E
escaquex
Guest
HOLA:
TENGO PROBLEMAS AL INICIAR EL EXPLORER.
ME LLEVA DIRECTAMENTE A LAS PAGINAS http://t.swapx.cc y Http://win-eto.com
HE PASADO EL SPYBOOT, ANTITROJAN Y TROJAN REMOVE, PERO NO CONSIGO QUITARMELO DE ENCIMA.
SIGUIENDO VUESTRAS INSTRUCCIONES BAJE HIJAKJTHIS Y DISK CLEAN, PERO
NO SE MUY BIEN QUE DEBO BORRAR.
CREO QUE TODO EMPEZO CUANDO BUSCABA UN TRUCO EN JUEGOS RUBOSKIZO O ALGO ASI.
OS ADJUNTO MI LOG......Y A ESPERAR.
MUCHAS GRACIAS ANTICIPADAS.
StartupList report, 02/12/04, 13:51:43
StartupList version: 1.52
Started from : C:\HIJACK\HIJACK.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\RunDLL.exe
C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK\HIJACK.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Menú Inicio\Programas\Inicio]
Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
AtiPTA = Atiptaxx.exe
Ati2cwxx = Ati2cwxx.exe
CreativeMixer = C:\Archivos de programa\Creative\Audio\PROGRAM\CTMIX32.EXE /t
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
Disc Detector = C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
LoadQM = loadqm.exe
SCANINICIO = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
APVXDWIN = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Apvxdwin.exe" /s
Control handler = C:\WINDOWS\SYSTEM\2MWENUS0KBW1S6THD.EXE
TCASUTIEXE = TCAUDIAG.EXE -off
BFTRoySetup.exe = C:\DOWNLOAD\BFTROY~1.EXE /r
TrojanScanner = C:\Archivos de programa\Trojan Remover\Trjscan.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ATIPOLAB = ati2evae.exe
PANDASCHEDULER = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
PAVFIRES = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
MsnMsgr = "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
SpybotSD TeaTimer = C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
romahere3 = C:\WINDOWS\SYSTEM\LHEB5RYELU6E.EXE
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 2/12/2004, 12:18:6)
[Rename]
C:\WINDOWS\SYSTEM\MSOSS.DLL=C:\WINDOWS\SYSTEM\SFC2063.TMP
C:\WINDOWS\SYSTEM\SOFTPUB.DLL=C:\WINDOWS\SYSTEM\SFC1134.TMP
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
SET BLASTER=A220 I7 D1 H7 P330 T6
SET SBPCI=C:\ARCHIV~1\CREATIVE\AUDIO\DOSDRV
MODE CON CODEPAGE PREPARE=((850) C:\WINDOWS\COMMAND\EGA.CPI)
MODE CON CODEPAGE SELECT=850
KEYB SP,,C:\WINDOWS\COMMAND\KEYBOARD.SYS
SHARE.EXE
SET PATH=C:\ARCHIV~1\PANDAS~1\PANDAA~1;%PATH%
C:\ARCHIV~1\PANDAS~1\PANDAA~1\PAVCLSHE C:\ARCHIV~1\PANDAS~1\PANDAA~1\
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - c:\archivos de programa\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\WINDOWS\SYSTEM\D8L7T3~1.DLL - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[Autodesk MapGuide ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MGAXCTRL.DLL
CODEBASE = http://mapas.clix.pt/mgaxctrl.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 8\DOWNLOAD.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[{2C1651EF-8827-11D6-91A2-00E02964E8E3}]
CODEBASE = http://www.adultoweb.com/dialershtml/dialerweb.cab
[SysWebTelecom Class]
InProcServer32 = C:\WINDOWS\SYSTEM\SYSWEB~1.DLL
CODEBASE = http://www.sponsoradulto.com/SysWebTelecom2.cab
[IntRuboskizo2 Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\RUBOSK~1.DLL
CODEBASE = http://www.juegos-flash.com/ruboskizo2.cab
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
[Zylom Loader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZYLOMLOADER.DLL
CODEBASE = http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8308.1816782407
[{11311111-1111-1111-1111-111111111157}]
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 7.019 bytes
Report generated in 0,069 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list versión history only
TENGO PROBLEMAS AL INICIAR EL EXPLORER.
ME LLEVA DIRECTAMENTE A LAS PAGINAS http://t.swapx.cc y Http://win-eto.com
HE PASADO EL SPYBOOT, ANTITROJAN Y TROJAN REMOVE, PERO NO CONSIGO QUITARMELO DE ENCIMA.
SIGUIENDO VUESTRAS INSTRUCCIONES BAJE HIJAKJTHIS Y DISK CLEAN, PERO
NO SE MUY BIEN QUE DEBO BORRAR.
CREO QUE TODO EMPEZO CUANDO BUSCABA UN TRUCO EN JUEGOS RUBOSKIZO O ALGO ASI.
OS ADJUNTO MI LOG......Y A ESPERAR.
MUCHAS GRACIAS ANTICIPADAS.
StartupList report, 02/12/04, 13:51:43
StartupList version: 1.52
Started from : C:\HIJACK\HIJACK.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.00 (5.00.2919.6304)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVAE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\RunDLL.exe
C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACK\HIJACK.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Menú Inicio\Programas\Inicio]
Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
AtiPTA = Atiptaxx.exe
Ati2cwxx = Ati2cwxx.exe
CreativeMixer = C:\Archivos de programa\Creative\Audio\PROGRAM\CTMIX32.EXE /t
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
Disc Detector = C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
LoadQM = loadqm.exe
SCANINICIO = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
APVXDWIN = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Apvxdwin.exe" /s
Control handler = C:\WINDOWS\SYSTEM\2MWENUS0KBW1S6THD.EXE
TCASUTIEXE = TCAUDIAG.EXE -off
BFTRoySetup.exe = C:\DOWNLOAD\BFTROY~1.EXE /r
TrojanScanner = C:\Archivos de programa\Trojan Remover\Trjscan.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ATIPOLAB = ati2evae.exe
PANDASCHEDULER = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
PAVFIRES = "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
MsnMsgr = "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
SpybotSD TeaTimer = C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
romahere3 = C:\WINDOWS\SYSTEM\LHEB5RYELU6E.EXE
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 2/12/2004, 12:18:6)
[Rename]
C:\WINDOWS\SYSTEM\MSOSS.DLL=C:\WINDOWS\SYSTEM\SFC2063.TMP
C:\WINDOWS\SYSTEM\SOFTPUB.DLL=C:\WINDOWS\SYSTEM\SFC1134.TMP
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
SET BLASTER=A220 I7 D1 H7 P330 T6
SET SBPCI=C:\ARCHIV~1\CREATIVE\AUDIO\DOSDRV
MODE CON CODEPAGE PREPARE=((850) C:\WINDOWS\COMMAND\EGA.CPI)
MODE CON CODEPAGE SELECT=850
KEYB SP,,C:\WINDOWS\COMMAND\KEYBOARD.SYS
SHARE.EXE
SET PATH=C:\ARCHIV~1\PANDAS~1\PANDAA~1;%PATH%
C:\ARCHIV~1\PANDAS~1\PANDAA~1\PAVCLSHE C:\ARCHIV~1\PANDAS~1\PANDAA~1\
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - c:\archivos de programa\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\WINDOWS\SYSTEM\D8L7T3~1.DLL - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[Autodesk MapGuide ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MGAXCTRL.DLL
CODEBASE = http://mapas.clix.pt/mgaxctrl.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 8\DOWNLOAD.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[{2C1651EF-8827-11D6-91A2-00E02964E8E3}]
CODEBASE = http://www.adultoweb.com/dialershtml/dialerweb.cab
[SysWebTelecom Class]
InProcServer32 = C:\WINDOWS\SYSTEM\SYSWEB~1.DLL
CODEBASE = http://www.sponsoradulto.com/SysWebTelecom2.cab
[IntRuboskizo2 Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\RUBOSK~1.DLL
CODEBASE = http://www.juegos-flash.com/ruboskizo2.cab
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
[Zylom Loader Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZYLOMLOADER.DLL
CODEBASE = http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8308.1816782407
[{11311111-1111-1111-1111-111111111157}]
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 7.019 bytes
Report generated in 0,069 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list versión history only