Foro de Spyware - Ver Mensaje Individual - Se me abren páginas de internet solas (Solucionado)

Tema: Se me abren páginas de internet solas (Solucionado)

Ver Mensaje Individual

post #3 (permalink)

07/03/06, 04:56:05

amanovi

Usuario

Registrado: feb 2006

Ubicación: Málaga

Mensajes: 3

Re: Se me abren páginas de internet solas

Hola!

Hice lo q m dijiste y parece q se ha solucionado el problema. ¿Qué tenía? Aquí te dejo los logs:

Muchas gracias por la ayuda

Look2Me-Destroyer V1.0.7

Scanning for infected files.....
Scan started at 07/03/2006 9:33:20

Infected! C:\WINNT\system32\r46u0ej9eho.dll
Infected! C:\WINNT\system32\dcghelp.dll
Infected! C:\WINNT\system32\dnls0137e.dll
Infected! C:\WINNT\system32\ennul1591.dll
Infected! C:\WINNT\system32\f22m0cf1ef2.dll
Infected! C:\WINNT\system32\g022lafo1d2c.dll
Infected! C:\WINNT\system32\g2040cdqef0e0.dll
Infected! C:\WINNT\system32\hrj6051se.dll
Infected! C:\WINNT\system32\iCssvcs.dll
Infected! C:\WINNT\system32\m4640ejqehoe0.dll
Infected! C:\WINNT\system32\m628lgfu1628.dll
Infected! C:\WINNT\system32\mv4ul9h91.dll
Infected! C:\WINNT\system32\r46u0ej9eho.dll
Infected! C:\WINNT\system32\swecli.dll
Infected! C:\WINNT\system32\wmnmp32.dll
Infected! C:\WINNT\system32\wnwfax.dll

Attempting to delete infected files...

Attempting to delete: C:\WINNT\system32\r46u0ej9eho.dll
C:\WINNT\system32\r46u0ej9eho.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\dcghelp.dll
C:\WINNT\system32\dcghelp.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\dnls0137e.dll
C:\WINNT\system32\dnls0137e.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\ennul1591.dll
C:\WINNT\system32\ennul1591.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\f22m0cf1ef2.dll
C:\WINNT\system32\f22m0cf1ef2.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\g022lafo1d2c.dll
C:\WINNT\system32\g022lafo1d2c.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\g2040cdqef0e0.dll
C:\WINNT\system32\g2040cdqef0e0.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\hrj6051se.dll
C:\WINNT\system32\hrj6051se.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\iCssvcs.dll
C:\WINNT\system32\iCssvcs.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\m4640ejqehoe0.dll
C:\WINNT\system32\m4640ejqehoe0.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\m628lgfu1628.dll
C:\WINNT\system32\m628lgfu1628.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\mv4ul9h91.dll
C:\WINNT\system32\mv4ul9h91.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\r46u0ej9eho.dll
C:\WINNT\system32\r46u0ej9eho.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\swecli.dll
C:\WINNT\system32\swecli.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\wmnmp32.dll
C:\WINNT\system32\wmnmp32.dll Deleted successfully!

Attempting to delete: C:\WINNT\system32\wnwfax.dll
C:\WINNT\system32\wnwfax.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{BE310A72-55D2-4750-A956-8799E06DE6D0}"
HKCR\Clsid\{BE310A72-55D2-4750-A956-8799E06DE6D0}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{0E2A3E6E-7469-48E0-8BDB-027E36AD8FE9}"
HKCR\Clsid\{0E2A3E6E-7469-48E0-8BDB-027E36AD8FE9}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{20E2F05B-C411-4F29-95C2-A40F796B4CB5}"
HKCR\Clsid\{20E2F05B-C411-4F29-95C2-A40F796B4CB5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{A07CAB1F-559B-40BA-8B61-1330C49EF145}"
HKCR\Clsid\{A07CAB1F-559B-40BA-8B61-1330C49EF145}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{AFE634B0-A211-4704-92E3-94AFC198CFAB}"
HKCR\Clsid\{AFE634B0-A211-4704-92E3-94AFC198CFAB}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administradores - Succeeded

El del HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 9:54:05, on 07/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Apache Group\Apache2\bin\Apache.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Apache Group\Apache2\bin\Apache.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\Explorer.EXE
C:\oracle\ora90\BIN\TNSLSNR.exe
c:\oracle\ora90\bin\ORACLE.EXE
c:\oracle\ora90\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Archivos de programa\WMPCI54G WLAN Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\WMPCI54G WLAN Monitor\WMP54G.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\Archivos de programa\Archivos comunes\System\MSSearch\Bin\mssearch.exe
C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrador\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] :nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] :"C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] :RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MessengerPlus3] :"C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Archivos de programa\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with &XML Spy - C:\Archivos de programa\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Archivos de programa\Altova\XMLSpy2005\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Archivos de programa\Altova\XMLSpy2005\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Archivos de programa\Altova\XMLSpy2005\spy.htm
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Archivos de programa\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Archivos de programa\Altova\xmlspy\spy.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128525668171
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25CFFB9D-FD0E-432E-A20B-681D5AFDB45E}: NameServer = 192.168.8.114
O17 - HKLM\System\CCS\Services\Tcpip\..\{F52E5159-9FBC-48AB-BD41-C0843EAB42CD}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)
O23 - Service: Apache2 - Unknown owner - C:\Archivos de programa\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Archivos de programa\e-novative\WAMP\MySql\MySql Server 4.1\bin\mysqld-nt.exe" "--defaults-file=C:\Archivos de programa\e-novative\WAMP\MySql\MySql Server 4.1\my.ini" MySQL (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleOraHome90Agent - Oracle Corporation - C:\oracle\ora90\bin\agntsrvc.exe
O23 - Service: OracleOraHome90ClientCache - Unknown owner - C:\oracle\ora90\BIN\ONRSD.EXE
O23 - Service: OracleOraHome90PagingServer - Unknown owner - C:\oracle\ora90/bin/pagntsrv.exe
O23 - Service: OracleOraHome90SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora90\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome90SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora90\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome90TNSListener - Unknown owner - C:\oracle\ora90\BIN\TNSLSNR.exe
O23 - Service: OracleServiceBDGLOBAL - Oracle Corporation - c:\oracle\ora90\bin\ORACLE.EXE
O23 - Service: OracleServiceDB - Oracle Corporation - c:\oracle\ora90\bin\ORACLE.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WMP54GSVC - Unknown owner - C:\Archivos de programa\WMPCI54G WLAN Monitor\WLService.exe" "WMP54G.exe (file missing)