 |
| |||||||
 InfoSpyware sortea una T-Shirts |
| Participa en el sorteo por una
"Camiseta Oficial de InfoSpyware" gracias al amigo
Enjuto Mojamuto |
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
22/07/05, 01:15:06
|  |
| |||
| Smitfraud, necesito que revisen mi log Buenos dias, en mi compu entro el smitfraud y necesito ayuda con mi log, me podrian decir a que tengo que aplicar "fix checked". Muchas Gracias facundo StartupList report, 22/07/2005, 02:12:15 a.m. StartupList version: 1.52.2 Started from : C:\Documents and Settings\facundo\Configuración local\Temp\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\pctspk.exe C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Archivos de programa\Java\jre1.5.0_01\bin\jusched.exe C:\Archivos de programa\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\mfcuo.exe C:\WINDOWS\sdkqw32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\cisvc.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\ARCHIV~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\cidaemon.exe c:\r.exe C:\Archivos de programa\Symantec\LiveUpdate\AUpdate.exe C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Archivos de programa\Lavasoft\Ad-aware 6\Ad-watch.exe C:\ARCHIV~1\NORTON~1\NORTON~3\navw32.exe C:\ARCHIV~1\MOZILL~1\FIREFOX.EXE C:\Archivos de programa\Messenger\msmsgs.exe C:\ARCHIV~1\WINZIP\winzip32.exe C:\Documents and Settings\facundo\Configuración local\Temp\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\facundo\Menú Inicio\Programas\Inicio] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio] Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Win logon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Win logon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemTray = SysTray.Exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd PCTVOICE = pctspk.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe 6DbDUJMa = C:\WINDOWS\pexysbj.exe MessengerPlus3 = "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" QuickTime Task = "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime mmtask = C:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mmtask.exe SunJavaUpdateSched = C:\Archivos de programa\Java\jre1.5.0_01\bin\jusched.exe CloneCDTray = "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s VirtualCloneDrive = "C:\Archivos de programa\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s RemoteControl = "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" mfcuo.exe = C:\WINDOWS\mfcuo.exe msqh32.exe = C:\WINDOWS\msqh32.exe Ad-aware = "C:\Archivos de programa\Lavasoft\Ad-aware 6\Ad-aware.exe" +c Dugahe = C:\Program Files\Ysnrvh\Onxs.exe WebZIP.exe = C:\Archivos de programa\WebZIP\WebZIP.exe msxct = msxct.exe AnyDVD = C:\Archivos de programa\SlySoft\AnyDVD\AnyDVD.exe SSC_UserPrompt = C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe NAV CfgWiz = "C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" Ad-watch = "C:\Archivos de programa\Lavasoft\Ad-aware 6\Ad-watch.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once Srv32 spool service = C:\WINDOWS\System32\spoolsrv32.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once Srv32 spool service = C:\WINDOWS\System32\spoolsrv32.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found* -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Archivos de programa\FlashGet\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B} NAV Helper - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - C:\WINDOWS\winll32.dll - {E0FF3D06-7E37-07B2-CEAA-D833E87335B6} -------------------------------------------------- Enumerating Task Scheduler jobs: Optimización del inicio de aplicaciones.job Programador de PC Health para recopilación de datos.job XoftSpy.job One Button Checkup de Norton SystemWorks.job Symantec NetDetect.job Symantec Drmc.job 1-Click Maintenance.job Norton AntiVirus - Analizar el equipo - facundo.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [Win32 Classes] [WScanCtl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab [Java Plug-in 1.5.0_01] InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab [Java Plug-in 1.5.0_01] InProcServer32 = C:\Archivos de programa\Java\jre1.5.0_01\bin\npjpi150_01.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\WINDOWS\TEMP\drmtemp001F8323.htm||C:\WINDOWS\Sy stem32\oleext32.dll => C:\WINDOWS\System32\wininet.dll|c:\r.exe|||o -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run *No values found* -------------------------------------------------- End of report, 17.391 bytes     |
|
23/07/05, 18:50:01
| |
| ||||
| Re: Smitfraud, necesito que revisen mi log Revisa este mensaje en el que te explica como sacar un log de HijackThis (con video flash incluido) y déjanos tu log de HijackThis. Saludos. Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
|
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| spyware smitfraud, mi log (solucionado) | ebo | Temas Solucionados | 3 | 10/07/05 20:14:52 |
| Necesito de su ayuda con mi log (solucionado) | kaiser986 | Temas Solucionados | 2 | 01/06/05 20:26:37 |
| Necesito que revisen mi log (solucionado) | ruben56 | Temas Solucionados | 1 | 29/05/05 20:46:25 |
| Ayuda.. favor revisen mi log (solucionado) | bazaldo | Temas Solucionados | 2 | 26/05/05 19:56:24 |
| Una chanzita para que revisen mi log | maickyspyware | Foro Oficial de HijackThis en español | 1 | 05/04/05 00:35:41 |
Todas las horas son GMT -4. La hora es 05:13:33.
