ayudenme este es el informe de hijackthis

joseblanco6663 · 16 Abr 2007

hola amigos gracias por su ayuda, el programa que me recomendaron genero este contenido en el block de notas, pero también quiero que me explique que es lo que mi pc le informa al programa y como solucionar esos problemas, les doy las gracias por adelantado y muchas gracias amigos

Código:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 04:46:13 p.m., on 16/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\LClock\LClock.exe

C:\WINDOWS\Media\w7zip.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program 

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.

exe

C:\Program Files\CursorXP\CursorXP.exe

C:\PROGRA~1\COMMON~1\ICROSO~1.NET\regedit.exe

C:\WINDOWS\system32\winlogin.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\svchosts.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Windows 

Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\DOCUME~1\JOSEEN~1\LOCALS~1\Temp\Rar$EX00.016\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = 

[url="http://www.lavasoft.de/news/product/info/"]http://www.lavasoft.de/news/product/info/[/url]

R3 - URLSearchHook: Yahoo! Toolbar - 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 

Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} 

- C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - 

{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program 

Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program 

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - 

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} 

- C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program 

Files\NewDotNet\newdotnet7_48.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 

C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no 

file)

O2 - BHO: Windows Live Sign-in Helper - 

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common 

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - 

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program 

files\google\googletoolbar1.dll

O2 - BHO: Plugin - {C318CD44-E327-4377-A28E-6EC16A921AE8} - C:\Program 

Files\Web Buying\v1.6.8\webbuying.dll (file missing)

O2 - BHO: (no name) - {D09E8932-F8C7-465F-963E-04DE72AE5EF1} - 

C:\Program Files\Messenger\hosedu.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - 

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - 

c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program 

Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 

C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma 

Games\kgsystray\Kuma_tray.exe

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [w7zip] C:\WINDOWS\Media\w7zip.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [WindowsServicesStartup] 

C:\DOCUME~1\JOSEEN~1\LOCALS~1\Temp\svchost.exe 1

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program 

Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] 

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program 

Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 

"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program 

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.

exe

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [Lrds] 

"C:\PROGRA~1\COMMON~1\ICROSO~1.NET\regedit.exe" -vt yazb

O4 - HKCU\..\Run: [Winlogin] C:\WINDOWS\system32\winlogin.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] 

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe 

/RUNONCE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe 

/RUNONCE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe 

/RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: 

[{CC13387A-0855-9226-0923-050422050039}] "C:\Program Files\Common 

Files\{CC13387A-0855-9226-0923-050422050039}\Update.exe" 

mc-110-12-0000140 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe 

/RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: 

[{CC13387A-0855-9226-0923-050422050039}] "C:\Program Files\Common 

Files\{CC13387A-0855-9226-0923-050422050039}\Update.exe" 

mc-110-12-0000140 (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = 

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Search - 

[url="http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YY"]http://edits.mywebsearch.com/toolbaredits/...ml?p=ZNxmk570YY[/url]

CO

O8 - Extra context menu item: Add to Windows &Live Favorites - 

http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar a Microsoft Excel - 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 

C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} 

- C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - 

C:\Program Files\Common Files\Microsoft Shared\Encarta Search 

Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - 

[url="http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentra"]http://ak.exe.imgfarm.com/images/nocache/f...ei/SmileyCentra[/url]

lFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - 

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient 

Class) - 

[url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.ca"]http://messenger.zone.msn.com/binary/Messe...ent.cab56907.ca[/url]

b

O22 - SharedTaskScheduler: Browseui preloader - 

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - 

C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - 

{8C7461EF-2B13-11d2-BE35-3078302C2030} - 

C:\WINDOWS\system32\browseui.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development 

Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - 

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - 

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common 

Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Client IP-IPX - Unknown owner - 

C:\WINDOWS\system32\svchosts.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program 

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision 

Corporation - C:\Program Files\Common 

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - 

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program 

Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: Programador de LiveUpdate automático - Symantec 

Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: STI Simulator - Unknown owner - 

C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Servicio de uso compartido de red del Reproductor de 

Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program 

Files\Windows Media Player\WMPNetwk.exe

O24 - Desktop Component 0: (no name) - C:\Program 

Files\MSN\pronylaba.html

O24 - Desktop Component 1: (no name) - 

[url="http://www.gamesarefun.com/games/wii/dbzbt2/1.jpg"]http://www.gamesarefun.com/games/wii/dbzbt2/1.jpg[/url]

--

End of file - 10379 bytes

Caito · 16 Abr 2007

Actualiza tu sistema acá :

Buscar actualizaciones con Windows Update

(Si por algún motivo no puedes actualizar sigue con los demás pasos)

Borra todas las cookies y el registro con CCleaner:

Descargar CCleaner | Utilidades - Análisis y Optimización

Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA)

Pasale el Avg-antispyware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas)

Ewido Anti-Malware

Y esta aplicacion también (No necesita instalacion)No te saltes este paso

ElistarA

Descargar EliStarA | Seguridad - Anti-Spyware

Cuando empiece el Scaneo, DESTILDAS la opción de eliminar, a la izquierda de la ventana del programa

Que no elimine nada

Pega un nuevo Log del Hijackthis, mas los Reports de Avg-Antispyware y ElistarA.

Saludos

Caito

Pd. pega los logs en renglones seguidos

ayudenme este es el informe de hijackthis

joseblanco6663

Nuevo Miembro

Caito

Ex- Mod