| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Enviar a: | Herramientas |
 | 
09/06/05, 08:20:58
|  |
| |||
 Help,...tengo SPY y no me atrevo solo...(solucionado) Hola a todos, se que tengo spy pero no me atrevo a modificar el registro si el asesoramiento de un experto. Podria echarme un alma caritativa un cable urgentemente??.. Muchisimas gracias pora anticipado. Adjunto mi log: Logfile of HijackThis v1.99.1 Scan saved at 10:16:52, on 09/06/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe D:\Program Files\ISS\BlackICE\blackd.exe C:\WINNT\system32\bmwebcfg.exe C:\WINNT\system32\hidserv.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Oracle\Ora817\BIN\TNSLSNR.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINNT\system32\carpserv.exe C:\WINNT\system32\PRPCUI.exe D:\Program Files\Iomega HotBurn\Autolaunch.exe D:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe D:\Program Files\ISS\BlackICE\blackice.exe C:\Program Files\ACD Systems\ImageFox\ImageFox.exe D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\ACD Systems\ACDSee\ACDSee.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\HijackThis_1.99.1.e xe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eresmas.com/i2r/login2?to=www.wanadoo.es&nack=www.wanadoo.es R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hub.slb.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ATOS CONSULTING R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 203.169.250.28:80 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Password Reminder] remind.vbs O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn\Autolaunch.exe" O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: BlackICE PC Protection.lnk = D:\Program Files\ISS\BlackICE\blackice.exe O4 - Global Startup: ImageFox.lnk = C:\Program Files\ACD Systems\ImageFox\ImageFox.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - C:\WINNT\system32\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdspl ay.dll O15 - Trusted Zone: http://*.smartforce.com O15 - Trusted Zone: http://*.smartforce.com (HKLM) O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.earthetc.com/ecwplugins/ncs.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www1.aeat.es/imagenes/comun/cactivex.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurocastalia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4D1344CD-07BB-4EDE-A1C8-7F45EB90969B}: NameServer = 193.146.74.18 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurocastalia.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurocastalia.com O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - D:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINNT\system32\bmwebcfg.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: OracleOraHome817Agent - Oracle Corporation - C:\Oracle\Ora817\bin\dbsnmp.exe O23 - Service: OracleOraHome817ClientCache - Unknown owner - C:\Oracle\Ora817\BIN\ONRSD.EXE O23 - Service: OracleOraHome817DataGatherer - Oracle Corporation - C:\Oracle\Ora817\bin\vppdc.exe O23 - Service: OracleOraHome817HTTPServer - Unknown owner - C:\Oracle\Ora817\Apache\Apache\Apache.exe O23 - Service: OracleOraHome817PagingServer - Unknown owner - C:\Oracle\Ora817/bin/pagntsrv.exe O23 - Service: OracleOraHome817TNSListener - Unknown owner - C:\Oracle\Ora817\BIN\TNSLSNR.exe O23 - Service: RapApp - Internet Security Systems, Inc. - D:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Tb2 Launch (Tb2Launch) - Unknown owner - C:\Program Files\Timbuktu Pro\tb2launch.exe (file missing)  |
| InfoSpyware | ||
| |
|
09/06/05, 19:12:03
| |
| ||||
| Re: Help,...tengo SPY y no me atrevo solo... Hola te doy la bienvenida al Foro de InfoSpyware, empeza siguiendo los pasos de el "Tutorial de Spywares" con las herramientas Microsoft Antispyware, Ad-Aware SE y SpyBot. Descarga la herramienta LSPFix.exe (de la firma) y al archivo gapsp.dll lo pones en REMOVE y le das FINIS Pásale algún "Antivirus Online" y genera un nuevo log de HijackThis para pegarlo en este mismo mensaje y decirnos los resultados de los análisis de las herramientas. Salu2 Ausente hasta el 15 de Oct. En viaje al EISI 2009 (Colombia) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| solo tengo un problema. | alex orellana | Foro de Virus y Spywares | 5 | 02/06/05 22:02:58 |
| tengo problemas con un tal "search de web" (solucionado) | rodriguin | Temas Solucionados | 7 | 30/05/05 20:41:52 |
| no quiero volver a instalar windows, tengo un spy que marca (solucionado) | stimm | Temas Solucionados | 5 | 01/05/05 22:23:54 |
| yo tambien tengo la barrita (solucionado) | GALACOSLADA | Temas Solucionados | 9 | 26/04/05 12:09:57 |
| Spy q me redirecciona about:blank (solucionado) | Daviks | Temas Solucionados | 3 | 30/03/05 18:34:37 |
Todas las horas son GMT -4. La hora es 18:45:15.
