« anterior próximo »
Páginas: [1]   Ir Abajo

Autor Tema: Limpiar con Hijack SOLUCIONADO  (Leído 11565 veces)

Desconectado robertogr

  • Junior Member
  • **
  • Mensajes: 23
  • www.daboweb.com
Limpiar con Hijack SOLUCIONADO
« en: 14 de Marzo de 2006, 11:48:17 am »
Hola a Tod@s:
Agradeceré toda la ayuda para hacer una limpieza de basurilla,
en mi PC.He pasado varios antivirus y hay cosas que no puedo eliminar.
Robertogr


StartupList report, 14/03/2006, 11:17:16
StartupList version: 1.52.2
Started from : C:\Documents and Settings\toreno\Escritorio\hijackthis\HijackThis.EXE
Detected: Windows XP  (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.exe
C:\Documents and Settings\toreno\Escritorio\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
Cliente Medora CyL.lnk = C:\Archivos de programa\Medora CyL\Cliente\ClienteMedoraCYL.exe
Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Smapp = C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
CPQEASYACC = C:\Archivos de programa\COMPAQ\Easy Access Button Support\StartEAK.exe
PROMon.exe = PROMon.exe
ChkAdmin = C:\ARCHIV~1\Compaq\COMPAQ~1\CHKADMIN.EXE
Realtime Monitor = C:\ARCHIV~1\CA\ETRUST~1\realmon.exe -s
WinVNC = "C:\Archivos de programa\RealVNC\WinVNC\winvnc.exe" -servicehelper

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

CPQDFWAG = C:\Windows\Cpqdiag\CpqDfwAg.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Archivos de programa\Messenger\msmsgs.exe" /background
ctfmon.exe = C:\Windows\System32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe init32m.exe
SCRNSAVE.EXE=C:\Windows\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\archivos de programa\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

XoftSpy.job

--------------------------------------------------

Enumerating Download Program Files:

[{11111111-1111-1111-1111-222222222222}]
CODEBASE = ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex-orgy.com/mad/bighelp2.chm::/uninst.exe

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

[{4B0999FD-6937-11D5-8FEC-00606779369C}]

[WUWebControl Class]
InProcServer32 = C:\Windows\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134858111257

[AeatCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AEAT.dll
CODEBASE = https://www5.aeat.es/es13/h/cactivex.cab

[Shockwave Flash Object]
InProcServer32 = C:\Windows\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\Windows\system32\SHELL32.dll
CDBurn: C:\Windows\system32\SHELL32.dll
WebCheck: C:\Windows\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\Windows\System32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

wininet.dll = dfrgsrv.exe

--------------------------------------------------

End of report, 5.287 bytes
Report generated in 0,078 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Logfile of HijackThis v1.99.1
Scan saved at 11:24:45, on 14/03/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.exe
C:\Documents and Settings\toreno\Escritorio\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanidad.jcyl.es/sanidad/cm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0C0A/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanidad.jcyl.es/sanidad/cm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.93.57.46/?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://69.93.57.46/?qq=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://medora/medora
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet.sacyl.es/sacyl.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.sacyl.es:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.buzon.sacyl.es;pop3.sacyl.es;smtp.sacyl.es;www.medinet.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O1 - Hosts file is located at: C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 69.93.57.44 www.madthumbs.com
O1 - Hosts: 69.93.57.44 madthumbs.com www.sexocean.com sexocean.com www.cowlist.com cowlist.com www.easygals.com easygals.com www.muyzorras.com muyzorras.com www.xnxx.com xnxx.com
O1 - Hosts: 69.93.57.44 www.pichunter.com pichunter.com www.88by88.com 88by88.com www.rubias19.com rubias19.com hqgal.com www.hqgal.com petiteteenager.com www.petiteteenager.com petardas.com www.petardas.com
O1 - Hosts: 69.93.57.44 puppykibble.com www.puppykibble.com www.sweetiestgp.com sweetiestgp.com www.bunnyteens.com bunnyteens.com www.amateurcurves.com amateurcurves.com thumbzilla.com www.thumbzilla.com
O1 - Hosts: 69.93.57.44 sexape.com www.sexape.com picwarehouse.com www.picwarehouse.com sublimedirectory.com www.sublimedirectory.com fuckk.com www.fuckk.com youngerbabes.com www.youngerbabes.com 1storgasm.com www.1storgasm.com slickgalleries.com
O1 - Hosts: 69.93.57.44 www.madteenies.com madteenies.com www.slickgalleries.com 10fuck.com www.10fuck.com smashingthumbs.com www.thumbnailseries.com thumbnailseries.com goatlist.com www.goatlist.com teentiger.com www.teentiger.com
O1 - Hosts: 69.93.57.44 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com lloronas.com www.lloronas.com p0rno.org www.p0rno.org www.starslist.com starslist.com gigagalleries.com
O1 - Hosts: 69.93.57.44 elreyano.com www.elreyano.com purextc.com www.purextc.com officespy.com www.officespy.com www.secretarygalleries.com www.gigagalleries.com www.croseries.com croseries.com www.top-galleries.com top-galleries.com
O1 - Hosts: 69.93.57.44 sexyfotky.cz www.sexyfotky.cz hammervideo.com www.hammervideo.com rawpussy.com www.rawpussy.com teeniesxxx.com www.teeniesxxx.com porn-view.com www.porn-view.com dailybasis.com www.dailybasis.com
O1 - Hosts: 69.93.57.44 pornstarfinder.net www.pornstarfinder.net jennysbookmarks.com www.jennysbookmarks.com babes4free.com www.babes4free.com 3pic.com www.3pic.com www.freefoto.cz freefoto.cz zrale-zeny.com www.zrale-zeny.com
O1 - Hosts: 69.93.57.44 searchgals.com www.searchgals.com picsmonster.com www.picsmonster.com sublimepie.com www.sublimepie.com pornhelious.com www.pornhelious.com galleries4free.com www.galleries4free.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Archivos de programa\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\ARCHIV~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\ARCHIV~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WinVNC] "C:\Archivos de programa\RealVNC\WinVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - Global Startup: Cliente Medora CyL.lnk = C:\Archivos de programa\Medora CyL\Cliente\ClienteMedoraCYL.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Búsqueda en Google - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar2.dll/cmbacklinks.html
O13 - DefaultPrefix: http://69.93.57.46/?qq=
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C: oo.mht!http://www.drunk-sex-orgy.com/mad/bighelp2.chm::/uninst.exe
O16 - DPF: {4B0999FD-6937-11D5-8FEC-00606779369C} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134858111257
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DOM_TORENO.CS
O17 - HKLM\Software\..\Telephony: DomainName = DOM_TORENO.CS
O17 - HKLM\System\CCS\Services\Tcpip\..\{16DC204A-FE7B-437D-AFF7-60153C387DF3}: NameServer = 10.36.110.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DOM_TORENO.CS
O17 - HKLM\System\CS1\Services\Tcpip\..\{16DC204A-FE7B-437D-AFF7-60153C387DF3}: NameServer = 10.36.110.98
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DOM_TORENO.CS
O17 - HKLM\System\CS2\Services\Tcpip\..\{16DC204A-FE7B-437D-AFF7-60153C387DF3}: NameServer = 10.36.110.98
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Archivos de programa\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Archivos de programa\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\ARCHIV~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Archivos de programa\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Archivos de programa\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Archivos de programa\RealVNC\WinVNC\winvnc.exe" -service (file missing)


En línea
Páginas: [1]   Ir Arriba
« anterior próximo »
 

Aviso Legal | Política de Privacidad | Política de Cookies

el contenido de la web se rige bajo licencia
Creative Commons License
creative commons.