Blog Registrarse Manuales Programas Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar ayuda urgente con coolwebsearch! por favor! (solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
 
Enviar a: Herramientas
  post #1  
Antiguo 07/04/05, 12:35:57
Usuario
  
Registrado: abr 2005
Ubicación: España
Mensajes: 4
Bien ayuda urgente con coolwebsearch! por favor! (solucionado)
Por favor necesito ayuda urgente para poder eliminar este maldioto espia.
Lo he intentado todo pero no hay manera, por favor echenle un vistazo a mi log y diganme que pasos sigo para poder trabajar con mi Pc.

Logfile of HijackThis v1.99.1
Scan saved at 14:31:50, on 07/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\APVXDWIN.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\MIS DOCUMENTOS\JOSE\ANTIVIRUS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hot-search.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.hot-search.biz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por ONO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_ 0.DLL (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {429185AB-39D5-45C7-81D5-F816C2143DDE} - C:\WINDOWS\SYSTEM\PAFO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_ 0.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Security iGuard] C:\Archivos de programa\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Búsqueda rápida de Microsoft.lnk = C:\Archivos de programa\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule6\local.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {C3CBCE99-AB2B-431E-AD80-E8AE29E5CF66} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C3CBCE99-AB2B-431E-AD80-E8AE29E5CF66} - (no file) (HKCU)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/esi/games3.cab
O16 - DPF: {0526E687-719F-4E0A-D985-7F9F2238E44C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {091CFC3F-E08A-5C04-D69E-07677CC710AE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2D37AF7F-E14B-2D21-E867-1FEB127D2BB6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3168BF85-646F-6185-9C07-7BE301F32A81} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0D13D62A-9F0B-7958-6E26-720D25E8D515} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1BB764A3-15BC-6D6D-2390-123443039307} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4F19B4F3-CC0D-3723-067A-30291844D7B1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {62E229FF-98A7-3434-4BC7-25B17AED69A7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {635B3F22-CA10-1506-3C08-35C60B18B0D5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {658D6F0B-7966-6169-79DC-3397684B1945} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {141E8A6B-D70A-5C2E-BF2E-52C716912FD8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1C259A5B-7C7E-0BF6-B284-6CF4401D99A4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {773FE1D1-A545-7FDB-1605-6F9619FFA555} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {33C32927-DB19-501C-5C91-74662E8640C4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6ABA61B9-F82A-4A22-FA47-14AB753ED7AD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2CFEF317-4A71-0652-F714-613250D2BE25} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3AEA767D-C5DD-72E8-D3EB-6A50758674EA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {62358A6E-35E2-3A94-7577-5393399A5ABE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {597F1AB2-AA5F-1B4F-68C2-474C1CA97387} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {78D31774-5446-11CB-04C3-1C421948095E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0869CA44-E93A-2EF8-8188-4CBC681F6DE8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {464960CA-F5F2-2350-1936-25FC337632E2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {31570C76-2810-434E-CFEC-15B0377C0B94} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5850DC8C-206B-172B-15E3-43A7279111DF} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4DC98411-DEBB-778F-857A-686579A16F7A} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4697896E-0402-2D88-B2B5-4BFE31C5AF5B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {74868668-6D54-47C4-1B9F-360979FB52D7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {36A22CCF-081D-2DC3-2CBD-7790699156E1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {79A3D7D2-12B6-06A2-440B-75C9422A5B99} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {234520D5-F528-1D33-414C-451C182829B8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {34AF37DE-EF2C-00D5-7398-72CE13A6B8D5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3368C034-3ADD-4E97-8F26-1CAE0E657A76} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {73AA5A45-65B0-5182-C97B-15C054AD3524} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {112CEB52-25FC-66F7-347D-11E6107D4CB7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0403EF1D-CC68-5D30-067E-540C4580E746} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {302B96F0-AD6C-35F0-A5BF-3778669E5563} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6825F683-78EB-178A-07A2-59A00D14C1B8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {51DDF789-D7D6-487E-2D67-044579C0773A} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6C51EC5B-281F-42E1-6717-09F56223B268} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {67B15E61-CF8A-6D86-6860-0D4D249C3FEC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0F332F5F-E8B3-2C70-B657-08241CC922DF} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6BEE86DF-1CC2-39F0-073F-44AF6A480E5B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4EA91A8A-CC92-4990-1643-1B1E3E3AD1AE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3AAC204C-DDDD-7554-193B-6F5475CE8D32} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1C80C113-A7DB-787C-3D64-79C93D14AD75} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4A397FEC-7C4B-0233-A046-008E27C399B9} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1A96119C-F305-5257-A366-6D4F269D71B5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7C4DD805-B4A5-1706-2054-5DED76E82080} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {35C45B00-FC50-593B-116A-520445980250} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6D2024D0-FE82-310D-95B5-6BB41B56F564} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {65FF598E-B74D-0B4A-7E50-121B1DFEF707} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7D622A62-1155-21BF-FC9C-42E30FA8B957} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {05C128D6-1F22-662D-6190-7FBC68FBE8A8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4B951C82-85ED-4378-EE61-5DB23C2BE144} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1131392C-7937-09DB-A295-7A2821E1099D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {32BA42C6-2116-5697-4142-6B7E7A0DB458} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2EE0CCDB-4054-248C-3B4A-629A4A99DA0F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4FBED888-C187-5AB0-3BFE-12F523EC40E4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {39E8138B-B49F-3A15-C5C9-4CA81C2FF06F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {093AC9FC-8F31-0423-ABB6-18C957F460AD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {61A47AF0-D60A-13C7-69AC-1E410A4992F6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1DE7F533-C139-5487-669F-03655F2264DD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5A8C97E9-7365-786E-3710-33031F2034C1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5D9D81A7-A4FB-0C01-2BC2-1CF6309049F0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {30FC3ECA-0EFE-1E6B-B43C-719E2F2EBA80} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {133D64C0-878E-029B-1F26-1EA3654CEBCE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {39902BC3-7F11-1174-9023-17C006E68001} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {51110834-EFBF-55C4-741F-3E855BAFCD16} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6B4D525E-420B-5586-2B90-012A3085A49F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {648C723E-725B-410D-F86A-7DD71D90A2A7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4BA96144-8C52-0A32-4FA5-6C747104AE9E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2F42F830-DF46-706B-9638-2E0D1D6E3427} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2BF94420-3D18-403F-E709-56787EDD9FB8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {15EE0A60-8F27-5E64-2804-5C64112FCAA2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2D205650-B7E5-156D-3013-514B73A0E4DE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {780956C8-4085-49D3-50DF-739821DD4E25} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {00D64CC3-2EE3-7552-D3E2-7ADC511F09D7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0DDB4EE4-5036-62F8-CC46-373E0F5504F8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3DB4AFB3-B155-6C3B-EF83-794A3D1958FC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5E896F8C-0F9C-22D6-9401-3CA11927FC02} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {373511DF-7991-3222-2AA6-69193A9FBEDA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {73C23585-8104-4ADC-9BCD-63C310C29D91} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3A9A3B91-1EA0-4F94-8F62-640D50416EF6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {34AD97B7-E0FB-13B7-A9FF-22B42E9FE0FC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {54B40AA6-3B9B-73F5-8707-32F607D0A395} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {17F9272F-A346-6D89-C0BD-1D7650D224BE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {20987713-90B8-778A-7C92-0E5D2DED7CD8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {30A4FC86-6032-140B-9384-44941E3316FC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {392F3332-D717-258C-A447-081D008BE12F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6052A948-0A52-5AED-D16B-37170A9F5E86} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {56AD04AF-E4B5-481B-8EB3-10325079D45C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {61DEB835-E8C0-6C20-6A37-684B58EBC413} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {580F02CD-2BDF-61D1-CB5D-2CB04B9729A8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {68F2E076-3376-61C6-F6C2-1C5C30350447} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2EE3D400-B899-21AE-F5B6-553A0B0093D0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5984FD0C-F0B1-7728-CC06-31A45825385F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {35055F09-758D-445F-FEF6-37736C8BB891} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5D7BA1B6-B11B-279B-DEB0-183371843EFA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {781A8540-8B88-2461-FF98-42AB18063491} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7A7AC364-D358-0E61-1C25-5AFC08FA06F1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1C9403B1-6F8B-292F-A77A-13BA42898094} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {143F533D-21D5-4AFB-6149-49323CFD6DF5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2A7FE866-5340-0937-94AB-045C73B94AB1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4B388F16-CD28-7B6D-B9E0-73CE0A8CFEB2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {58EFE1D4-F1B8-6609-E6FF-26177C2C61E8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1EF67447-ADFA-7E91-F33E-46C557C0F277} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {30424619-1B1A-5664-C2CF-007562771FB8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0A47011B-FEE7-589C-7B4A-0FA46F58D977} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {52252F7A-BEB9-048D-0986-27C0588E4CE3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2BA4D6A9-51F9-4970-EA57-310F29429A79} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {26F46218-4015-0585-4E86-1CF749B1656B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {56F45167-D1E3-553F-F918-370627DF87F1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {76B50250-4902-47A1-1AB7-2EDD5A075FF3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {624918F5-EAD7-1B5D-496D-79CF3050A63D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {181C68C8-BB42-375D-0D8C-790C1B2DBFF3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {44722D62-E17F-2FC3-DC04-57297FE2D244} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {788EFE7A-E839-3740-129C-52AF4CC34EE4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4ED7FD14-CDBC-1ED7-6A82-5EB720626BAD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7A669ADA-6AC4-58B8-A808-3CF440749CA3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {102F722D-77AF-69C5-0311-5153784DE9C6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {12ED87F2-B7A3-08EC-AF2C-19EE32EC5F17} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6EDB76A1-6D53-67B4-BF77-2D2A131668E7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {76A76915-B3A7-7B2B-8366-6BAF5C99A379} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {410C96D0-C495-053F-01FB-40F50A2BBB5B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {347C481F-2801-1099-DA9C-0C2530C4C4C2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7C1A3250-381C-75F7-3102-31745AA6DB8F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {66F418B2-F323-3D63-88EA-29152A2B0609} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6EFD3B2E-FAC2-52EA-E0B3-11FD72916AAC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {69B22D11-536B-6C6B-EFD7-1EEF32FCC82F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {702E3E77-8875-09EB-E1F5-5DCF7B6AE756} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {562355B9-2C9E-3F57-1D79-39D812236B45} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {39BA8538-6221-7638-11A8-49FF0897330F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4D080E89-84FA-4C31-F894-47016CD418D7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6EE29E11-70F4-3024-6E3C-08EB54DBFCF9} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {320B79B2-3EC9-31D1-D2B9-25C11408C635} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0261CD26-371F-2B8C-E360-2BFE4E090AC8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {632910D6-20DD-5660-356F-3E053CE3AB88} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6BE4E88D-B7BE-6E4F-AC74-58842C577772} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {09240208-0355-7C7C-4049-1E162351A991} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4B4E0CFA-B51D-1D5C-755E-034C09100B0D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {79C10E95-772F-3751-B281-397D0BFF0FAA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2FF65F11-2A9E-601E-B290-33072E238B53} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6801FAB6-66CF-20CE-663E-4E277BE181F6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {71002573-1C2E-59FE-3249-3928172F3B5E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {06349DD1-65F4-77B1-0143-4E6631C17E54} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4BE066FD-D423-6C79-014A-3E8538C6FE42} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {072ABAFF-0208-34EE-6574-17E71A85475F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {19F7687E-8B3B-54AA-06CE-7E5E56E61568} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7B39BFAE-33C4-20CD-FA86-167156BF7CEB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6D7C78EE-68B0-5E32-1F75-768D5F34F16B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7CDD1DC9-B8A9-5617-6119-5E971D880AF0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4538A51D-D603-62D7-BA62-14A63701B0B3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {255806A3-DCE0-0A53-5419-1421298F1FEE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3C662D14-7062-7A7C-F00E-459360507053} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {782E8D9E-96D7-0126-2997-5B9A347896BD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {27128A40-F194-3D0C-8FFA-02926501CF13} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {24C67B82-C593-6A94-1AED-156C64ACF636} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {698704D4-BE16-5F47-97B7-1A4E33C6F661} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {21DBB0FE-74C8-4582-2D27-346C35FFFBDC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {667FF16A-C0DD-5A12-9F77-4B3F7B53A2DB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {43508B41-01F4-035A-6BDA-2C483F781784} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6E06B7ED-D5DE-1A5B-2BE3-68FD2C6951BB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {77A94064-35A0-5CB3-E3F1-6ECE12F74B09} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4FFA49E7-7F25-307E-979B-7A0F3C411F5D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {76005CCF-30AA-04B9-DD56-37022D92E9C9} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {678306CC-354B-02A4-018A-02CD711EB13B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {620DAF2E-80EF-66EC-C87B-4CAE53C92404} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {10B08769-5EEE-00FD-EE66-11BE214126BD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {15E9CD7C-BC78-15F0-1651-6ECF51CB2422} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0A1923C3-1A34-635C-AA18-34CA344AB802} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5DA39F5C-8DAE-1901-4F3E-500C1090296B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {795F21AA-43B1-66A9-B8BD-75B1244C6AA1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4F53A4A7-C7B9-67B8-0132-48D45AC47E1E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3E392122-E332-1451-44CC-5078064DF895} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {743CEEFB-3A86-46DE-0DE3-38D0617F8A69} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1EF2FF74-DAA7-4D06-3034-4F8A6E2A20D0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1769EF0A-0194-5082-25B4-1B3123BCBFC6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {286A0672-BAEF-3835-5EA8-41D6088EB998} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {36B543A5-331E-3A8D-54C0-1701697E57A0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {49C62529-8D07-4359-F750-64493FD3173C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {110F0250-2704-203B-171F-152A752D9BBA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0B8EFDD0-0270-1B4A-AA3C-1C622A59C571} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6496C992-F602-721D-521B-708C1FEAF98C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {623F7233-102C-3574-58B8-4D8A00049EB3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {11FE3222-0E78-0937-ADD1-17A00A012846} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {77E8C585-BE2B-0263-A0BD-03A87E5227DB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {61E03053-8902-3F2D-95EF-11796B53C270} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {768249DC-2E1A-5AA2-78D4-1B5E5444409F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {65BC8651-001F-21E8-DE3A-782F6ED50F71} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {38A69FFD-FA3B-24F3-DD97-285903853172} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {210B42F4-9649-6A18-CBB5-1A180F8334AF} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {115940F7-1B45-7260-3AC0-49A90E209148} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {64895AD2-1614-6F6E-0C10-50AD6FA7B984} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {23E21267-FBD9-6065-037A-33A15534570D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1839C5EC-EB0D-2906-3C28-2B092E65385C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {53C374FD-CC21-1024-5886-19A5256E13BE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {10B7865D-4728-0820-615E-72E64EA897ED} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {70A950B9-F238-45D8-B566-B74DCE36C515} (VacPro.emsat_win98) - http://www9.advnt01.com/dialer/emsat_win98.CAB
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://01.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O18 - Filter: text/html - {7ED8523A-833C-4A68-87A8-82E0E140452F} - C:\WINDOWS\SYSTEM\PAFO.DLL
O18 - Filter: text/plain - {7ED8523A-833C-4A68-87A8-82E0E140452F} - C:\WINDOWS\SYSTEM\PAFO.DLL
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 07/04/05, 12:47:11
Usuario
  
Registrado: abr 2005
Ubicación: España
Mensajes: 4
Re: ayuda urgente con coolwebsearch! por favor!
siento las prisas, pero son fruto de la deseperación que este maldito espia me esta cusando.

Normalmente con ad-aware tengo el ordenador mas que bien de protegido, pero no se como este maldito espia esta haciendome tanto daño y no hay manera de desarcese de el. He usado el ad-aware, Spybot, CWShredder, y nada de nada, mi maquina continua trabajando muy lenta, ghace que me salten ventanas a cada instante, no me permite mirar mi cuenta de correo de hotmail pues en cuanto lo intento enseguida me lleva a la pagina de inicio (about:blank) que por supuesto no puedo cambiar, Tengo muchisimos problemas para hacer cualquier descarga. En fin, parecen ser los sintomas clasicos de estar infectado por coolwebsearch y por que asi me lo reconocen los programas antiespias, pero no consigo eliminarlo.

Gracias por adelantado y saludos.
Responder Con Cita
  post #3  
Antiguo 07/04/05, 16:04:47
Avatar de Drazhaz
Consejero Honorario
  
Registrado: ene 2005
Ubicación: Valencia, España
Mensajes: 2.754
Re: ayuda urgente con coolwebsearch! por favor!
A ver, ese log está a reventar.
Antes de hacer nada, sigue estos pasos, déjanos los informes que te dan los programas que debes usar según ese tutorial.
Después de todo eso volveremos a mirar un nuevo log de HijackThis.

Saludos.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #4  
Antiguo 07/04/05, 19:47:38
Usuario
  
Registrado: abr 2005
Ubicación: España
Mensajes: 4
Re: ayuda urgente con coolwebsearch! por favor!
Bueno, despues de seguir paso a paso las indicaciones parece que que el log no decrece. Inicie sesión a prueba de fallos, pase todos los programas antiespias (ad-aware, spybot, CWShredder...) pase disk cleaner para vaciar el ordenador de los archivos temporales, y todos los que marcaban....vale...

despues de todo eso este el log que sigue saliendo.....para volverse loco...lo siento...si me he equivocado en algo diganmelo

Logfile of HijackThis v1.99.1
Scan saved at 0:33:12, on 08/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\APVXDWIN.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\PAVPROXY.EXE
C:\MIS DOCUMENTOS\JOSE\ANTIVIRUS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por ONO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_ 0.DLL (file missing)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {23FD809E-A939-46FC-A376-EDD998FEE25C} - C:\WINDOWS\SYSTEM\PAFO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_ 0.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Security iGuard] C:\Archivos de programa\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Búsqueda rápida de Microsoft.lnk = C:\Archivos de programa\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule6\local.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {C3CBCE99-AB2B-431E-AD80-E8AE29E5CF66} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C3CBCE99-AB2B-431E-AD80-E8AE29E5CF66} - (no file) (HKCU)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) - http://www9.advnt01.com/dialer/win98_P.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/esi/games3.cab
O16 - DPF: {0526E687-719F-4E0A-D985-7F9F2238E44C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {091CFC3F-E08A-5C04-D69E-07677CC710AE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2D37AF7F-E14B-2D21-E867-1FEB127D2BB6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3168BF85-646F-6185-9C07-7BE301F32A81} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0D13D62A-9F0B-7958-6E26-720D25E8D515} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1BB764A3-15BC-6D6D-2390-123443039307} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4F19B4F3-CC0D-3723-067A-30291844D7B1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {62E229FF-98A7-3434-4BC7-25B17AED69A7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {635B3F22-CA10-1506-3C08-35C60B18B0D5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {658D6F0B-7966-6169-79DC-3397684B1945} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {141E8A6B-D70A-5C2E-BF2E-52C716912FD8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1C259A5B-7C7E-0BF6-B284-6CF4401D99A4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {773FE1D1-A545-7FDB-1605-6F9619FFA555} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {33C32927-DB19-501C-5C91-74662E8640C4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6ABA61B9-F82A-4A22-FA47-14AB753ED7AD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2CFEF317-4A71-0652-F714-613250D2BE25} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3AEA767D-C5DD-72E8-D3EB-6A50758674EA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {62358A6E-35E2-3A94-7577-5393399A5ABE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {597F1AB2-AA5F-1B4F-68C2-474C1CA97387} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {78D31774-5446-11CB-04C3-1C421948095E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0869CA44-E93A-2EF8-8188-4CBC681F6DE8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {464960CA-F5F2-2350-1936-25FC337632E2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {31570C76-2810-434E-CFEC-15B0377C0B94} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5850DC8C-206B-172B-15E3-43A7279111DF} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4DC98411-DEBB-778F-857A-686579A16F7A} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4697896E-0402-2D88-B2B5-4BFE31C5AF5B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {74868668-6D54-47C4-1B9F-360979FB52D7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {36A22CCF-081D-2DC3-2CBD-7790699156E1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {79A3D7D2-12B6-06A2-440B-75C9422A5B99} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {234520D5-F528-1D33-414C-451C182829B8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {34AF37DE-EF2C-00D5-7398-72CE13A6B8D5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3368C034-3ADD-4E97-8F26-1CAE0E657A76} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {73AA5A45-65B0-5182-C97B-15C054AD3524} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {112CEB52-25FC-66F7-347D-11E6107D4CB7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0403EF1D-CC68-5D30-067E-540C4580E746} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {302B96F0-AD6C-35F0-A5BF-3778669E5563} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6825F683-78EB-178A-07A2-59A00D14C1B8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {51DDF789-D7D6-487E-2D67-044579C0773A} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6C51EC5B-281F-42E1-6717-09F56223B268} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {67B15E61-CF8A-6D86-6860-0D4D249C3FEC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0F332F5F-E8B3-2C70-B657-08241CC922DF} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6BEE86DF-1CC2-39F0-073F-44AF6A480E5B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4EA91A8A-CC92-4990-1643-1B1E3E3AD1AE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3AAC204C-DDDD-7554-193B-6F5475CE8D32} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1C80C113-A7DB-787C-3D64-79C93D14AD75} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4A397FEC-7C4B-0233-A046-008E27C399B9} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1A96119C-F305-5257-A366-6D4F269D71B5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7C4DD805-B4A5-1706-2054-5DED76E82080} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {35C45B00-FC50-593B-116A-520445980250} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6D2024D0-FE82-310D-95B5-6BB41B56F564} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {65FF598E-B74D-0B4A-7E50-121B1DFEF707} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7D622A62-1155-21BF-FC9C-42E30FA8B957} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {05C128D6-1F22-662D-6190-7FBC68FBE8A8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4B951C82-85ED-4378-EE61-5DB23C2BE144} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1131392C-7937-09DB-A295-7A2821E1099D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {32BA42C6-2116-5697-4142-6B7E7A0DB458} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2EE0CCDB-4054-248C-3B4A-629A4A99DA0F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4FBED888-C187-5AB0-3BFE-12F523EC40E4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {39E8138B-B49F-3A15-C5C9-4CA81C2FF06F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {093AC9FC-8F31-0423-ABB6-18C957F460AD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {61A47AF0-D60A-13C7-69AC-1E410A4992F6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1DE7F533-C139-5487-669F-03655F2264DD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5A8C97E9-7365-786E-3710-33031F2034C1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5D9D81A7-A4FB-0C01-2BC2-1CF6309049F0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {30FC3ECA-0EFE-1E6B-B43C-719E2F2EBA80} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {133D64C0-878E-029B-1F26-1EA3654CEBCE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {39902BC3-7F11-1174-9023-17C006E68001} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {51110834-EFBF-55C4-741F-3E855BAFCD16} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6B4D525E-420B-5586-2B90-012A3085A49F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {648C723E-725B-410D-F86A-7DD71D90A2A7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4BA96144-8C52-0A32-4FA5-6C747104AE9E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2F42F830-DF46-706B-9638-2E0D1D6E3427} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2BF94420-3D18-403F-E709-56787EDD9FB8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {15EE0A60-8F27-5E64-2804-5C64112FCAA2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2D205650-B7E5-156D-3013-514B73A0E4DE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {780956C8-4085-49D3-50DF-739821DD4E25} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {00D64CC3-2EE3-7552-D3E2-7ADC511F09D7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0DDB4EE4-5036-62F8-CC46-373E0F5504F8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3DB4AFB3-B155-6C3B-EF83-794A3D1958FC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5E896F8C-0F9C-22D6-9401-3CA11927FC02} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {373511DF-7991-3222-2AA6-69193A9FBEDA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {73C23585-8104-4ADC-9BCD-63C310C29D91} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3A9A3B91-1EA0-4F94-8F62-640D50416EF6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {34AD97B7-E0FB-13B7-A9FF-22B42E9FE0FC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {54B40AA6-3B9B-73F5-8707-32F607D0A395} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {17F9272F-A346-6D89-C0BD-1D7650D224BE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {20987713-90B8-778A-7C92-0E5D2DED7CD8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {30A4FC86-6032-140B-9384-44941E3316FC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {392F3332-D717-258C-A447-081D008BE12F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6052A948-0A52-5AED-D16B-37170A9F5E86} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {56AD04AF-E4B5-481B-8EB3-10325079D45C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {61DEB835-E8C0-6C20-6A37-684B58EBC413} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {580F02CD-2BDF-61D1-CB5D-2CB04B9729A8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {68F2E076-3376-61C6-F6C2-1C5C30350447} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2EE3D400-B899-21AE-F5B6-553A0B0093D0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5984FD0C-F0B1-7728-CC06-31A45825385F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {35055F09-758D-445F-FEF6-37736C8BB891} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5D7BA1B6-B11B-279B-DEB0-183371843EFA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {781A8540-8B88-2461-FF98-42AB18063491} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7A7AC364-D358-0E61-1C25-5AFC08FA06F1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1C9403B1-6F8B-292F-A77A-13BA42898094} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {143F533D-21D5-4AFB-6149-49323CFD6DF5} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2A7FE866-5340-0937-94AB-045C73B94AB1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4B388F16-CD28-7B6D-B9E0-73CE0A8CFEB2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {58EFE1D4-F1B8-6609-E6FF-26177C2C61E8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1EF67447-ADFA-7E91-F33E-46C557C0F277} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {30424619-1B1A-5664-C2CF-007562771FB8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0A47011B-FEE7-589C-7B4A-0FA46F58D977} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {52252F7A-BEB9-048D-0986-27C0588E4CE3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2BA4D6A9-51F9-4970-EA57-310F29429A79} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {26F46218-4015-0585-4E86-1CF749B1656B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {56F45167-D1E3-553F-F918-370627DF87F1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {76B50250-4902-47A1-1AB7-2EDD5A075FF3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {624918F5-EAD7-1B5D-496D-79CF3050A63D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {181C68C8-BB42-375D-0D8C-790C1B2DBFF3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {44722D62-E17F-2FC3-DC04-57297FE2D244} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {788EFE7A-E839-3740-129C-52AF4CC34EE4} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4ED7FD14-CDBC-1ED7-6A82-5EB720626BAD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7A669ADA-6AC4-58B8-A808-3CF440749CA3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {102F722D-77AF-69C5-0311-5153784DE9C6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {12ED87F2-B7A3-08EC-AF2C-19EE32EC5F17} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6EDB76A1-6D53-67B4-BF77-2D2A131668E7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {76A76915-B3A7-7B2B-8366-6BAF5C99A379} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {410C96D0-C495-053F-01FB-40F50A2BBB5B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {347C481F-2801-1099-DA9C-0C2530C4C4C2} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7C1A3250-381C-75F7-3102-31745AA6DB8F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {66F418B2-F323-3D63-88EA-29152A2B0609} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6EFD3B2E-FAC2-52EA-E0B3-11FD72916AAC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {69B22D11-536B-6C6B-EFD7-1EEF32FCC82F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {702E3E77-8875-09EB-E1F5-5DCF7B6AE756} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {562355B9-2C9E-3F57-1D79-39D812236B45} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {39BA8538-6221-7638-11A8-49FF0897330F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4D080E89-84FA-4C31-F894-47016CD418D7} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6EE29E11-70F4-3024-6E3C-08EB54DBFCF9} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {320B79B2-3EC9-31D1-D2B9-25C11408C635} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0261CD26-371F-2B8C-E360-2BFE4E090AC8} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {632910D6-20DD-5660-356F-3E053CE3AB88} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6BE4E88D-B7BE-6E4F-AC74-58842C577772} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {09240208-0355-7C7C-4049-1E162351A991} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4B4E0CFA-B51D-1D5C-755E-034C09100B0D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {79C10E95-772F-3751-B281-397D0BFF0FAA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {2FF65F11-2A9E-601E-B290-33072E238B53} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6801FAB6-66CF-20CE-663E-4E277BE181F6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {71002573-1C2E-59FE-3249-3928172F3B5E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {06349DD1-65F4-77B1-0143-4E6631C17E54} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4BE066FD-D423-6C79-014A-3E8538C6FE42} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {072ABAFF-0208-34EE-6574-17E71A85475F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {19F7687E-8B3B-54AA-06CE-7E5E56E61568} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7B39BFAE-33C4-20CD-FA86-167156BF7CEB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6D7C78EE-68B0-5E32-1F75-768D5F34F16B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {7CDD1DC9-B8A9-5617-6119-5E971D880AF0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4538A51D-D603-62D7-BA62-14A63701B0B3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {255806A3-DCE0-0A53-5419-1421298F1FEE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3C662D14-7062-7A7C-F00E-459360507053} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {782E8D9E-96D7-0126-2997-5B9A347896BD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {27128A40-F194-3D0C-8FFA-02926501CF13} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {24C67B82-C593-6A94-1AED-156C64ACF636} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {698704D4-BE16-5F47-97B7-1A4E33C6F661} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {21DBB0FE-74C8-4582-2D27-346C35FFFBDC} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {667FF16A-C0DD-5A12-9F77-4B3F7B53A2DB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {43508B41-01F4-035A-6BDA-2C483F781784} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6E06B7ED-D5DE-1A5B-2BE3-68FD2C6951BB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {77A94064-35A0-5CB3-E3F1-6ECE12F74B09} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4FFA49E7-7F25-307E-979B-7A0F3C411F5D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {76005CCF-30AA-04B9-DD56-37022D92E9C9} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {678306CC-354B-02A4-018A-02CD711EB13B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {620DAF2E-80EF-66EC-C87B-4CAE53C92404} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {10B08769-5EEE-00FD-EE66-11BE214126BD} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {15E9CD7C-BC78-15F0-1651-6ECF51CB2422} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0A1923C3-1A34-635C-AA18-34CA344AB802} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {5DA39F5C-8DAE-1901-4F3E-500C1090296B} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {795F21AA-43B1-66A9-B8BD-75B1244C6AA1} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {4F53A4A7-C7B9-67B8-0132-48D45AC47E1E} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {3E392122-E332-1451-44CC-5078064DF895} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {743CEEFB-3A86-46DE-0DE3-38D0617F8A69} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1EF2FF74-DAA7-4D06-3034-4F8A6E2A20D0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1769EF0A-0194-5082-25B4-1B3123BCBFC6} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {286A0672-BAEF-3835-5EA8-41D6088EB998} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {36B543A5-331E-3A8D-54C0-1701697E57A0} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {49C62529-8D07-4359-F750-64493FD3173C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {110F0250-2704-203B-171F-152A752D9BBA} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {0B8EFDD0-0270-1B4A-AA3C-1C622A59C571} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {6496C992-F602-721D-521B-708C1FEAF98C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {623F7233-102C-3574-58B8-4D8A00049EB3} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {11FE3222-0E78-0937-ADD1-17A00A012846} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {77E8C585-BE2B-0263-A0BD-03A87E5227DB} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {61E03053-8902-3F2D-95EF-11796B53C270} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {768249DC-2E1A-5AA2-78D4-1B5E5444409F} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {65BC8651-001F-21E8-DE3A-782F6ED50F71} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {38A69FFD-FA3B-24F3-DD97-285903853172} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {210B42F4-9649-6A18-CBB5-1A180F8334AF} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {115940F7-1B45-7260-3AC0-49A90E209148} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {64895AD2-1614-6F6E-0C10-50AD6FA7B984} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {23E21267-FBD9-6065-037A-33A15534570D} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {1839C5EC-EB0D-2906-3C28-2B092E65385C} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {53C374FD-CC21-1024-5886-19A5256E13BE} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {10B7865D-4728-0820-615E-72E64EA897ED} - http://67.18.129.75/1/rdgFR1475.exe
O16 - DPF: {70A950B9-F238-45D8-B566-B74DCE36C515} (VacPro.emsat_win98) - http://www9.advnt01.com/dialer/emsat_win98.CAB
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://01.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O18 - Filter: text/html - {8C427E2D-4415-4DC4-A051-8593DA160A87} - C:\WINDOWS\SYSTEM\PAFO.DLL
O18 - Filter: text/plain - {8C427E2D-4415-4DC4-A051-8593DA160A87} - C:\WINDOWS\SYSTEM\PAFO.DLL
Responder Con Cita
  post #5  
Antiguo 07/04/05, 20:12:11
Avatar de Jereque
Ex-Colaborador
  
Registrado: ene 2005
Mensajes: 9.010
Contactar con Jereque a través de MSN
Re: ayuda urgente con coolwebsearch! por favor!
Hola!!!

Instalate de inmediato SpywareBlaster 3.3 para controlar los activex maliciosos (todas esas entradas 016). Actualizalo y en Protection dale a "Enable All Protection" para que te aparezcan 0 items es todos lados.

Luego no estaría mal que visitaras Windows Update y descargaras las actualizaciones crítias.

Sigue estos pasos:

1) Ver archivos ocultos

2) Reinicia a prueba de fallos

3) Ejecuta CWShredder 2.13

4) Usa TZ-Kill.inf para eliminar las entradas 015-Trusted

5) Ejecuta HijackThis con todos los programas cerrados y dale fix a:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = 69.61.38.52
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_ 0.DLL (file missing)

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

O2 - BHO: (no name) - {23FD809E-A939-46FC-A376-EDD998FEE25C} - C:\WINDOWS\SYSTEM\PAFO.DLL

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_ 0.DLL (file missing)

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule6\local.htm (file missing)

O9 - Extra button: Microsoft AntiSpyware helper - {C3CBCE99-AB2B-431E-AD80-E8AE29E5CF66} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C3CBCE99-AB2B-431E-AD80-E8AE29E5CF66} - (no file) (HKCU)

O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted IP range: 67.19.185.246

Todas las entradas 016

O18 - Filter: text/html - {8C427E2D-4415-4DC4-A051-8593DA160A87} - C:\WINDOWS\SYSTEM\PAFO.DLL

O18 - Filter: text/plain - {8C427E2D-4415-4DC4-A051-8593DA160A87} - C:\WINDOWS\SYSTEM\PAFO.DLL

6) Busca y elimina manualmente si están:

C:\WINDOWS\TEMP\se.dll
C:\WINDOWS\SYSTEM\PAFO.DLL

7) Limpia el registro con RegSeeker y pasa Ad-Aware actualizado.

8) Elimina cookies y temporales de internet con Disk Cleaner y vacia la papelera.

9) Reinicia normal y nos cuentas los resultados (dejanos tu nuevo log).

Saludos.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #6  
Antiguo 08/04/05, 12:02:15
Usuario
  
Registrado: abr 2005
Ubicación: España
Mensajes: 4
Re: ayuda urgente con coolwebsearch! por favor!
Gracias, gracias, gracias, gracias....jereque creo que a partir de ahora vas a ser una especie de dios para mi.

He seguido paso a paso tus indicaciones y parece que el problema a desaparecido, de todas manera dejo el ultimo log de highjackthis para que le eches un vistazo, por cierto no se parece en nada a los anteriores.

Muchismas gracias de nuevo amigo!....si tengo que hacer alguna cosillas mas dimelo, no quiero que este maldito espia entre de nuevo en mi pc. seguire atento al foro.

Logfile of HijackThis v1.99.1
Scan saved at 16:51:43, on 08/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\APVXDWIN.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MIS DOCUMENTOS\JOSE\ANTIVIRUS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por ONO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Security iGuard] C:\Archivos de programa\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Búsqueda rápida de Microsoft.lnk = C:\Archivos de programa\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\MSN Messenger\MSMSGS.EXE
Responder Con Cita
  post #7  
Antiguo 08/04/05, 12:06:54
Avatar de Drazhaz
Consejero Honorario
  
Registrado: ene 2005
Ubicación: Valencia, España
Mensajes: 2.754
Re: ayuda urgente con coolwebsearch! por favor!
El log está limpio, antes de terminar, un par de consejos:

- Deberías actualizar el sistema operativo y el navegador mediante la página de WindowsUpdate.
- Deberías instalar en tu sistema un antivirus y un cortafuegos.

Saludos.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !!
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
Respuesta

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
se me añade una carpeta a favoritos - [solucionado] hardores Foro de Virus y Spywares 25 10/05/05 07:55:41
NECESITO AYUDA URGENTE por favor - [solucionado] elbostero Temas Solucionados 2 03/04/05 06:37:27
Ayuda con HijackThis v1.99.1 (solucionado) By-Eugen35 Temas Solucionados 3 31/03/05 18:53:02
Por Favor Necesito Ayuda Urgente! TYR Foro Oficial de HijackThis en español 5 31/03/05 06:43:23
Necesito AYUDA URGENTE . . (solucionado) Skart Temas Solucionados 4 07/02/05 21:08:00




Todas las horas son GMT -4. La hora es 04:58:33.

Sobre Infospyware - Contáctanos - Políticas del Foro - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2004 - 2009, ForoSpyware.com
© Copyright 2005 - 2009 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31