prjLithium.exe (file missing)

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (file missing)

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - Start Up: C:\WINDOWS\Menú Inicio\Programas\Inicio\Utility Tray.lnk

O5 - control.ini [don't load]: snd.cpl=no

O5 - control.ini [don't load]: joystick.cpl=no

O5 - control.ini [don't load]: midimap.drv=no

O5 - control.ini [don't load]: sticpl.cpl=no

O8 - Extra Context Menu Items: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra Context Menu Items: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra Context Menu Items: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra Context Menu Items: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O9 - Extra Button: Relacionados - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}

O9 - Extra Tools Menu Item: Mostrar vínculos &relacionados - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}

O15 - Trusted Zone:*://*.mt-download.com

O15 - Trusted Zone:*://*.skoobidoo.com

O15 - Trusted Zone:*://*.windupdates.com

O15 - Trusted Zone:*://*.searchmiracle.com

O15 - Trusted Zone:*://*.my-internet.info

O15 - Trusted Zone:*://*.clickspring.net

O15 - Trusted Zone:*://*.iframe.biz

O15 - Trusted Zone:*://*.newiframe.biz

O15 - Trusted Zone:*://*.pizdato.biz

O15 - Trusted Zone:*://*.sp2fucked.biz

O15 - Trusted Zone:*://*.sp2admin.biz

O15 - Trusted Zone:*://*.c4tdownload.com

O15 - Trusted Zone:*://*.ysbweb.com

O15 - Trusted Zone:*://*.overpro.com

O15 - Trusted Zone:*://*.windupdates.com

O15 - Trusted Zone:*://*.searchmiracle.com

O15 - Trusted Zone:*://*.skoobidoo.com

O15 - Trusted Zone:*://*.my-internet.info

O15 - Trusted Zone:*://*.mt-download.com

O15 - Trusted Zone:*://*.clickspring.net

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} ((no name)) - http://codecs.microsoft.com/codecs/i386/msaudio.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} ((no name)) - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_ES.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} ((no name)) - http://akamai.downloadv3.com/binaries/IA/nethv32_ES.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8185.7682523148

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} ((no name)) - http://public.windupdates.com/get_file.php...edceabcca450006

O16 - DPF: {30060FD6-20E9-0DE9-D695-423B13511B25} ((no name)) - http://213.159.117.150/1/rdgAR10.exe

O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll

O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL

O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX

Espero que alguien me ayude...

zoros@fibertel.com.ar
 

alnitak

Ex-Admin
Miembro
#2
Aclarame algo, que programa has usado para tomar el log ?

El sistema luce bastante mal, por favor toma el log desde el HijackThis 1.98.2 y colocamelo tal cual pero así a ojo te faltan un monton de archivos, muchos de los cuales legales y necesarios y me gustaría saber si los has eliminados tu o si es consecuencia de algún virus porque vamos que no es muy comun ver algo así y creo que su de verdad faltan se te haría mas rápido y seguro formatear y reinstalar
 

Dj zoros

Nuevo Miembro
Miembro
#3
Muchas gracias por la pronta respuesta, es probable que haya borrado de manera involuntaria algún/os archivo/s, aquí tienes lo que me pediste........ y gracias por la ayuda.....

Logfile of HijackThis v1.98.2

Scan saved at 03:47:11 p.m., on 15/11/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\PCTVOICE.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SYSTIME.EXE

C:\WINDOWS\SYSTEM\KEYHOOK.EXE

C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\SYSTIME.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\SISTRAY.EXE

C:\WINDOWS\SYSTEM\SR64\JBIPMIDG.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.16\RDGAR10.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\ZOROS\INSTALADORES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: run=hpfsched

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\SYSTEM\UOAELU.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [IrMon] IrMon.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE

O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\WebRebates0.exe"

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Shareaza] "C:\ARCHIVOS DE PROGRAMA\SHAREAZA\SHAREAZA.EXE" -tray

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE

O4 - HKCU\..\Run: [PrjLithium] C:\Archivos de programa\Project Lithium\prjLithium.exe

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe

O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframe.biz

O15 - Trusted Zone: *.newiframe.biz

O15 - Trusted Zone: *.pizdato.biz

O15 - Trusted Zone: *.sp2fucked.biz

O15 - Trusted Zone: *.sp2admin.biz

O15 - Trusted Zone: *.c4tdownload.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.overpro.com

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_ES.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006

O16 - DPF: {30060FD6-20E9-0DE9-D695-423B13511B25} - http://213.159.117.150/1/rdgAR10.exe

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
 

alnitak

Ex-Admin
Miembro
#4
NOTA IMPORTANTE: Por favor, no posteen sus logs juntos a los de otra persona porque se prestará a generar confusión, abran un nuevo tema para plantear su problema y posteen su log ahí.
Por favor, bájate e instala el programa Disk Cleaner

Asegúrate que tu sistema operativo muestre los archivos y carpetas ocultos:

Mostrar archivos ocultos

Reinicia el sistema en modo seguro:

Como reiniciar a prueba de fallos

Ejecuta el HijackThis.

Cierra todos los navegadores, tanto los navegadores Web como el Explorador de Windows (es indispensable que los cierres o no resultará)

Corre el HijackThis, dale a Scan , revisa las casillas de las siguientes entradas y dale a fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\SYSTEM\UOAELU.DLL (file missing)

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE

O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\WebRebates0.exe"

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframe.biz

O15 - Trusted Zone: *.newiframe.biz

O15 - Trusted Zone: *.pizdato.biz

O15 - Trusted Zone: *.sp2fucked.biz

O15 - Trusted Zone: *.sp2admin.biz

O15 - Trusted Zone: *.c4tdownload.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.overpro.com

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/Live...ervice_5_ES.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006

O16 - DPF: {30060FD6-20E9-0DE9-D695-423B13511B25} - http://213.159.117.150/1/rdgAR10.exe

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)



Cierra el HijackThis, elimina los archivos temporales y cookies con el disk cleaner: marcas las casillas System Tempory Files,Tempory Internet Files , Internet Cookies y las demás que te provoque marcar después le das a Clean.

Elimina estos archivos si todavía existen:

C:\WINDOWS\SYSTEM\systime.exe

Elimina estas carpetas y todo su contenido si todavía existen:

C:\PROGRAM FILES\WINDOWS ADCONTROL\

c:\archivos de programa\180solutions\

C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\

C:\WINDOWS\mslagent\

Reinicia normalmente.

Instala la ultima versión de Ad Aware, actualízalo y escanéate para que termine de limpiar.

Actualiza tu sistema a través del Windows Update

Toma otro log después de seguir todas las instrucciones

NOTA IMPORTANTE: Por favor, no posteen sus logs juntos a los de otra persona porque se prestará a generar confusión, abran un nuevo tema para plantear su problema y posteen su log ahí.
 

Dj zoros

Nuevo Miembro
Miembro
#5
Muchas gracias! La verdad que me salvaste la vida...... :confused: .....

Aprovecho para preguntar, que tipo de Firewall puedo utilizar, si tienes algún link de emule.

Insisto Muchas Graciasssssssss
 
A

Arwing

Guest
#6
Puedes probar con el Outpost, está un post pegado en esta sección del Foro donde se te explica cómo configurarlo, es fácil. Y lo puedes descargar desde esta misma página.

Arwing
 
Estado
Cerrado para nuevas respuestas
Arriba Pie