VA DE NUEZ.... :eek:



Logfile of HijackThis v1.99.1
Scan saved at 18:36:53, on 25/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\isrvs\desktop.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\WINDOWS\fnxqmgkb.exe
C:\WINDOWS\mfczq.exe
C:\Archivos de programa\ISTsvc\istsvc.exe
C:\Archivos de programa\Web_Rebates\WebRebates1.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Netscape\Netscape\Netscp.exe
C:\Archivos de programa\Web_Rebates\WebRebates0.exe
C:\Archivos de programa\Outlook Express\msimn.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\metro.exe
C:\WINDOWS\system32\crcs.exe
C:\WINDOWS\system32\crcs.exe
C:\WINDOWS\system32\d3ba32.exe
C:\WINDOWS\system32\crcs.exe
C:\Documents and Settings\user\Mis documentos\temporal\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\priky.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\priky.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\priky.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\priky.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\priky.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\priky.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0A66CBAA-236D-B89D-CD83-DE127147DC70} - C:\WINDOWS\atliq32.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\Run: [Look 'n' Stop] C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto
O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe
O4 - HKLM\..\Run: [rXdaeqhq] C:\WINDOWS\fnxqmgkb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Archivos de programa\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [mfczq.exe] C:\WINDOWS\mfczq.exe
O4 - HKLM\..\Run: [ü]mú*^aæœQ�ÏY] C:\WINDOWS\fnxqmgkb.exe
O4 - HKLM\..\Run: [IST Service] C:\Archivos de programa\ISTsvc\istsvc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Web Rebates - file://C:\Archivos de programa\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Archivos de programa\SideFind\sidefind.dll
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/10.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O18 - Filter: text/html - {3BEB645E-3601-424C-BB28-74C8A8715C3F} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Workstation NetLogon Service (� 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\crcs.exe" /s (file missing)