Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Logfile HELP PLEASE!


  • Please log in to reply
3 replies to this topic

#1 j0zua

j0zua

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 25 December 2004 - 02:31 PM

Hi friends,
I've been out of my home for 3 months and now, I've found that my IE has gone crazy. I don't know what my small brother has been doing and, of course, I don't know how to fix it. Here is my HijackThis Logfile. Thank you for everything.

Logfile of HijackThis v1.99.0
Scan saved at 20:01:35, on 25/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\lpwrdxqa.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\WINDOWS\DitExp.exe
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\GERMAN\Escritorio\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ehttp.cc/?www.google.es
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = encinager@euskalnet,net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll (file missing)
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lorraine] C:\WINDOWS\System32\Lorraine.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [bmqyinswxewi] C:\WINDOWS\System32\lpwrdxqa.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [6496828.exe] C:\WINDOWS\System32\6496828.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Dialer] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\MSA32CHK.dll,Reg QueBonito4
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - Global Startup: GStartup.lnk = C:\Archivos de programa\Archivos comunes\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: QueBonito4 - {03FBB191-FB50-4154-91D7-587D5E3C0000} - C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe (HKCU)
O9 - Extra 'Tools' menuitem: QueBonito4 - {03FBB191-FB50-4154-91D7-587D5E3C0000} - C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe (HKCU)
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix: http://ehttp.cc/?
O13 - WWW Prefix: http://ehttp.cc/?
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A} - http://acceso.masminutos.com/software.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3} (IntRuboskizo Class) - http://www.minijuegos.com/ruboskizo.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://ocx3.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1762c5ea604d04e06514/...RdxIE601_es.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A04EA897-51C5-4C25-BA0B-829D4341CB94}: NameServer = 195.235.113.3 195.235.96.90
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Intel® Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Panda Antispam Service - Unknown - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\passrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Panda Imanager Service - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\psimsvc.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 AM

Posted 26 December 2004 - 12:54 AM

Download cwshredder 2.12 from here:

http://cwshredder.net/bin/CWShredder.exe

Run the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.

When its done run hijackthis again post a new log

#3 j0zua

j0zua
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 26 December 2004 - 08:35 PM

Hi!
Here is my new log
Logfile of HijackThis v1.99.0
Scan saved at 2:34:50, on 27/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\Dit.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\passrv.exe
C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
C:\WINDOWS\DitExp.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\GERMAN\Escritorio\CWShredder.exe
C:\Documents and Settings\GERMAN\Escritorio\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = encinager@euskalnet,net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll (file missing)
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Archivos de programa\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lorraine] C:\WINDOWS\System32\Lorraine.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [6496828.exe] C:\WINDOWS\System32\6496828.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Dialer] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\MSA32CHK.dll,Reg QueBonito4
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - Global Startup: GStartup.lnk = C:\Archivos de programa\Archivos comunes\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Puerto Symantec Fax Starter Edition.lnk = C:\Archivos de programa\Microsoft Office\Office\3082\OLFSNT40.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: QueBonito4 - {03FBB191-FB50-4154-91D7-587D5E3C0000} - C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe (HKCU)
O9 - Extra 'Tools' menuitem: QueBonito4 - {03FBB191-FB50-4154-91D7-587D5E3C0000} - C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe (HKCU)
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Archivos de programa\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix: http://ehttp.cc/?
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A} - http://acceso.masminutos.com/software.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3} (IntRuboskizo Class) - http://www.minijuegos.com/ruboskizo.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://ocx3.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1762c5ea604d04e06514/...RdxIE601_es.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A04EA897-51C5-4C25-BA0B-829D4341CB94}: NameServer = 195.235.113.3 195.235.96.90
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Intel® Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM de DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Panda Antispam Service - Unknown - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\passrv.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Panda Imanager Service - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum Internet Security\psimsvc.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 AM

Posted 26 December 2004 - 11:26 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll (file missing)
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll (file missing)
O4 - HKLM\..\Run: [Lorraine] C:\WINDOWS\System32\Lorraine.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [6496828.exe] C:\WINDOWS\System32\6496828.exe
O4 - HKCU\..\Run: [Dialer] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\MSA32CHK.dll,Reg QueBonito4
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - Global Startup: GStartup.lnk = C:\Archivos de programa\Archivos comunes\GMT\GMT.exe
O9 - Extra button: QueBonito4 - {03FBB191-FB50-4154-91D7-587D5E3C0000} - C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe (HKCU)
O9 - Extra 'Tools' menuitem: QueBonito4 - {03FBB191-FB50-4154-91D7-587D5E3C0000} - C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe (HKCU)
O13 - DefaultPrefix: http://ehttp.cc/?
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03FBB191-FB50-4154-91D7-587D5E3C3C9A} - http://acceso.masminutos.com/software.cab
O16 - DPF: {2C1651EF-8827-11D6-91A2-00E02964E8E3} (IntRuboskizo Class) - http://www.minijuegos.com/ruboskizo.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} - http://ocx3.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1762c5ea604d04e06514/...RdxIE601_es.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\Lorraine.exe
C:\WINDOWS\System32\P2P Networking\
C:\WINDOWS\System32\6496828.exe
C:\WINDOWS\System32\MSA32CHK.dll
C:\WINDOWS\System32\tss.exe
C:\Archivos de programa\Archivos comunes\GMT\
C:\Documents and Settings\GERMAN\Datos de programa\MATRIX\QueBonito4\LanzarDll.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users