Foro de Spyware - Ver Mensaje Individual - la dichosa about:blank,mensajes de error y search the web ¡casi na!

Tema: la dichosa about:blank,mensajes de error y search the web ¡casi na!

Ver Mensaje Individual

post #4 (permalink)

21/02/05, 13:58:46

AngeduCiel AngeduCiel está offline

Colaborador

Registrado: ene 2005

Ubicación: México D.F.

Mensajes: 516

Re: la dichosa about:blank,mensajes de error y search the web ¡casi na!

Hola :dedosarri

•» Descarga el Disk Cleaner

•» Desactiva la opcion de Restaurar Sistema, una vez limpio la puedes volver a activar.
•» Asegura que tu sistema Muestre los archivos y carpetas ocultos
•» Reinicia en modo a prueba de fallos
•» Ejecuta el HijackThis
•» Selecciona las siguientes entradas y dale en Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
O2 - BHO: (no name) - {CFBA6A8B-141A-EFF7-2284-53A16D783BE4} - C:\WINDOWS\system32\d3qb32.dll

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [msdy32.exe] C:\WINDOWS\system32\msdy32.exe
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKLM\..\Run: [pF6f35h] patnfiles.exe
O4 - HKLM\..\Run: [antiware] c:\windows\system32\eliteapm32.exe
O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\jose\CONFIG~1\Temp\5.tmp.exe 2 10001
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\RunOnce: [apphc32.exe] C:\WINDOWS\system32\apphc32.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKCU\..\Run: [YoppRRNEU] oakgman.exe

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/esw/games4.cab

•» Busca y elimina lo siguiente:

C:\WINDOWS\System32\soft.exe
C:\WINDOWS\System32\boln.dll
C:\WINDOWS\system32\d3qb32.dll
C:\WINDOWS\isrvs\
C:\WINDOWS\system32\msdy32.exe
C:\WINDOWS\System32\sm.exe
patnfiles.exe
c:\windows\system32\eliteapm32.exe
C:\WINDOWS\system32\apphc32.exe
C:\WINDOWS\System32\sm.exe
oakgman.exe

•» Limpia la papelera
•» Reinicia normalmente
•» Utiliza el Disk Cleaner para eliminar todos los archivos temporales de tu sistema
•» Toma otro log del HijackThis y dejalo aqui

Saludos