Resultados 1 al 4 de 4

Tema: Ayuda con HijackThis

  1. josram77
    josram77 está desconectado
    Usuario registrado
    Fecha de ingreso
    11 jun, 07
    Mensajes
    2

    Ayuda con HijackThis

    Tengo una serie de problemas con mi maquina, al principio me empezo a utilizar una gran parte de la memoria en procesos que buscando en internet logre quitarselos.

    Pero ahora presiento que estoy lleno de virus... :cry: .

    Pudiera alguien ayudarme con el siguiente HijackThis??

    Gracias de antemano.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:27:12 PM, on 06/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ASNA\ADB Engine 5.0\adbntsvc.exe
    C:\Program Files\CVSNT\cvsservice.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ipmon.exe
    C:\WINDOWS\ServicePackFiles\services.exe
    C:\WINDOWS\system32\ipmon.exe
    C:\WINDOWS\ServicePackFiles\free.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Sw\Utilerias\Antivirus\Malware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.mx/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://srnorto:81/anmexintranet
    F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\61116584.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\2020V61\Mswin\60\SCBar.Exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.globalhauri.com/Custom/ ... botWeb.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www2.asna.com/ftp/webinstall/iftwclix.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/res ... nPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5928203046
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.31.downloads.estara ... 0OneCC.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9347184897
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://201.139.8.21/activex/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
    O16 - DPF: {C942A79B-01ED-47EE-9DAA-1EFAA70DAB8E} (VacPro.int_ver22b) - http://www.muiegaozsicur.com/ocx/intES_ver22b.CAB
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fotobenavides.com/XUpload/XUpload.ocx
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O17 - HKLM\Software\..\Telephony: DomainName = dnanmex2.aniconet.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\iepgxpg.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acceler8DB Server - ASNA Inc. - C:\Program Files\ASNA\ADB Engine 5.0\adbntsvc.exe
    O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service (file missing)
    O23 - Service: CVSNT Locking Service 2.5.03.2260 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe (file missing)
    O23 - Service: CVSNT Dispatch service 2.5.03.2260 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
    O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: ViRobot for WinNT(tm) Folder Protect (HFACSVC) - Unknown owner - C:\Program Files\Hauri\ViRobot Desktop 5.0\AccessControl\HFACSvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SiteClient Service for VMS (SiteClientService) - Unknown owner - C:\SiteClient\clisvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - C:\Program Files\Apache\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 (file missing)
    O23 - Service: Hauri Firewall (vrfwsvc) - Unknown owner - C:\Program Files\Hauri\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe (file missing)
    O23 - Service: ViRobot Desktop Monitoring (vrmonsvc) - Unknown owner - C:\Program Files\Hauri\Common\Base\vrmonsvc.exe (file missing)

  2. AngelCaidox
    AngelCaidox está desconectado
    Usuario registrado CV Avatar de AngelCaidox
    Fecha de ingreso
    30 dic, 04
    Ubicación
    Llodio(Alava)
    Mensajes
    6,499
    Ni tanto que estas infectado jeje


    Sigue los puntos que te comento sin saltarte uno y poco a poco intentare que me entiendas para poder hacerlo bien.


    Tienes que activar ver archivos ocultos:

    mi pc -- herramientas -- opciones de carpeta -- ver -- mostrar todos los archivos ocultos



    Ahora tienes que eliminar los puntos de restauración para evitar que windows vuelva a estados anteriores, cuando hayas solucionado el problema vuelve a activarlo.
    Para ello:

    BotÓn derecho en mi pc -- propiedades -- restaurar sistema -- desactivar restaurar sistema.



    Ahora dale a "fixed cheked" a las siguientes entradas del hijackthis:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://srnorto:81/anmexintranet
    F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\61116584.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
    O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
    O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\2020V61\Mswin\60\SCBar.Exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.globalhauri.com/Custom/ ... botWeb.cab
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.31.downloads.estara ... 0OneCC.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
    O16 - DPF: {C942A79B-01ED-47EE-9DAA-1EFAA70DAB8E} (VacPro.int_ver22b) - http://www.muiegaozsicur.com/ocx/intES_ver22b.CAB
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fotobenavides.com/XUpload/XUpload.ocx
    017 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O17 - HKLM\Software\..\Telephony: DomainName = dnanmex2.aniconet.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll



    Luego reinicia el equipo en modo a prueba de fallos y busca y borra los siguientes ficheros:

    Azul --> Carpetas a borrar con todo su contenido
    Rojo --> Ficheros a borrar


    C:\WINDOWS\system32\ipmon.exe
    C:\WINDOWS\ServicePackFiles\free.exe
    C:\WINDOWS\ServicePackFiles\services.exe
    C:\WINDOWS\ServicePackFiles\61116584.dll
    C:\WINDOWS\System32\lanmanwrk.exe
    C:\WINDOWS\system32\rpcc.dll




    Una vez borrados estos ficheros reinicia en modo normal y pasa estos dos programas:

    Disk Cleaner
    RegSeeker <-- MANUAL


    Cuando hayas pasado los dos programas, con el internet explorer pasale este antivirus online y me pegas el reporte que te genere el programa, junto a un nuevo log del hijackthis.

    http://www.kaspersky.com/kos/spanish/kavwebscan.html



    un saludo y suerte

  3. josram77
    josram77 está desconectado
    Usuario registrado
    Fecha de ingreso
    11 jun, 07
    Mensajes
    2

    Esto es el resultado...

    Logfile of HijackThis v1.99.1
    Scan saved at 8:38:16 AM, on 06/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ASNA\ADB Engine 5.0\adbntsvc.exe
    C:\Program Files\CVSNT\cvsservice.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Sw\Utilerias\Antivirus\Malware\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.mx/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.globalhauri.com/Custom/ ... botWeb.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/ka ... nicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www2.asna.com/ftp/webinstall/iftwclix.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/res ... nPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5928203046
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.31.downloads.estara ... 0OneCC.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9347184897
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://201.139.8.21/activex/AxisCamControl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O17 - HKLM\Software\..\Telephony: DomainName = dnanmex2.aniconet.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\iepgxpg.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acceler8DB Server - ASNA Inc. - C:\Program Files\ASNA\ADB Engine 5.0\adbntsvc.exe
    O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service (file missing)
    O23 - Service: CVSNT Locking Service 2.5.03.2260 (cvslock) - Unknown owner - (no file)
    O23 - Service: CVSNT Dispatch service 2.5.03.2260 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
    O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
    O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
    O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - C:\Program Files\Apache\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 (file missing)
    O23 - Service: Hauri Firewall (vrfwsvc) - Unknown owner - (no file)
    O23 - Service: ViRobot Desktop Monitoring (vrmonsvc) - Unknown owner - (no file)

  4. AngelCaidox
    AngelCaidox está desconectado
    Usuario registrado CV Avatar de AngelCaidox
    Fecha de ingreso
    30 dic, 04
    Ubicación
    Llodio(Alava)
    Mensajes
    6,499
    que has notado? dime tu sensasión.

    Te faltan cosas por eliminar, borra estas dos entradas:


    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.globalhauri.com/Custom/ ... botWeb.cab
    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.31.downloads.estara ... 0OneCC.cab


    Conoces esta configuracion de dns´s? o proxys nose que leches serán..


    dnanmex2.aniconet.com




    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com
    O17 - HKLM\Software\..\Telephony: DomainName = dnanmex2.aniconet.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dnanmex2.aniconet.com