| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Enviar a: | Herramientas |
 | 
18/10/05, 03:32:06
|  |
| |||
 Necesito ayuda, se me abren paginas de internet (solucionado) Bueno pues despues de entrar en una pagina de serials. Se me abren cada dos por tres ventanitas de internet con diversa informacion. Os reporto el log del HijackThis a ver si me podeis ayudar, gracias de antemano. He pasado todos los programas que teneis mencionados pero sigue igual: ------- Logfile of HijackThis v1.99.1 Scan saved at 8:07:43, on 18/10/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\E_S00RP1.EXE C:\WINNT\System32\svchost.exe C:\Archivos de programa\Kerio\ServerFirewall\srvfw.exe C:\WINNT\System32\llssrv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Archivos de programa\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\WINNT\system32\svchost.exe C:\Archivos de programa\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\msdtc.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\atiptaxx.exe C:\ARCHIV~1\Trust\450LRM~1\Amoumain.exe C:\WINNT\SOUNDMAN.EXE C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe C:\Archivos de programa\QuickTime\qttask.exe C:\WINNT\system32\CTHELPER.EXE C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\Archivos de programa\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Archivos de programa\LycosWLANSniffer\WLANSniffer.exe C:\Archivos de programa\VitalSigns\Net.Medic\Program\netMedic.exe C:\ARCHIV~1\VITALS~1\Net.Medic\Program\syshook.exe C:\WINNT\system32\rundll32.exe C:\ARCHIV~1\DAP\DAP.EXE C:\Archivos de programa\Outlook Express\msimn.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Archivos de programa\WinRAR\WinRAR.exe C:\DOCUME~1\Javier\CONFIG~1\Temp\Rar$EX00.688\Hija ckThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: Barra de herramientas de MSN*Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [WheelMouse] C:\ARCHIV~1\Trust\450LRM~1\Amoumain.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C:\Archivos de programa\MSN Toolbar Suite\DS\02.05.0001.1119\es-es\bin\WindowsSearch.exe O4 - Global Startup: eMule Plus.lnk = C:\Archivos de programa\eMule\eMule.exe O4 - Global Startup: Iniciar Outlook Express.lnk = C:\Archivos de programa\Outlook Express\msimn.exe O4 - Global Startup: Lycos WLAN Sniffer.lnk = C:\Archivos de programa\LycosWLANSniffer\WLANSniffer.exe O4 - Global Startup: Net.Medic.lnk = C:\Archivos de programa\VitalSigns\Net.Medic\Program\netMedic.exe O8 - Extra context menu item: &MSN Search - res://C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll/search.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2492ac5025c3a237a620/netzip/RdxIE2.cab O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121455757234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121455744968 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://aeat.es/imagenes/comun/cactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/es/filesharingctrl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D7A555B1-6BCF-43A9-A45F-9910AB4FACA6}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: bw+0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {61FBF9D4-778C-438D-B0C8-099118A2DBDE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: OfficeUpdate - C:\WINNT\system32\s2pu0c79ef.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Javier\Escritorio\CWShredder.exe (file missing) O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT\system32\E_S00RP1.EXE O23 - Service: Kerio ServerFirewall (KerioServerFirewall) - Kerio Technologies - C:\Archivos de programa\Kerio\ServerFirewall\srvfw.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing) O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Archivos de programa\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing) ------------- Las paginas de internet que se me abren, son estas un ejemplo: ----------------------------------------------------------------- http://www.spotresults.com/cgi-bin/search.cgi?keywords=popupallowed http://citi.bridgetrack.com/usc/Affiliates/College/Plat/Visa/BrannStep/default.htm?BTData=C02117A74667E6F5850484CABB0A1AC AB89908B84F6E1E6F0689DC62&BT_TRF=249053&app=COLLEG E&sc=4CPCW075&m=60MR00000AW&langId=EN&siteId=CB&B= V&sid=PSCVmr560118376&EMAIL_ADDRESS=&BT_TX=1&Prosp ectID=66ECDEDB5329400A8247B1AB0BC8FDA5 http://www.metareward.com/mr/Page?p=ez2&ci=41431&pubci=45218&offerId=2300&sn=rg &showmrpx=F&nord=T&wsh0=1173&px1=azoogshell200&ptr _id=ïNK&sid2=ïNK&sion=on http://www.shop4lesswithbarry.com/ http://www.mydishprovider.com/index2.php?affil=1918-mass3 http://www.searc-h.com/normal/yyy34.html http://www213.paypopup.com/adsDirect.php?data=rSe_2%2F%FE%2A3%2B%2F%7D%2F.%2C %24S%5C77sX%5CfZUKj_%FEq_ZcY%3B%7B%2B1-0%F3lcY%3B%FE%29%2C.4%FE%2C1%295&id=BundleWare&cid =1569722&sid=23782&tid=1129614747&campaign=&ref=&r url=&clater=&defurl= http://www213.paypopup.com/adsDirect.php?data=rSe_2%2F%FE%2A3%2B%2F%7D13%25%2 4S%5C77sX%5CfZUKj_%FEq_ZcY%3B%7B%2B1-0%F3lcY%3B%FE%29%2C.4%FE%2C3..&id=BundleWare&cid=1 569722&sid=23782&tid=1129614990&campaign=&ref=&rur l=&clater=&defurl= http://www.metareward.com/mr/Page?p=ez2&ci=41431&pubci=45218&offerId=2300&sn=rg &showmrpx=F&nord=T&wsh0=1173&px1=azoogshell200&ptr _id=ïNK&sid2=ïNK&sion=on http://www.bbqsauceofthemonth.com/free/index.php  |
| InfoSpyware | ||
| |
|
18/10/05, 10:24:09
| |
| ||||
| Re: Necesito ayuda, se me abren paginas de internet. <--- Paso 1 ---> <--- Paso 2 ---> Con todos los programas cerrados, marca estas entradas y pulsa en Fix Checked:
<--- Paso 3 ---> Localiza y elimina los siguientes archivos y directorios:
Si es necesario, usa Killbox para eliminar los archivos al reiniciar. <--- Paso 4 --->
<--- Paso 5 ---> Reinicia el ordenador, comenta los resultados y pega un log nuevo del HijackThis. |
|
19/10/05, 06:58:55
| |
| |||
| Re: Necesito ayuda, se me abren paginas de internet. Bueno pues despues de seguir vuestros consejos, parece que todo ha vuelto a la normalidad, de momento todo perfecto. Os adjunto el log, por si veis algo raro, y muchas gracias!!  Logfile of HijackThis v1.99.1 Scan saved at 11:50:43, on 19/10/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\E_S00RP1.EXE C:\WINNT\System32\svchost.exe C:\Archivos de programa\Kerio\ServerFirewall\srvfw.exe C:\WINNT\System32\llssrv.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\r_server.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Archivos de programa\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\WINNT\system32\svchost.exe C:\Archivos de programa\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\msdtc.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\atiptaxx.exe C:\ARCHIV~1\Trust\450LRM~1\Amoumain.exe C:\WINNT\SOUNDMAN.EXE C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe C:\Archivos de programa\QuickTime\qttask.exe C:\WINNT\system32\CTHELPER.EXE C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\Archivos de programa\MSN Messenger\msnmsgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Archivos de programa\eMule\eMule.exe C:\Archivos de programa\LycosWLANSniffer\WLANSniffer.exe C:\Archivos de programa\VitalSigns\Net.Medic\Program\netMedic.exe C:\ARCHIV~1\VITALS~1\Net.Medic\Program\syshook.exe C:\ARCHIV~1\DAP\DAP.EXE C:\WINNT\system32\msiexec.exe C:\Archivos de programa\Outlook Express\msimn.exe C:\Archivos de programa\WinRAR\WinRAR.exe C:\DOCUME~1\Javier\CONFIG~1\Temp\Rar$EX00.297\Hija ckThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Barra de herramientas de MSN*Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll O3 - Toolbar: Barra de herramientas de MSN*Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [WheelMouse] C:\ARCHIV~1\Trust\450LRM~1\Amoumain.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C:\Archivos de programa\MSN Toolbar Suite\DS\02.05.0001.1119\es-es\bin\WindowsSearch.exe O4 - Global Startup: eMule Plus.lnk = C:\Archivos de programa\eMule\eMule.exe O4 - Global Startup: Iniciar Outlook Express.lnk = C:\Archivos de programa\Outlook Express\msimn.exe O4 - Global Startup: Lycos WLAN Sniffer.lnk = C:\Archivos de programa\LycosWLANSniffer\WLANSniffer.exe O4 - Global Startup: Net.Medic.lnk = C:\Archivos de programa\VitalSigns\Net.Medic\Program\netMedic.exe O8 - Extra context menu item: &MSN Search - res://C:\Archivos de programa\MSN Toolbar Suite\TB\02.05.0000.1082\es-es\msntb.dll/search.htm O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/2492ac5025c3a237a620/netzip/RdxIE2.cab O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121455757234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121455744968 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://aeat.es/imagenes/comun/cactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/es/filesharingctrl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D7A555B1-6BCF-43A9-A45F-9910AB4FACA6}: NameServer = 80.58.0.33,80.58.32.97 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: CWShredder Service - Creative Technology Ltd - (no file) O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT\system32\E_S00RP1.EXE O23 - Service: Kerio ServerFirewall (KerioServerFirewall) - Kerio Technologies - C:\Archivos de programa\Kerio\ServerFirewall\srvfw.exe O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing) O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Archivos de programa\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing) |
|
19/10/05, 07:20:27
| |
| ||||
| Re: Necesito ayuda, se me abren paginas de internet. ¿Has eliminado el ejecutable del CWShredder que tenías en Mis Documentos ¿no? Entonces marca esta entrada: O23 - Service: CWShredder Service - Creative Technology Ltd - (no file) También lo puedes quitar desde Inicio> Ejecutar y escribiendo: sc delete "CWShredder Service" Esa entrada no es de una infección, simplemente no necesitas ese servicio puesto que el archivo ya no existe. Por lo demás el log está limpio. Comprueba que hayas podido quitar el servicio y me lo dices si lo has quitado o sigue ahí. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Que pasa aqui !!! Lenta, se cierran las paginas de internet (solucionado) | AleCreation | Temas Solucionados | 3 | 05/09/05 15:22:31 |
| me entra simpre en la misma pagina de internet | cesar_nb | Foro Oficial de HijackThis en español | 1 | 29/08/05 21:12:48 |
| Se Paga El Portatil Cada 2 Horas | cepa75 | Foro Oficial de HijackThis en español | 3 | 30/07/05 08:38:13 |
| miren lo que salio | feruchu | Foro Oficial de HijackThis en español | 1 | 20/07/05 22:10:35 |
| Este es mi log, ayuda porfavor (solucionado) | EsKuDer0 | Temas Solucionados | 4 | 27/04/05 13:51:44 |
Todas las horas son GMT -4. La hora es 07:45:39.
