Foro de Spyware - Ver Mensaje Individual - HijackThis aqui esta Mi LOG (solucionado)

Tema: HijackThis aqui esta Mi LOG (solucionado)

Ver Mensaje Individual

post #1 (permalink)

13/11/05, 14:43:38

headkaka

Usuario

Registrado: nov 2005

Ubicación: chile

Mensajes: 54

HijackThis aqui esta Mi LOG (solucionado)

aqui les dejo mi log mi navegador va lento!! muy lento!!
Notengo antivirus!! solo ad aware y spybot & search__ y about blank en pagina de inicio y se me abren avisos publicitarios a cada rato y con el navegador iE al estar en red se sale!! se me cierra ayudenme grax

Logfile of HijackThis v1.99.1
Scan saved at 17:27:03, on 13/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ntbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\windows\system32\mdms.exe
C:\DOCUME~1\CHRIST~1.FAM\CONFIG~1\Temp\D.tmp.exe
C:\WINDOWS\ipeq32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\winstall.exe
C:\WINDOWS\System32\sysvcs.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Archivos de programa\rcra\eesi.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\RealOneMessageCenter.exe
C:\Archivos de programa\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qwjcc.dll/sp.html#87649
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\system32\prflbmsgp32.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll (file missing)
O2 - BHO: (no name) - {24E62FBC-9801-E7DC-2C22-CCCE6AEFB9CE} - C:\WINDOWS\System32\mgprkb.dll
O2 - BHO: (no name) - {426F7571-0EFF-31B0-5A55-AB0647B91F4F} - (no file)
O2 - BHO: Class - {4C94EE29-86CB-80FB-9E07-3C8ECF485735} - C:\WINDOWS\ierz.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {517AFD77-5511-4359-8109-719189382F84} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addas.dll
O2 - BHO: Class - {664FBA42-F0B3-5448-F5E6-235B70B57B3F} - C:\WINDOWS\system32\msco.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {726BE65F-E071-4F43-BBC1-BB0558532921} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: C:\WINDOWS\q10895757.dll - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - C:\WINDOWS\q10895757.dll (file missing)
O2 - BHO: Class - {7CB78427-6D7E-3091-AAEA-A3F55AF5061E} - C:\WINDOWS\sysqn32.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {8EE0F58C-6C20-4FB0-B3A0-61BDF298C97D} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: Class - {9511A22D-41BD-6573-A767-456D795AA19A} - C:\WINDOWS\d3ap32.dll
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent217.dll
O2 - BHO: Class - {B48F24F6-EAF7-53A3-84DB-486DEABAC736} - C:\WINDOWS\system32\apiey.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: Class - {CAAE655F-2DCF-C22E-E0F1-2CD01C369A66} - C:\WINDOWS\system32\javaay32.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O3 - Toolbar: (no name) - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Archivos de programa\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C.tmp] C:\DOCUME~1\CHRIST~1.FAM\CONFIG~1\Temp\C.tmp.exe
O4 - HKLM\..\Run: [D.tmp] C:\DOCUME~1\CHRIST~1.FAM\CONFIG~1\Temp\D.tmp.exe
O4 - HKLM\..\Run: [C.tmp.exe] C:\DOCUME~1\CHRIST~1.FAM\CONFIG~1\Temp\C.tmp.exe
O4 - HKLM\..\Run: [D.tmp.exe] C:\DOCUME~1\CHRIST~1.FAM\CONFIG~1\Temp\D.tmp.exe
O4 - HKLM\..\Run: [ieqc32.exe] C:\WINDOWS\system32\ieqc32.exe
O4 - HKLM\..\Run: [ipeq32.exe] C:\WINDOWS\ipeq32.exe
O4 - HKLM\..\Run: [syssc32.exe] C:\WINDOWS\system32\syssc32.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Archivos de programa\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Archivos de programa\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [winqi.exe] C:\WINDOWS\system32\winqi.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
O4 - HKLM\..\Run: [iere.exe] C:\WINDOWS\iere.exe
O4 - HKLM\..\Run: [sdkqd32.exe] C:\WINDOWS\system32\sdkqd32.exe
O4 - HKLM\..\Run: [sdkha32.exe] C:\WINDOWS\system32\sdkha32.exe
O4 - HKLM\..\Run: [appfq.exe] C:\WINDOWS\appfq.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [crst.exe] C:\WINDOWS\system32\crst.exe
O4 - HKLM\..\Run: [crij.exe] C:\WINDOWS\crij.exe
O4 - HKCU\..\Run: [Helpiso] C:\DOCUME~1\CHRIST~1.FAM\DATOSD~1\INFO64~1\HOLE FLAW.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [Gfqs] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [Pdco] "C:\Archivos de programa\rcra\eesi.exe" -vt mt
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm341YYCL
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/CursorManiaFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601_es.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender-es.com/scan8/oscan8.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129402152947
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender-es.com/scan/Msie/bitdefender.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} - http://www.sponsoradulto.com/SysWebTelecom.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.myemo.com/my_picture/Flash2Image.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4463/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{689A296A-99A2-4D15-B659-EA99A268EBA1}: NameServer = 85.255.114.77 85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAE3FE9-1F20-46FF-8C4E-98CE6475546B}: NameServer = 85.255.114.77,85.255.112.146
O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\q10895757.dll (file missing)
O21 - SSODL: CHEDBDEG - {38A75E2D-0B55-17E3-2E9E-0BEA4B7C1297} - (no file)
O21 - SSODL: mtklefap - {28E67063-DBA2-4E18-7097-98AD2C836D2B} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntbv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe