• Este sitio usa cookies. Para continuar usando este sitio, se debe aceptar nuestro uso de cookies. Más información.

Mi log del HiJack, ayuda!

Estado
Cerrado para nuevas respuestas

Dj zoros

Nuevo Miembro
Miembro
#1
Running Processes:

-----------------

#1: [KERNEL32.DLL]

File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL

ProcessID: 4293855449

Priority: High

File Size: 468 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1991-1999

Company Name: Microsoft Corporation

File Description: Componente del núcleo del kernel Win32

Internal Name: KERNEL32

Original Filename: KERNEL32.DLL

Product Name: Sistema operativo Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#2: [KERNEL32.DLL]

File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL

ProcessID: 4294958145

Priority: Normal

File Size: 468 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1991-1999

Company Name: Microsoft Corporation

File Description: Componente del núcleo del kernel Win32

Internal Name: KERNEL32

Original Filename: KERNEL32.DLL

Product Name: Sistema operativo Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#3: [SPOOL32.EXE]

File Path: C:\WINDOWS\SYSTEM\SPOOL32.EXE

ProcessID: 4294956121

Priority: Normal

File Size: 44 KB

Version: 4.10.0.1998

File Version: 4.10.1998

Product Version: 4.10.1998

Copyright: Copyright © Microsoft Corp. 1994 - 1998

Company Name: Microsoft Corporation

File Description: Spooler Sub System Process

Internal Name: spool32

Original Filename: spool32.exe

Product Name: Microsoft® Windows® Operating System

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#4: [MPREXE.EXE]

File Path: C:\WINDOWS\SYSTEM\MPREXE.EXE

ProcessID: 4294952621

Priority: Normal

File Size: 28 KB

Version: 4.10.0.1998

File Version: 4.10.1998

Product Version: 4.10.1998

Copyright: Copyright © Microsoft Corp. 1993-1998

Company Name: Microsoft Corporation

File Description: WIN32 Network Interface Service Process

Internal Name: MPREXE

Original Filename: MPREXE.EXE

Product Name: Microsoft® Windows® Operating System

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#5: [MSTASK.EXE]

File Path: C:\WINDOWS\SYSTEM\MSTASK.EXE

ProcessID: 4294857957

Priority: Normal

File Size: 116 KB

Version: 4.71.1959.1

File Version: 4.71.1959.1

Product Version: 4.71.1959.1

Copyright: Copyright © Microsoft Corp. 1997

Company Name: Microsoft Corporation

File Description: Motor de Programador de tareas

Internal Name: TaskScheduler

Original Filename: mstask.exe

Product Name: Programador de tareas de Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#6: [KERNEL32.DLL]

File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL

ProcessID: 4294843625

Priority: Normal

File Size: 468 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1991-1999

Company Name: Microsoft Corporation

File Description: Componente del núcleo del kernel Win32

Internal Name: KERNEL32

Original Filename: KERNEL32.DLL

Product Name: Sistema operativo Microsoft® Windows®

Created on: 12:00:00 a.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#7: [EXPLORER.EXE]

File Path: C:\WINDOWS\EXPLORER.EXE

ProcessID: 4294861849

Priority: Normal

File Size: 176 KB

Version: 4.72.3110.1

File Version: 4.72.3110.1

Product Version: 4.72.3110.1

Copyright: © Microsoft Corporation 1981-1997

Company Name: Microsoft Corporation

File Description: Explorador de Windows

Internal Name: explorer

Original Filename: EXPLORER.EXE

Product Name: Sistema operativo Microsoft® Windows NT®

Created on: 05/05/99 10:22:00 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#8: [TASKMON.EXE]

File Path: C:\WINDOWS\TASKMON.EXE

ProcessID: 4294787421

Priority: Normal

File Size: 28 KB

Version: 4.10.0.1998

File Version: 4.10.1998

Product Version: 4.10.1998

Copyright: Copyright © Microsoft Corp. 1998

Company Name: Microsoft Corporation

File Description: Task Monitor

Internal Name: TaskMon

Original Filename: TASKMON.EXE

Product Name: Microsoft® Windows® Operating System

Created on: 05/05/99 10:22:00 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#9: [SYSTRAY.EXE]

File Path: C:\WINDOWS\SYSTEM\SYSTRAY.EXE

ProcessID: 4294796689

Priority: Normal

File Size: 32 KB

Version: 4.10.0.2222

File Version: 4.10.2222

Product Version: 4.10.2222

Copyright: Copyright © Microsoft Corp. 1993-1998

Company Name: Microsoft Corporation

File Description: Subprograma Bandeja de sistema

Internal Name: SYSTRAY

Original Filename: SYSTRAY.EXE

Product Name: Sistema operativo Microsoft® Windows®

Created on: 05/05/99 10:22:00 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#10: [PCTVOICE.EXE]

File Path: C:\WINDOWS\PCTVOICE.EXE

ProcessID: 4294826793

Priority: Normal

File Size: 176 KB

Version: 12.300.18.0

File Version: 12, 300, 18, 0

Product Version: 12, 0300, 0018

Copyright: Copyright © 2001

Company Name: 0

File Description: pctvoice MFC Application

Internal Name: pctvoice

Original Filename: pctvoice.EXE

Product Name: pctvoice Application

Created on: 11/06/04 04:28:26 p.m.

Last accessed: 15/11/04

Last modified: 18/07/03 03:01:42 a.m.

#11: [LOADQM.EXE]

File Path: C:\WINDOWS\LOADQM.EXE

ProcessID: 4294826053

Priority: Normal

File Size: 7 KB

Version: 5.4.1103.3

File Version: 5.4.1103.3

Product Version: 5.4.1103.3

Copyright: Copyright © Microsoft Corp. 1981-1999

Company Name: Microsoft Corporation

File Description: Microsoft QMgr

Internal Name: LOADQM.EXE

Original Filename: LOADQM.EXE

Product Name: QMgr Loader

Created on: 11/06/04 06:38:10 p.m.

Last accessed: 15/11/04

Last modified: 03/05/00 05:23:10 p.m.

#12: [REALSCHED.EXE]

File Path: C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE

ProcessID: 4294828881

Priority: Normal

File Size: 176 KB

Version: 0.1.0.3034

File Version: 0.1.0.3034

Product Version: 0.1.0.3034

Copyright: Copyright © RealNetworks, Inc. 1995-2004

Company Name: RealNetworks, Inc.

File Description: RealNetworks Scheduler

Internal Name: schedapp

Original Filename: realsched.exe

Product Name: RealPlayer (32-bit)

Created on: 04/08/04 03:55:17 p.m.

Last accessed: 15/11/04

Last modified: 04/08/04 03:55:18 p.m.

#13: [SYSTIME.EXE]

File Path: C:\WINDOWS\SYSTEM\SYSTIME.EXE

ProcessID: 4294819669

Priority: Normal

File Size: 2 KB

Created on: 13/11/04 06:08:59 p.m.

Last accessed: 15/11/04

Last modified: 13/11/04 06:09:00 p.m.

#14: [KEYHOOK.EXE]

File Path: C:\WINDOWS\SYSTEM\KEYHOOK.EXE

ProcessID: 4294807969

Priority: Normal

File Size: 244 KB

Version: 0.0.0.3540

File Version: 0.0.0.3540

Product Version: 0.0.0.3540

Copyright: Copyright © Silicon Integrated Systems Corp. 1998-2002

Company Name: Silicon Integrated Systems Corporation

File Description: SiS Compatible Super VGA Keyboard Daemon

Internal Name: KEYHOOK 3.54.50

Original Filename: KEYHOOK.EXE

Product Name: SIS ® Compatible Super VGA keyboard daemon

Created on: 14/11/04 09:22:00 p.m.

Last accessed: 15/11/04

Last modified: 30/10/03 02:09:36 p.m.

#15: [SYSTIME.EXE]

File Path: C:\WINDOWS\SYSTEM\SYSTIME.EXE

ProcessID: 4294719277

Priority: Normal

File Size: 2 KB

Created on: 13/11/04 06:08:59 p.m.

Last accessed: 15/11/04

Last modified: 13/11/04 06:09:00 p.m.

#16: [DDHELP.EXE]

File Path: C:\WINDOWS\SYSTEM\DDHELP.EXE

ProcessID: 4294716145

Priority: Real Time

File Size: 48 KB

Version: 4.6.3.518

File Version: 4.06.03.0518

Product Version: 4.06.03.0518

Copyright: Copyright © Microsoft Corp. 1994-1999

Company Name: Microsoft Corporation

File Description: Microsoft DirectX Helper

Internal Name: ddhelp.exe

Original Filename: ddhelp.exe

Product Name: Microsoft® DirectX for Windows® 95 and 98

Created on: 13/11/04 06:08:59 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#17: [SISTRAY.EXE]

File Path: C:\WINDOWS\SYSTEM\SISTRAY.EXE

ProcessID: 4294762877

Priority: Normal

File Size: 652 KB

Version: 0.0.0.3540

File Version: 0.0.0.3540

Product Version: 0.0.0.3540

Copyright: Copyright © Silicon Integrated Systems Corp. 1998-2002

Company Name: Silicon Integrated Systems Corporation

File Description: SiS Compatible Super VGA Tray Application

Internal Name: SISTRAY 3.54.50

Original Filename: SISTRAY.EXE

Product Name: SiS ® Compatible Super VGA SiSTray application

Created on: 14/11/04 09:21:57 p.m.

Last accessed: 15/11/04

Last modified: 30/10/03 02:10:20 p.m.

#18: [EIEJCOHL.EXE]

File Path: C:\WINDOWS\SYSTEM\SR64\EIEJCOHL.EXE

ProcessID: 4294642997

Priority: Normal

File Size: 18 KB

Created on: 15/11/04 12:54:13 p.m.

Last accessed: 15/11/04

Last modified: 14/11/04 09:26:32 p.m.

#19: [WMIEXE.EXE]

File Path: C:\WINDOWS\SYSTEM\WMIEXE.EXE

ProcessID: 4294605853

Priority: Normal

File Size: 16 KB

Version: 5.0.1755.1

File Version: 5.00.1755.1

Product Version: 5.00.1755.1

Copyright: Copyright © Microsoft Corp. 1981-1998

Company Name: Microsoft Corporation

File Description: WMI service exe housing

Internal Name: wmiexe

Original Filename: wmiexe.exe

Product Name: Microsoft® Windows NT® Operating System

Created on: 15/11/04 12:54:13 p.m.

Last accessed: 15/11/04

Last modified: 05/05/99 10:22:00 p.m.

#20: [MSNMSGR.EXE]

File Path: C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

ProcessID: 4294735109

Priority: Normal

File Size: 4768 KB

Version: 6.2.0.137

File Version: 6.2.0137

Product Version: Version 6.2

Copyright: Copyright © Microsoft Corporation 1997-2004

Company Name: Microsoft Corporation

File Description: MSN Messenger

Internal Name: msnmsgr

Original Filename: msnmsgr.exe

Product Name: MSN Messenger

Created on: 28/05/04 10:22:04 p.m.

Last accessed: 15/11/04

Last modified: 11/06/04 07:13:04 p.m.

#21: [HIJACK.EXE]

File Path: C:\ARCHIVOS DE PROGRAMA\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE

ProcessID: 4294409765

Priority: Normal

File Size: 392 KB

Version: 2.0.0.0

File Version: 2, 0, 0, 0

Product Version: 2, 0, 0, 0

Copyright: Copyright © 2003

Company Name: ,

File Description: HiJack MFC Application

Internal Name: System Hijack Scanner

Original Filename: HiJack.EXE

Product Name: System Hijack Scanner

Created on: 26/04/04 08:34:14 p.m.

Last accessed: 15/11/04

Last modified: 26/04/04 08:34:14 p.m.

System Hijack Scanner Entries:

---------------

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page=http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Local Page=http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Local Page=http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar, LinksFolderName=Vínculos

R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main, start page_bak=http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, proxyOverride=<local>

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini [windows]: Run=hpfsched

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\SYSTEM\UOAELU.DLL (file missing)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL

O3 - ToolBar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll

O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe (file missing)

O4 - HKLM\..\Run: [IrMon] IrMon.exe (file missing)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd (file missing)

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe (file missing)

O4 - HKLM\..\Run: [LoadQM] loadqm.exe (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime (file missing)

O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE (file missing)

O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe (file missing)

O4 - HKLM\..\Run: [WebRebates0] "C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\WebRebates0.exe" (file missing)

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (file missing)

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Shareaza] "C:\ARCHIVOS DE PROGRAMA\SHAREAZA\SHAREAZA.EXE" -tray (file missing)

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE (file missing)

O4 - HKCU\..\Run: [PrjLithium] C:\Archivos de programa\Project Lithium\prjLithium.exe (file missing)

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme (file missing)

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - Start Up: C:\WINDOWS\Menú Inicio\Programas\Inicio\Utility Tray.lnk

O5 - control.ini [don't load]: snd.cpl=no

O5 - control.ini [don't load]: joystick.cpl=no

O5 - control.ini [don't load]: midimap.drv=no

O5 - control.ini [don't load]: sticpl.cpl=no

O8 - Extra Context Menu Items: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra Context Menu Items: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra Context Menu Items: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra Context Menu Items: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O9 - Extra Button: Relacionados - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}

O9 - Extra Tools Menu Item: Mostrar vínculos &relacionados - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}

O15 - Trusted Zone:*://*.mt-download.com

O15 - Trusted Zone:*://*.skoobidoo.com

O15 - Trusted Zone:*://*.windupdates.com

O15 - Trusted Zone:*://*.searchmiracle.com

O15 - Trusted Zone:*://*.my-internet.info

O15 - Trusted Zone:*://*.clickspring.net

O15 - Trusted Zone:*://*.iframe.biz

O15 - Trusted Zone:*://*.newiframe.biz

O15 - Trusted Zone:*://*.pizdato.biz

O15 - Trusted Zone:*://*.sp2fucked.biz

O15 - Trusted Zone:*://*.sp2admin.biz

O15 - Trusted Zone:*://*.c4tdownload.com

O15 - Trusted Zone:*://*.ysbweb.com

O15 - Trusted Zone:*://*.overpro.com

O15 - Trusted Zone:*://*.windupdates.com

O15 - Trusted Zone:*://*.searchmiracle.com

O15 - Trusted Zone:*://*.skoobidoo.com

O15 - Trusted Zone:*://*.my-internet.info

O15 - Trusted Zone:*://*.mt-download.com

O15 - Trusted Zone:*://*.clickspring.net

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} ((no name)) - http://codecs.microsoft.com/codecs/i386/msaudio.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} ((no name)) - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_ES.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} ((no name)) - http://akamai.downloadv3.com/binaries/IA/nethv32_ES.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8185.7682523148

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} ((no name)) - http://public.windupdates.com/get_file.php...edceabcca450006

O16 - DPF: {30060FD6-20E9-0DE9-D695-423B13511B25} ((no name)) - http://213.159.117.150/1/rdgAR10.exe

O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll

O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL

O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL

O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX

Espero que alguien me ayude...

zoros@fibertel.com.ar
 

alnitak

Ex-Admin
Miembro
#2
Aclarame algo, que programa has usado para tomar el log ?

El sistema luce bastante mal, por favor toma el log desde el HijackThis 1.98.2 y colocamelo tal cual pero así a ojo te faltan un monton de archivos, muchos de los cuales legales y necesarios y me gustaría saber si los has eliminados tu o si es consecuencia de algún virus porque vamos que no es muy comun ver algo así y creo que su de verdad faltan se te haría mas rápido y seguro formatear y reinstalar
 

Dj zoros

Nuevo Miembro
Miembro
#3
Muchas gracias por la pronta respuesta, es probable que haya borrado de manera involuntaria algún/os archivo/s, aquí tienes lo que me pediste........ y gracias por la ayuda.....

Logfile of HijackThis v1.98.2

Scan saved at 03:47:11 p.m., on 15/11/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\PCTVOICE.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SYSTIME.EXE

C:\WINDOWS\SYSTEM\KEYHOOK.EXE

C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\SYSTIME.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\SISTRAY.EXE

C:\WINDOWS\SYSTEM\SR64\JBIPMIDG.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.16\RDGAR10.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\ZOROS\INSTALADORES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: run=hpfsched

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\SYSTEM\UOAELU.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [IrMon] IrMon.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE

O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\WebRebates0.exe"

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Shareaza] "C:\ARCHIVOS DE PROGRAMA\SHAREAZA\SHAREAZA.EXE" -tray

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE

O4 - HKCU\..\Run: [PrjLithium] C:\Archivos de programa\Project Lithium\prjLithium.exe

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe

O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframe.biz

O15 - Trusted Zone: *.newiframe.biz

O15 - Trusted Zone: *.pizdato.biz

O15 - Trusted Zone: *.sp2fucked.biz

O15 - Trusted Zone: *.sp2admin.biz

O15 - Trusted Zone: *.c4tdownload.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.overpro.com

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_ES.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006

O16 - DPF: {30060FD6-20E9-0DE9-D695-423B13511B25} - http://213.159.117.150/1/rdgAR10.exe

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
 

alnitak

Ex-Admin
Miembro
#4
NOTA IMPORTANTE: Por favor, no posteen sus logs juntos a los de otra persona porque se prestará a generar confusión, abran un nuevo tema para plantear su problema y posteen su log ahí.
Por favor, bájate e instala el programa Disk Cleaner

Asegúrate que tu sistema operativo muestre los archivos y carpetas ocultos:

Mostrar archivos ocultos

Reinicia el sistema en modo seguro:

Como reiniciar a prueba de fallos

Ejecuta el HijackThis.

Cierra todos los navegadores, tanto los navegadores Web como el Explorador de Windows (es indispensable que los cierres o no resultará)

Corre el HijackThis, dale a Scan , revisa las casillas de las siguientes entradas y dale a fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:\WINDOWS\SYSTEM\UOAELU.DLL (file missing)

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE

O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\WebRebates0.exe"

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE

O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframe.biz

O15 - Trusted Zone: *.newiframe.biz

O15 - Trusted Zone: *.pizdato.biz

O15 - Trusted Zone: *.sp2fucked.biz

O15 - Trusted Zone: *.sp2admin.biz

O15 - Trusted Zone: *.c4tdownload.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.overpro.com

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/Live...ervice_5_ES.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_ES.cab

O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006

O16 - DPF: {30060FD6-20E9-0DE9-D695-423B13511B25} - http://213.159.117.150/1/rdgAR10.exe

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)



Cierra el HijackThis, elimina los archivos temporales y cookies con el disk cleaner: marcas las casillas System Tempory Files,Tempory Internet Files , Internet Cookies y las demás que te provoque marcar después le das a Clean.

Elimina estos archivos si todavía existen:

C:\WINDOWS\SYSTEM\systime.exe

Elimina estas carpetas y todo su contenido si todavía existen:

C:\PROGRAM FILES\WINDOWS ADCONTROL\

c:\archivos de programa\180solutions\

C:\ARCHIVOS DE PROGRAMA\WEB_REBATES\

C:\WINDOWS\mslagent\

Reinicia normalmente.

Instala la ultima versión de Ad Aware, actualízalo y escanéate para que termine de limpiar.

Actualiza tu sistema a través del Windows Update

Toma otro log después de seguir todas las instrucciones

NOTA IMPORTANTE: Por favor, no posteen sus logs juntos a los de otra persona porque se prestará a generar confusión, abran un nuevo tema para plantear su problema y posteen su log ahí.
 

Dj zoros

Nuevo Miembro
Miembro
#5
Muchas gracias! La verdad que me salvaste la vida...... :confused: .....

Aprovecho para preguntar, que tipo de Firewall puedo utilizar, si tienes algún link de emule.

Insisto Muchas Graciasssssssss
 
A

Arwing

Guest
#6
Puedes probar con el Outpost, está un post pegado en esta sección del Foro donde se te explica cómo configurarlo, es fácil. Y lo puedes descargar desde esta misma página.

Arwing
 
Estado
Cerrado para nuevas respuestas