SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
Problemas con redireccionamiento en las busquedas a través de GOOGLE
iolajavier:
este es el log del rapport.txt:
SmitFraudFix v2.274
Scan done at 19:21:21,18, 23/01/2008
Run from C:\Documents and Settings\a\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\ts_header.gif Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Adaptador Fast Ethernet SiS 900-Based PCI - Minipuerto del administrador de paquetes
DNS Server Search Order: 80.58.61.250
DNS Server Search Order: 80.58.61.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{48459235-1229-4251-82CF-AF955B741ACC}: DhcpNameServer=80.58.61.250 80.58.61.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{48459235-1229-4251-82CF-AF955B741ACC}: DhcpNameServer=62.81.0.36 62.81.16.132
HKLM\SYSTEM\CS2\Services\Tcpip\..\{48459235-1229-4251-82CF-AF955B741ACC}: DhcpNameServer=80.58.61.250 80.58.61.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{48459235-1229-4251-82CF-AF955B741ACC}: DhcpNameServer=62.81.0.36 62.81.16.132
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.58.61.250 80.58.61.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.81.0.36 62.81.16.132
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.58.61.250 80.58.61.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.81.0.36 62.81.16.132
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Mr_X:
Ahora intenta sacar el log del HijackThis iniciando en Modo seguro...
iolajavier:
lo siento no puedo. Lo he intentado todo, incluso copiando en un archivo de texto el log para después copiarlo aquí, pero cuando me deja abrir el archivo, inmediatamente lo cierra, y se me cae el escritorio y se queda colgado. Empiezo a pensar que alguien está jugando conmigo para que no abra o desistale ciertos programas como el propio hijackdisk o el Adobe Flash Media Player.
Por favor, qué hago ahora?
Mr_X:
Vuelve a sacar la lista de procesos activos con el comando tasklist
iolajavier:
aquí está:
Microsoft Windows XP [Versión 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\a>tasklist
Nombre de imagen PID Nombre de sesión Núm. de Uso de memor
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 KB
System 4 Console 0 24 KB
smss.exe 472 Console 0 48 KB
csrss.exe 520 Console 0 1.996 KB
winlogon.exe 544 Console 0 736 KB
services.exe 592 Console 0 1.248 KB
lsass.exe 604 Console 0 1.968 KB
svchost.exe 772 Console 0 1.816 KB
svchost.exe 840 Console 0 1.576 KB
svchost.exe 924 Console 0 11.660 KB
svchost.exe 1004 Console 0 976 KB
svchost.exe 1076 Console 0 1.476 KB
spoolsv.exe 1268 Console 0 812 KB
scardsvr.exe 1320 Console 0 408 KB
mdm.exe 1432 Console 0 492 KB
PsCtrlS.exe 1548 Console 0 5.120 KB
PAVSRV51.EXE 1564 Console 0 1.940 KB
AVENGINE.EXE 1600 Console 0 12.820 KB
PsImSvc.exe 1620 Console 0 1.092 KB
svchost.exe 1708 Console 0 176 KB
svchost.exe 2052 Console 0 740 KB
alg.exe 2644 Console 0 140 KB
WgaTray.exe 3716 Console 0 140 KB
explorer.exe 3744 Console 0 12.756 KB
rundll32.exe 3884 Console 0 528 KB
PDVDServ.exe 3904 Console 0 264 KB
SafeSignCertReg.exe 3912 Console 0 592 KB
ApVxdWin.exe 3976 Console 0 2.476 KB
CtrlAT20.exe 3996 Console 0 360 KB
ctfmon.exe 4024 Console 0 1.428 KB
MagicKey.exe 4044 Console 0 888 KB
SafeSignStatus.exe 1988 Console 0 496 KB
WZQKPICK.EXE 1984 Console 0 280 KB
MulMouse.exe 360 Console 0 504 KB
OSD.exe 1476 Console 0 232 KB
WebProxy.exe 1016 Console 0 4.688 KB
iexplore.exe 2284 Console 0 36.600 KB
iexplore.exe 3732 Console 0 46.132 KB
cmd.exe 3120 Console 0 3.440 KB
tasklist.exe 3200 Console 0 6.032 KB
wmiprvse.exe 3788 Console 0 7.232 KB
C:\Documents and Settings\a>
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa