|
|
|
|
|
Hijack test babylon spyware |
|
| Windows 7 (6.1) 32b, Microsoft Internet Explorer 6.0 Problema con babylon, ejecutando el programa hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:42 p.m., on 10/07/2012 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\ \ ProgramData\ \ DatacardService\ \ DCSHelper.exe C:\ \ Program Files (x86)\ \ Trend Micro\ \ HijackThis\ \ HijackThis.exe R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://g.msn.com/HPALL/17 R1 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Page_URL = http://g.msn.com/HPALL/17 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Start Page = http://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztByDyDtDyE0FzyyBtBtByBtN0D0TzutBtDtCtBtDyCtByB&cr=1143327316 R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,SearchAssistant = R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Search,CustomizeSearch = R0 - HKLM\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Main,Local Page = C:\ \ Windows\ \ SysWOW64\ \ blank.htm R0 - HKCU\ \ Software\ \ Microsoft\ \ Internet Explorer\ \ Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0974848a-b5bc-49f2-9778-307742b4a55d} - (no file) R3 - URLSearchHook: (no name) - {9c905b42-976e-43c1-bc30-fc5937017909} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\ \ Program Files (x86)\ \ Common Files\ \ Adobe\ \ Acrobat\ \ ActiveX\ \ AcroIEHelperShim.dll O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\ \ Program Files (x86)\ \ IMinent Toolbar\ \ tbcore3.dll O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\ \ PROGRA~2\ \ Funmoods\ \ 1.5.23.22\ \ bh\ \ escort.dll (file missing) O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\ \ Program Files (x86)\ \ Common Files\ \ Microsoft Shared\ \ Windows Live\ \ WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\ \ Program Files (x86)\ \ Windows Live\ \ Companion\ \ companioncore.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\ \ Program Files (x86)\ \ DealPly\ \ DealPlyIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\ \ Program Files (x86)\ \ Google\ \ Google Toolbar\ \ GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\ \ Program Files (x86)\ \ Java\ \ jre6\ \ bin\ \ jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\ \ Program Files (x86)\ \ HyperCam Toolbar\ \ tbcore3.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\ \ Program Files (x86)\ \ HyperCam Toolbar\ \ tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\ \ Program Files (x86)\ \ Google\ \ Google Toolbar\ \ GoogleToolbar_32.dll O3 - Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file) O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file) O4 - HKCU\ \ .\ \ Run: [msnmsgr] "C:\ \ Program Files (x86)\ \ Windows Live\ \ Messenger\ \ msnmsgr.exe" /background O8 - Extra context menu item: Google Sidewiki. - res://C:\ \ Program Files (x86)\ \ Google\ \ Google Toolbar\ \ Component\ \ GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: @C:\ \ Program Files (x86)\ \ Windows Live\ \ Companion\ \ companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\ \ Program Files (x86)\ \ Windows Live\ \ Companion\ \ companioncore.dll O9 - Extra button: @C:\ \ Program Files (x86)\ \ Windows Live\ \ Writer\ \ WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\ \ Program Files (x86)\ \ Windows Live\ \ Writer\ \ WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\ \ Program Files (x86)\ \ Windows Live\ \ Writer\ \ WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\ \ Program Files (x86)\ \ Windows Live\ \ Writer\ \ WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\ \ program files (x86)\ \ common files\ \ microsoft shared\ \ windows live\ \ wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\ \ program files (x86)\ \ common files\ \ microsoft shared\ \ windows live\ \ wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O17 - HKLM\ \ System\ \ CCS\ \ Services\ \ Tcpip\ \ .\ \ {729A47DF-7FDD-4F42-9C7D-6CD32A3F0483}: NameServer = 207.83.200.200 207.83.200.201 O17 - HKLM\ \ System\ \ CCS\ \ Services\ \ Tcpip\ \ .\ \ {96E4B20A-C389-423C-9177-F90AC5D15940}: NameServer = 207.83.200.200 207.83.200.201 O17 - HKLM\ \ System\ \ CCS\ \ Services\ \ Tcpip\ \ .\ \ {B9928528-49F5-440D-BA62-81F379946756}: NameServer = 207.83.200.200 207.83.200.201 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\ \ Program Files (x86)\ \ Windows Live\ \ Photo Gallery\ \ AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\ \ Program Files\ \ SUPERAntiSpyware\ \ SASCORE64.EXE O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\ \ Program Files (x86)\ \ Common Files\ \ ArcSoft\ \ Connection Service\ \ Bin\ \ ACService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\ \ Program Files\ \ Realtek\ \ Audio\ \ HDA\ \ AERTSr64.exe O23 - Service: @%SystemRoot%\ \ system32\ \ Alg.exe,-112 (ALG) - Unknown owner - C:\ \ Windows\ \ System32\ \ alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\ \ Windows\ \ system32\ \ atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\ \ Program Files (x86)\ \ Common Files\ \ Apple\ \ Mobile Device Support\ \ AppleMobileDeviceService.exe O23 - Service: Servicio de estado de ASP.NET (aspnet_state) - Unknown owner - C:\ \ Windows\ \ Microsoft.NET\ \ Framework\ \ v2.0.50727\ \ aspnet_state.exe (file missing) O23 - Service: @%SystemRoot%\ \ system32\ \ efssvc.dll,-100 (EFS) - Unknown owner - C:\ \ Windows\ \ System32\ \ lsass.exe (file missing) O23 - Service: @%systemroot%\ \ system32\ \ fxsresm.dll,-118 (Fax) - Unknown owner - C:\ \ Windows\ \ system32\ \ fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\ \ Program Files (x86)\ \ Common Files\ \ Macrovision Shared\ \ FLEXnet Publisher\ \ FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\ \ Program Files\ \ Common Files\ \ Macrovision Shared\ \ FLEXnet Publisher\ \ FNPLicensingService64.exe O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Google Inc. - C:\ \ Program Files (x86)\ \ Google\ \ Update\ \ GoogleUpdate.exe O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Google Inc. - C:\ \ Program Files (x86)\ \ Google\ \ Update\ \ GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\ \ Program Files (x86)\ \ Google\ \ Common\ \ Google Updater\ \ GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\ \ Program Files (x86)\ \ Hewlett-Packard\ \ HP Health Check\ \ hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\ \ Program Files\ \ Hewlett-Packard\ \ HP Wireless Assistant\ \ HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\ \ Program Files (x86)\ \ Hewlett-Packard\ \ Shared\ \ HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\ \ Program Files (x86)\ \ Hewlett-Packard\ \ Shared\ \ hpqwmiex.exe O23 - Service: HPWMISVC - Unknown owner - C:\ \ Program Files (x86)\ \ Hewlett-Packard\ \ HP Quick Launch\ \ HPWMISVC.exe O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ \ ProgramData\ \ DatacardService\ \ HWDeviceService64.exe O23 - Service: Internet Movil Unefon. OUC (Internet Movil Unefon. RunOuc) - Unknown owner - C:\ \ Program Files (x86)\ \ Internet Movil Unefon\ \ UpdateDog\ \ ouc.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\ \ Program Files\ \ iPod\ \ bin\ \ iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\ \ Windows\ \ system32\ \ lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\ \ Program Files (x86)\ \ Common Files\ \ LightScribe\ \ LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\ \ Windows\ \ SysWOW64\ \ lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\ \ Windows\ \ SysWOW64\ \ lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\ \ Windows\ \ SysWOW64\ \ lktsrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\ \ Windows\ \ System32\ \ msdtc.exe (file missing) O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\ \ Program Files (x86)\ \ National Instruments\ \ MAX\ \ nimxs.exe O23 - Service: @%SystemRoot%\ \ System32\ \ netlogon.dll,-102 (Netlogon) - Unknown owner - C:\ \ Windows\ \ system32\ \ lsass.exe (file missing) O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\ \ Program Files (x86)\ \ National Instruments\ \ Shared\ \ Security\ \ nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\ \ Windows\ \ SysWOW64\ \ nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\ \ Program Files (x86)\ \ National Instruments\ \ Shared\ \ Tagger\ \ tagsrv.exe O23 - Service: @%systemroot%\ \ system32\ \ psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\ \ Windows\ \ system32\ \ lsass.exe (file missing) O23 - Service: @%systemroot%\ \ system32\ \ Locator.exe,-2 (RpcLocator) - Unknown owner - C:\ \ Windows\ \ system32\ \ locator.exe (file missing) O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\ \ Program Files\ \ Realtek\ \ RtVOsd\ \ RtVOsdService.exe O23 - Service: @%SystemRoot%\ \ system32\ \ samsrv.dll,-1 (SamSs) - Unknown owner - C:\ \ Windows\ \ system32\ \ lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\ \ Program Files (x86)\ \ PC Connectivity Solution\ \ ServiceLayer.exe O23 - Service: @%SystemRoot%\ \ system32\ \ snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\ \ Windows\ \ System32\ \ snmptrap.exe (file missing) O23 - Service: @%systemroot%\ \ system32\ \ spoolsv.exe,-1 (Spooler) - Unknown owner - C:\ \ Windows\ \ System32\ \ spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\ \ system32\ \ sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\ \ Windows\ \ system32\ \ sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\ \ system32\ \ ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\ \ Windows\ \ system32\ \ UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\ \ system32\ \ vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\ \ Windows\ \ system32\ \ lsass.exe (file missing) O23 - Service: @%SystemRoot%\ \ system32\ \ vds.exe,-100 (vds) - Unknown owner - C:\ \ Windows\ \ System32\ \ vds.exe (file missing) O23 - Service: @%systemroot%\ \ system32\ \ vssvc.exe,-102 (VSS) - Unknown owner - C:\ \ Windows\ \ system32\ \ vssvc.exe (file missing) O23 - Service: @%systemroot%\ \ system32\ \ wbengine.exe,-104 (wbengine) - Unknown owner - C:\ \ Windows\ \ system32\ \ wbengine.exe (file missing) O23 - Service: @%Systemroot%\ \ system32\ \ wbem\ \ wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\ \ Windows\ \ system32\ \ wbem\ \ WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\ \ Windows Media Player\ \ wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\ \ Program Files (x86)\ \ Windows Media Player\ \ wmpnetwk.exe (file missing) -- End of file - 12016 bytes |
Temas relacionados: |
| Hijack this | |
| Hola, alguien me puede decir como interpretar correctamente el resultado después de un scaneo con el hijack this, puesto de muestra lo bueno y lo malo, como reconocer que archivos puedo eliminar sin problemas? gracias ... | |
| Hijack.startpage | |
| Tengo el hijack.startpage lo intente sacar con el malwaresbytes y el adwcleaner. pero no tengo resulados así que instalé el hijackthis. y me salió este registro Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 06:09:06 p.m., on 06/11/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17344) Boot mode: Normal Running processes: C:\\Program Files (x86)\\IObit\\Advanced SystemCare 7\\Monitor.exe C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbam.exe C:\\Program Files (x86)\\M... | |
| Revisar log hijack this | |
| Agradecería algún entendido en la materia me puede revisar el siguiente log pues creo que hay muchas entradas sospechosas. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:54:04, on 18/05/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\\Windows\\system32\\taskhost.exe C:\\Windows\\system32\\Dwm.exe C:\\Windows\\Explorer.EXE C:\\Program Files\\Microsoft Security Client\\msseces.exe C:\\Program Files\\Common Files\\Java\\Java Update\\... | |
| Eliminar search canvas con hijack this (Solucionada) | |
| LAPTOP WINDOWS 7 gracias de antemano.quise adronar una foto y entre a una pagina de efectos online.pero esto cambio mi pagina de busqueda que era siempre google pues ahora aparece search canvas con la figura de un perrito.he querido quitarla y nada.por eso lei la respuesta que le dieron a un usuario con mi mismo problema.entre a hijack this y copie el texto que me dieron tal como uds. lo indicaron.ayúdenme por favor.gracias Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 05:13:18 p.m., on 15/07/2012 Platform: Windows 7 SP1 (Wi... | |
| Win.32:Spyware-gen (spy) | |
| Windows Vista (6.0) 32b, Microsoft Internet Explorer 9.0 Windows Vista 32 al pasar el antivirus avats me da error 42111 como puedo eliminarlo y no ser como quitarlo gracias de antemano ... | |
| Foros: Spyware, Babylon |
| Subir |
Foros: |
|
-