Solicito atentamente ayuda con mi explorer.exe

Estado
Cerrado para nuevas respuestas

songal

Nuevo Miembro
Miembro
Hola a tods y gracias de antemano, he tenido problemas con explorrer.exe me decian que es debido a codecs pero he borrado todos y sigue cerrandose, envio mi hijackthis

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\DropBox\DropBox\DropBox.exe

C:\WINDOWS\system32\carpserv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-digital-media.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O1 - Hosts: 62.75.224.159 www.bns3.net

O1 - Hosts: 62.75.224.159 www.bns4.net

O1 - Hosts: 62.75.224.159 www.bns5.net

O1 - Hosts: 62.75.224.159 www.bns6.net

O1 - Hosts: 62.75.224.159 www.bns7.net

O1 - Hosts: 62.75.224.159 www.bns8.net

O1 - Hosts: 62.75.224.159 www.cms3.net

O1 - Hosts: 62.75.224.159 www.cms4.net

O1 - Hosts: 62.75.224.159 www.cms5.net

O1 - Hosts: 62.75.224.159 www.cms6.net

O1 - Hosts: 62.75.224.159 www.cms7.net

O1 - Hosts: 62.75.224.159 www.cms8.net

O1 - Hosts: 62.75.224.159 www.rg1.com

O1 - Hosts: 62.75.224.159 www.rg2.com

O1 - Hosts: 62.75.224.159 www.rg3.com

O1 - Hosts: 62.75.224.159 www.rg4.com

O1 - Hosts: 62.75.224.159 www.rg5.com

O1 - Hosts: 62.75.224.159 www.rg6.com

O1 - Hosts: 62.75.224.159 www.rg7.com

O1 - Hosts: 62.75.224.159 www.rg8.com

O1 - Hosts: 62.75.224.159 bns3.net

O1 - Hosts: 62.75.224.159 bns4.net

O1 - Hosts: 62.75.224.159 bns5.net

O1 - Hosts: 62.75.224.159 bns6.net

O1 - Hosts: 62.75.224.159 bns7.net

O1 - Hosts: 62.75.224.159 bns8.net

O1 - Hosts: 62.75.224.159 cms3.net

O1 - Hosts: 62.75.224.159 cms4.net

O1 - Hosts: 62.75.224.159 cms5.net

O1 - Hosts: 62.75.224.159 cms6.net

O1 - Hosts: 62.75.224.159 cms7.net

O1 - Hosts: 62.75.224.159 cms8.net

O1 - Hosts: 62.75.224.159 rg1.com

O1 - Hosts: 62.75.224.159 rg2.com

O1 - Hosts: 62.75.224.159 rg3.com

O1 - Hosts: 62.75.224.159 rg4.com

O1 - Hosts: 62.75.224.159 rg5.com

O1 - Hosts: 62.75.224.159 rg6.com

O1 - Hosts: 62.75.224.159 rg7.com

O1 - Hosts: 62.75.224.159 rg8.com

O1 - Hosts: 62.75.224.159 2004CMS.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsb15.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background

O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Back2zip.lnk = C:\Program Files\Back2zip\Back2zip.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by122fd.bay122.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{043A4EF0-AA7A-48D1-9F2A-E26CDE827784}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{04D5AC68-9BA9-4B57-9957-2B8E120C78F4}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B82DB68-E5DA-4E62-BCA4-E6DECFFFB086}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{41C1DD46-534B-49CB-A102-D542D759EA92}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA577EA9-96DD-4719-B869-1DE501DEE88F}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\..\{043A4EF0-AA7A-48D1-9F2A-E26CDE827784}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.126 85.255.112.227

O20 - AppInit_DLLs: PAVWAIT.DLL Tۺ

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - http://www.yucatan.com.mx/especiales/navid...apers/angel.jpg

O24 - Desktop Component 1: (no name) - http://images.easyart.com/i/prints/lg/1/3/134218.jpg

O24 - Desktop Component 2: (no name) - http://www.eragonmovie.com/content/icons/eragon_msn_7.jpg

O24 - Desktop Component 3: (no name) - http://tkfiles.storage.msn.com/x1pPHu2K6HC...tvOux0ASIBGncMc

O24 - Desktop Component 4: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 13218 bytes

millones de gracias: songal
 

Caito

Ex- Mod
Miembro
estás infectado :rolleyes:

Actualiza tu sistema acá :

Buscar actualizaciones con Windows Update

(Si por algún motivo no puedes actualizar sigue con los demás pasos)

Borra todas las cookies y el registro con CCleaner:

Descargar CCleaner | Utilidades - Análisis y Optimización

Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA)

Pasale el Avg-antispyware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas)

Ewido Anti-Malware

Haz un scan on line acá:

http://www.nod32.com.uy/online-scanner/

Debes usar el Internet Explorer y aceptar los active x

Le pones que elimine lo que te detecte.

Nos copias ese reporte, el del AVG y un nuevo log del hijack

Saludos

Caito
 

songal

Nuevo Miembro
Miembro
Millones de gracias por tu prontisima respuesta, he tenido problemas para correr los programas de analisis, se me cierran a la mitad así que no creas que soy grosera, apenas voy en proceso gracias por la espera
 

songal

Nuevo Miembro
Miembro
Hola, buen dia, oigan y caito gracias pero sabes que trato de correr los programas y se me cierran tanto online como en la maquína que hago por fa? hay algúnas otras opciones he pasado el spybot sandd y tengo el avast y el ad-aware no se si sea lo mismo, gracias de nuevo y un abrazo anticipando las fiestas a todos
 

Caito

Ex- Mod
Miembro
Trata de limpiar de algúna manera, podrías sacar el disco infectado y ponerlo en otra pc y ejecutar las herramientas de limpieza, o hazlo en modo seguro, en fin nos cuentas

Saludos

caito

:D FELIZ NAVIDAD :D
 

songal

Nuevo Miembro
Miembro
Perdon, estoy aquí de latosa de nuevo, saben y en particular caito 5es por lo de lobo de mibu?) he tratado de pasar todos los antivirus online que se mencionan, baje las versines de prueba para correrlos en la pc y nada todo se me cierra a ala mitad, use el cccleaner y manualmente he quitado otras cookies que veia aparecian con la ruta antes de cerrarse losprogramas pero no se, de verdad esta tan infectada mi pc? te pego lo que tengo, ojala me puedan dar guia, gracias :D

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

Name: TrackingCookie.Netflame

Path: C:\Documents and Settings\Sonia\Cookies\sonia@ssl-hints.netflame[1].txt

Risk: Medium

Name: Adware.WebRebates

Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins

Risk: Medium

Name: Adware.PSGuard

Path: HKLM\SOFTWARE\ShudderLTD

Risk: Medium

Name: Adware.PSGuard

Path: HKLM\SOFTWARE\ShudderLTD\PSGuard

Risk: Medium

Name: Adware.PSGuard

Path: HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard

Risk: Medium

Name: Adware.PSGuard

Path: HKLM\SOFTWARE\ShudderLTD\PSGuard\PSGuard\License

Risk: Medium

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:19:58, on 25/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\DropBox\DropBox\DropBox.exe

C:\WINDOWS\system32\carpserv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/First2Enter/Portal/portal.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telenet Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O1 - Hosts: 62.75.224.159 www.bns3.net

O1 - Hosts: 62.75.224.159 www.bns4.net

O1 - Hosts: 62.75.224.159 www.bns5.net

O1 - Hosts: 62.75.224.159 www.bns6.net

O1 - Hosts: 62.75.224.159 www.bns7.net

O1 - Hosts: 62.75.224.159 www.bns8.net

O1 - Hosts: 62.75.224.159 www.cms3.net

O1 - Hosts: 62.75.224.159 www.cms4.net

O1 - Hosts: 62.75.224.159 www.cms5.net

O1 - Hosts: 62.75.224.159 www.cms6.net

O1 - Hosts: 62.75.224.159 www.cms7.net

O1 - Hosts: 62.75.224.159 www.cms8.net

O1 - Hosts: 62.75.224.159 www.rg1.com

O1 - Hosts: 62.75.224.159 www.rg2.com

O1 - Hosts: 62.75.224.159 www.rg3.com

O1 - Hosts: 62.75.224.159 www.rg4.com

O1 - Hosts: 62.75.224.159 www.rg5.com

O1 - Hosts: 62.75.224.159 www.rg6.com

O1 - Hosts: 62.75.224.159 www.rg7.com

O1 - Hosts: 62.75.224.159 www.rg8.com

O1 - Hosts: 62.75.224.159 bns3.net

O1 - Hosts: 62.75.224.159 bns4.net

O1 - Hosts: 62.75.224.159 bns5.net

O1 - Hosts: 62.75.224.159 bns6.net

O1 - Hosts: 62.75.224.159 bns7.net

O1 - Hosts: 62.75.224.159 bns8.net

O1 - Hosts: 62.75.224.159 cms3.net

O1 - Hosts: 62.75.224.159 cms4.net

O1 - Hosts: 62.75.224.159 cms5.net

O1 - Hosts: 62.75.224.159 cms6.net

O1 - Hosts: 62.75.224.159 cms7.net

O1 - Hosts: 62.75.224.159 cms8.net

O1 - Hosts: 62.75.224.159 rg1.com

O1 - Hosts: 62.75.224.159 rg2.com

O1 - Hosts: 62.75.224.159 rg3.com

O1 - Hosts: 62.75.224.159 rg4.com

O1 - Hosts: 62.75.224.159 rg5.com

O1 - Hosts: 62.75.224.159 rg6.com

O1 - Hosts: 62.75.224.159 rg7.com

O1 - Hosts: 62.75.224.159 rg8.com

O1 - Hosts: 62.75.224.159 2004CMS.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsb15.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""

O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Back2zip.lnk = C:\Program Files\Back2zip\Back2zip.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by122fd.bay122.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{043A4EF0-AA7A-48D1-9F2A-E26CDE827784}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{04D5AC68-9BA9-4B57-9957-2B8E120C78F4}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B82DB68-E5DA-4E62-BCA4-E6DECFFFB086}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{41C1DD46-534B-49CB-A102-D542D759EA92}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA577EA9-96DD-4719-B869-1DE501DEE88F}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{043A4EF0-AA7A-48D1-9F2A-E26CDE827784}: NameServer = 85.255.113.126,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - AppInit_DLLs: PAVWAIT.DLL Tۺ

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - http://www.yucatan.com.mx/especiales/navid...apers/angel.jpg

O24 - Desktop Component 1: (no name) - http://images.easyart.com/i/prints/lg/1/3/134218.jpg

O24 - Desktop Component 2: (no name) - http://www.eragonmovie.com/content/icons/eragon_msn_7.jpg

O24 - Desktop Component 3: (no name) - http://tkfiles.storage.msn.com/x1pPHu2K6HC...tvOux0ASIBGncMc

O24 - Desktop Component 4: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 13395 bytes

de verdad gracias por su paciencia y su dedicacion, son bien honorables, abrazo desde la belgie o_O
 

Caito

Ex- Mod
Miembro
Baja este programa:

Dr.Web CureIt

Dr.Web CureIt!

Doble click en drweb-cureit.exe

Clic en Star para que comience el scaneo

Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido

Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…

Cuando ese scan termine haz clic en Options > Change settings

Elige la solapa Scan y destildas "Heuristic analysis".

Ahora vuelve a la ventana principal y eliges los discos a scanear:

elige “All Drives”,un punto rojo te indica cuales elegiste

Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo

Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos

Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable

Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.

Ahora en el Menu principal clic en File y elige save report list

Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)

Cierra el programa.

Nos cuentas

saludos

caito
 
Estado
Cerrado para nuevas respuestas
Arriba Pie