Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help me to kill this virus


  • Please log in to reply
1 reply to this topic

#1 antivirusdm

antivirusdm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 18 November 2004 - 07:38 PM

lean este log y ayudenme porque por mas que intento me sigue saliendo como pagina de inicio, y cuando ejecuto el hijackthis no me sale el valor O20


Logfile of HijackThis v1.98.2
Scan saved at 18:55:59, on 04/01/80
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\PERAV\PAV.EXE
C:\ARCHIVOS DE PROGRAMA\PERAV\PERVAC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\ARCHIVOS DE PROGRAMA\PERAV\PERTSK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\T62CY3WIBP4YTHD.EXE
C:\WINDOWS\SYSTEM\FBIE5X6DX42I.EXE
C:\ARCHIVOS DE PROGRAMA\WINZIP\WZQKPICK.EXE
C:\ARCHIVOS DE PROGRAMA\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
D:\DESCARGAS\HIJACKTHIS.EXE
D:\DESCARGAS\KILLBOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\UT7247~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O3 - Toolbar: Directory Toolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\WINDOWS\Downloaded Program Files\sdmtb.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\T62CY3WIBP4YTHD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PAV.EXE] C:\ARCHIV~1\PERAV\PAV.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\FBIE5X6DX42I.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O4 - Startup: Actualización de PER Antivirus.lnk = C:\Archivos de programa\Perav\PERUPD.EXE
O4 - Startup: PER Antivirus.lnk = C:\Archivos de programa\Perav\PAV.EXE
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = adsl
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.48.225.130,200.48.225.146

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 18 November 2004 - 10:58 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\UT7247~1.DLL
O3 - Toolbar: Directory Toolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\WINDOWS\Downloaded Program Files\sdmtb.dll
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\T62CY3WIBP4YTHD.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\FBIE5X6DX42I.EXE
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\WINDOWS\Downloaded Program Files\sdmtb.dll
C:\WINDOWS\SYSTEM\T62CY3WIBP4YTHD.EXE
C:\WINDOWS\SYSTEM\FBIE5X6DX42I.EXE

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users