| valenms |  |
|
2011-07-12 16:16 - Respuestas: 0 - Tema nº: 2806139
Intel pentium core 2, window 7, portatil acer
tengo ipagle como pagina de entrada en mi internet explorer y no lo puedo quitar mi log con hijack no se como leerlo ak se los posteo...muchas gracias
logfile of trend micro hijackthis v2.0.4
scan saved at 9:18:46 pm, on 7/12/2011
platform: windows 7 sp1 (winnt 6.00.3505)
msie: internet explorer v9.00 (9.00.8112.16421)
boot mode: normal
running processes:
c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
c:\windows\plfseti.exe
c:\program files (x86)\windows live\messenger\msnmsgr.exe
c:\program files (x86)\windows sidebar\sidebar.exe
c:\program files (x86)\launch manager\lmanager.exe
c:\program files (x86)\avg\avg9\avgtray.exe
c:\program files (x86)\cyberlink\shared files\brs.exe
c:\program files (x86)\itunes\ituneshelper.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\windows live\contacts\wlcomm.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\google\google toolbar\googletoolbaruser_32.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = http://homepage.emachines.com/rdr.aspx?b=acew&l=0409&m=e725&r=273609104715l04f4z125r45824827
r0 - hkcu\software\microsoft\internet explorer\main,start page = www.ipagle.com/fondos.php
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = http://homepage.emachines.com/rdr.aspx?b=acew&l=0409&m=e725&r=273609104715l04f4z125r45824827
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hklm\software\microsoft\internet explorer\main,start page = http://homepage.emachines.com/rdr.aspx?b=acew&l=0409&m=e725&r=273609104715l04f4z125r45824827
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
r3 - urlsearchhook: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\ietoolbar.dll
r3 - urlsearchhook: (no name) - {f08555b0-9cc3-11d2-aa8e-000000000567} - (no file)
r3 - urlsearchhook: (no name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)
f2 - reg:system.ini: userinit=userinit.exe
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: shoppingreport2 - {258c9770-1713-4021-8d7e-1f184a2bd754} - c:\program files (x86)\shoppingreport2\bin\2.7.21\shoppingreport.dll
o2 - bho: conduit engine - {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files (x86)\conduitengine\prxconduitengine.dll
o2 - bho: searchpredictobj class - {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~2\search~1\search~1.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
o2 - bho: sbconvert - {4af9df3e-17a4-428f-a39e-28ada0a3a522} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
o2 - bho: windows live aplicación auxiliar de inicio de sesión - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\ietoolbar.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
o2 - bho: grabberobj class - {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~2\speedb~1\toolbar\grabber.dll
o3 - toolbar: avg security toolbar - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\ietoolbar.dll
o3 - toolbar: conduit engine - {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files (x86)\conduitengine\prxconduitengine.dll
o3 - toolbar: speedbit video downloader - {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [lmanager] c:\program files (x86)\launch manager\lmanager.exe
o4 - hklm\..\run: [groovemonitor] "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"
o4 - hklm\..\run: [avg9_tray] c:\progra~2\avg\avg9\avgtray.exe
o4 - hklm\..\run: [bdregion] c:\program files (x86)\cyberlink\shared files\brs.exe
o4 - hklm\..\run: [adobe arm] "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
o4 - hklm\..\run: [applesyncnotifier] c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe
o4 - hklm\..\run: [quicktime task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime
o4 - hklm\..\run: [adobecs5servicemanager] "c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe" -launchedbylogin
o4 - hklm\..\run: [switchboard] c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
o4 - hklm\..\run: [icall internet phone] "c:\program files (x86)\icall\icall.exe" /startup
o4 - hklm\..\run: [ituneshelper] "c:\program files (x86)\itunes\ituneshelper.exe"
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files (x86)\common files\java\java update\jusched.exe"
o4 - hkcu\..\run: [ares] "c:\program files (x86)\ares\ares.exe" -h
o4 - hkcu\..\run: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [voxoxng] c:\program files (x86)\voxox\voxox.exe -b
o4 - hkcu\..\run: [freecall] "c:\program files (x86)\freecall.com\freecall\freecall.exe" -nosplash -minimized
o4 - hkcu\..\run: [google update] "c:\users\acer\appdata\local\google\update\googleupdate.exe" /c
o4 - hkcu\..\run: [oovoo.exe] c:\program files (x86)\oovoo\oovoo.exe /minimized
o4 - hkcu\..\run: [sidebar] c:\program files (x86)\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [sys] c:\windows\wan.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o8 - extra context menu item: append link target to existing pdf - res://c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll/acroieappendsellinks.html
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~2\micros~1\office12\excel.exe/3000
o8 - extra context menu item: free youtube to mp3 converter - c:\users\acer\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
o8 - extra context menu item: google sidewiki... - res://c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_43c348bc2e93eb2b.dll/cmsidewiki.html
o9 - extra button: agregar entrada - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &agregar entrada en windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: send to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~1\office12\onbttnie.dll
o9 - extra 'tools' menuitem: s&end to onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~2\micros~1\office12\onbttnie.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~1\office12\refiebar.dll
o9 - extra button: shopperreports - compare product prices - {db38e21a-0133-419d-92ad-ecdfd5244d6d} - c:\program files (x86)\shoppingreport2\bin\2.7.21\shoppingreport.dll
o9 - extra button: shopperreports - compare travel rates - {eb620c54-e229-4942-87ce-e717109fc8c6} - c:\program files (x86)\shoppingreport2\bin\2.7.21\shoppingreport.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
o16 - dpf: {5c051655-fcd5-4969-9182-770ea5aa5565} (solitaire showdown class) - http://messenger.zone.msn.com/binary/solitaireshowdown.cab56986.cab
o16 - dpf: {5d6f45b3-9043-443d-a792-115447494d24} (unoctrl class) - http://messenger.zone.msn.com/messengergamescontent/gamecontent/default/uno1/game_uno1.cab
o16 - dpf: {67dabfbf-d0ab-41fa-9c46-cc0f21721616} - http://download.divx.com/player/divxbrowserplugin.cab
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (msn games - installer) - http://cdn2.zone.msn.com/binframework/v10/zpaframework.cab102118.cab
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab
o16 - dpf: {cac181b0-4d70-402d-b571-c596a47d0ce0} (cbankshotzonectrl class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab
o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} (minesweeper flags class) - http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab
o17 - hklm\system\ccs\services\tcpip\..\{b4a63258-beab-499f-972b-91d61a08e45f}: nameserver = 140.127.1.2,168.95.1.1
o18 - protocol: avgsecuritytoolbar - {f2dde6b2-9684-4a55-86d4-e255e237b77c} - c:\program files (x86)\avg\avg9\toolbar\ietoolbar.dll
o18 - protocol: groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files (x86)\microsoft office\office12\groovesystemservices.dll
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files (x86)\avg\avg9\avgpp.dll
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: apple mobile device - apple inc. - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: avg security toolbar service - unknown owner - c:\program files (x86)\avg\avg9\toolbar\toolbarbroker.exe
o23 - service: avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files (x86)\avg\avg9\avgwdsvc.exe
o23 - service: bonjour service - apple inc. - c:\program files (x86)\bonjour\mdnsresponder.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: acer epower service (epowersvc) - acer incorporated - c:\program files\emachines\emachines power management\epowersvc.exe
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: gregservice (greg_service) - acer incorporated - c:\program files (x86)\emachines\registration\greghsrw.exe
o23 - service: google update service (gupdate) (gupdate) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google update service (gupdatem) (gupdatem) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
o23 - service: intel(r) matrix storage event monitor (iaantmon) - intel corporation - c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe
o23 - service: ipod service - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: nero backitup scheduler 4.0 - nero ag - c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nti backup now 5 backup service (ntibackupsvc) - newtech infosystems, inc. - c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe
o23 - service: nti backup now 5 scheduler service (ntischedulersvc) - newtech infosystems, inc. - c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: adobe switchboard (switchboard) - adobe systems incorporated - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: updater service - acer - c:\program files\emachines\emachines updater\updaterservice.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
end of file - 16039 bytes
| |
|
|
