Foro de Spyware - Ver Mensaje Individual - ayuda que procesos borro del hijackthis

Tema: ayuda que procesos borro del hijackthis

Ver Mensaje Individual

post #1 (permalink)

18/06/05, 15:41:03

luis200

Usuario

Registrado: jun 2005

Ubicación: mexico

Mensajes: 1

ayuda que procesos borro del hijackthis

ayuda parece que tengo el about:blank que borro de estos procesos tambien
no puedo abrir ninguna carpeta haciendo doble click con el mause me marca
un mensaje de rutine error program c:\PROGRA~1\COMMON~1\oioi\oioia.exe
que ago por fabor estos son los procesos que me marca:hijackthis...
Logfile of HijackThis v1.99.1
Scan saved at 11

15 PM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Moises\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irxbx.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irxbx.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yypis.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yypis.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yypis.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yypis.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5400
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00C0618C-1BC9-8D1E-D318-81B8263C4778} - C:\WINDOWS\sysxx32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [apivp.exe] C:\WINDOWS\system32\apivp.exe
O4 - HKLM\..\Run: [13.tmp] C:\DOCUME~1\Moises\LOCALS~1\Temp\13.tmp.exe 1 10001
O4 - HKLM\..\Run: [Anti Spyware] "C:\Program Files\SinEspias\no-spy.exe" /autorun
O4 - HKLM\..\Run: [nthw32.exe] C:\WINDOWS\system32\nthw32.exe
O4 - HKLM\..\Run: [AutoLoader3Fqy1dKWOZaO] "C:\WINDOWS\System32\ilsgnt5.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [ZStart] C:\windows\system32\sdxregwx.exe lee0105
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\iedsysi6.exe lee0105
O4 - HKLM\..\Run: [msfv32.exe] C:\WINDOWS\system32\msfv32.exe
O4 - HKLM\..\Run: [cploader.exe] C:\WINDOWS\system32\cploader.exe
O4 - HKLM\..\Run: [revisorsystray.exe] C:\WINDOWS\system32\revisorsystray.exe
O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [7a2ca25130b7] C:\WINDOWS\system32\ati2dvaa.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitenic32.exe
O4 - HKLM\..\Run: [ipky32.exe] C:\WINDOWS\system32\ipky32.exe
O4 - HKLM\..\Run: [Skjpes] C:\Program Files\Efyobzi\Fxgvek.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\uvmplv.exe reg_run
O4 - HKLM\..\Run: [apdefvh] c:\windows\system32\urwoqpj.exe r
O4 - HKLM\..\RunOnce: [crqp32.exe] C:\WINDOWS\system32\crqp32.exe
O4 - HKLM\..\RunOnce: [sdkhu.exe] C:\WINDOWS\system32\sdkhu.exe
O4 - HKLM\..\RunOnce: [nethg32.exe] C:\WINDOWS\system32\nethg32.exe
O4 - HKLM\..\RunOnce: [d3ml32.exe] C:\WINDOWS\d3ml32.exe
O4 - HKLM\..\RunOnce: [netao32.exe] C:\WINDOWS\system32\netao32.exe
O4 - HKLM\..\RunOnce: [apied32.exe] C:\WINDOWS\apied32.exe
O4 - HKLM\..\RunOnce: [mshu32.exe] C:\WINDOWS\mshu32.exe
O4 - HKLM\..\RunOnce: [ntgi32.exe] C:\WINDOWS\ntgi32.exe
O4 - HKLM\..\RunOnce: [javaut.exe] C:\WINDOWS\javaut.exe
O4 - HKLM\..\RunOnce: [addpe.exe] C:\WINDOWS\system32\addpe.exe
O4 - HKLM\..\RunOnce: [sysel.exe] C:\WINDOWS\system32\sysel.exe
O4 - HKLM\..\RunOnce: [javaoe32.exe] C:\WINDOWS\system32\javaoe32.exe
O4 - HKLM\..\RunOnce: [crix.exe] C:\WINDOWS\crix.exe
O4 - HKLM\..\RunOnce: [ipzk.exe] C:\WINDOWS\system32\ipzk.exe
O4 - HKLM\..\RunOnce: [crcg.exe] C:\WINDOWS\crcg.exe
O4 - HKLM\..\RunOnce: [sysnh32.exe] C:\WINDOWS\system32\sysnh32.exe
O4 - HKLM\..\RunOnce: [applp.exe] C:\WINDOWS\system32\applp.exe
O4 - HKLM\..\RunOnce: [ipht.exe] C:\WINDOWS\ipht.exe
O4 - HKLM\..\RunOnce: [apipn32.exe] C:\WINDOWS\apipn32.exe
O4 - HKLM\..\RunOnce: [javaau32.exe] C:\WINDOWS\system32\javaau32.exe
O4 - HKLM\..\RunOnce: [ieqb.exe] C:\WINDOWS\system32\ieqb.exe
O4 - HKLM\..\RunOnce: [appuf32.exe] C:\WINDOWS\appuf32.exe
O4 - HKLM\..\RunOnce: [sysdg.exe] C:\WINDOWS\sysdg.exe
O4 - HKLM\..\RunOnce: [winjc32.exe] C:\WINDOWS\winjc32.exe
O4 - HKLM\..\RunOnce: [sysyz32.exe] C:\WINDOWS\system32\sysyz32.exe
O4 - HKLM\..\RunOnce: [appxf.exe] C:\WINDOWS\appxf.exe
O4 - HKLM\..\RunOnce: [sysnu.exe] C:\WINDOWS\sysnu.exe
O4 - HKLM\..\RunOnce: [javaxn32.exe] C:\WINDOWS\system32\javaxn32.exe
O4 - HKLM\..\RunOnce: [d3qy.exe] C:\WINDOWS\d3qy.exe
O4 - HKLM\..\RunOnce: [winmc.exe] C:\WINDOWS\winmc.exe
O4 - HKLM\..\RunOnce: [atlfd32.exe] C:\WINDOWS\atlfd32.exe
O4 - HKLM\..\RunOnce: [ipvk.exe] C:\WINDOWS\ipvk.exe
O4 - HKLM\..\RunOnce: [netei.exe] C:\WINDOWS\system32\netei.exe
O4 - HKLM\..\RunOnce: [windy32.exe] C:\WINDOWS\windy32.exe
O4 - HKLM\..\RunOnce: [d3un32.exe] C:\WINDOWS\system32\d3un32.exe
O4 - HKLM\..\RunOnce: [msbv.exe] C:\WINDOWS\system32\msbv.exe
O4 - HKLM\..\RunOnce: [d3cw.exe] C:\WINDOWS\d3cw.exe
O4 - HKLM\..\RunOnce: [addzt32.exe] C:\WINDOWS\system32\addzt32.exe
O4 - HKLM\..\RunOnce: [apiqa32.exe] C:\WINDOWS\system32\apiqa32.exe
O4 - HKLM\..\RunOnce: [atlle.exe] C:\WINDOWS\atlle.exe
O4 - HKLM\..\RunOnce: [ntpo.exe] C:\WINDOWS\ntpo.exe
O4 - HKLM\..\RunOnce: [adddt32.exe] C:\WINDOWS\system32\adddt32.exe
O4 - HKLM\..\RunOnce: [appoe32.exe] C:\WINDOWS\appoe32.exe
O4 - HKLM\..\RunOnce: [msti32.exe] C:\WINDOWS\msti32.exe
O4 - HKLM\..\RunOnce: [atlwu.exe] C:\WINDOWS\atlwu.exe
O4 - HKLM\..\RunOnce: [sdkza.exe] C:\WINDOWS\system32\sdkza.exe
O4 - HKLM\..\RunOnce: [javawk32.exe] C:\WINDOWS\javawk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [oioi] C:\PROGRA~1\COMMON~1\oioi\oioim.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: RevisorSystray.lnk = C:\WINDOWS\system32\revisorsystray.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\iedsysi6.exe
O4 - Startup: Zstart.lnk = C:\WINDOWS\system32\winfbainst3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: palstart.exe
O4 - Global Startup: rnpi.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D72C459-445C-43B7-9B54-7F7A7AEF9974}: NameServer = 66.81.0.251 66.81.0.252
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crqp32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe