Options
Hijacker.spyAxe - Msssearchnet.exe - Vcodec
Hi, i need a little help getting rid of this crap. I got Ewido and Ad-Aware SE updated; HJT, smitrem and a panda shortcut on desktop. But im not sure how to read the logs to effectivly get rid of this crap that made me loose so much time.
Here is what i know on how to proceed, i probly need some little adjustments.
- Reboot on Safe Mode.
- Run HJT (here i dont know what to fix and what not).
- Run smitrem (its pretty fast, just a few mins, is this ok or should it take longer?).
- Run Ewido (i only save the report of the scan or perform any actions?).
- Reboot in normal mode.
- Run panda scan.
After this should i post the panda scan report too?
Thx a lot for any help you can give me.
Here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 01:45:19 p.m., on 24/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp756E.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106309441691
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
Here is what i know on how to proceed, i probly need some little adjustments.
- Reboot on Safe Mode.
- Run HJT (here i dont know what to fix and what not).
- Run smitrem (its pretty fast, just a few mins, is this ok or should it take longer?).
- Run Ewido (i only save the report of the scan or perform any actions?).
- Reboot in normal mode.
- Run panda scan.
After this should i post the panda scan report too?
Thx a lot for any help you can give me.
Here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 01:45:19 p.m., on 24/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp756E.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106309441691
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
0
Comments
If you have any logs from SmitRem, Ewido or Panda, could you post them here. If you don't, no problem
Can you do the following
We need to DISABLE SpyBots TeaTimer as it may interfere with the fix.
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Exit SpyBot
==
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
- Close ALL open windows
Click Fix Checked
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp756E.tmp (file missing)
==
Your IE is not up-to-date and you are likely to get infected again.
Please visit Windows Update and download ALL high-priority updates by clicking Express Install.
Do NOT install SP2 just yet
==
Reboot and post a new HJT log
Do't forget to update IE
Logfile of HijackThis v1.99.1
Scan saved at 05:07:36 p.m., on 24/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106309441691
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
Your log is clean
Let me know how things are.
I did update 1 priority update of the windows update center. Maybe i could have updated more but it keeps asking me for authentication and i dont even know if i still got the box of XP like to even begin the authentication.
I dont use IE btw.
Here is the latest HJT followed by the smitrem file and then the Ewido report:
Logfile of HijackThis v1.99.1
Scan saved at 08:52:11 p.m., on 24/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SpywareStrike] C:\Archivos de programa\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106309441691
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Versi¢n 5.1.2600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 716 'explorer.exe'
Killing PID 716 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
ewido anti-malware - Report de exploración
+ Creado en: 07:59:55 p.m., 24/01/2006
+ Report-Checksum: D4A99DAC
+ Scan result:
:mozilla.38:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Doubleclick : Limpio con backup
:mozilla.41:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.2o7 : Limpio con backup
:mozilla.63:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
:mozilla.64:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.65:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.66:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.67:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.68:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.110:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.111:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.112:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.113:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.114:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.115:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.116:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.117:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.118:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.119:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.120:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.121:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.122:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.123:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.124:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.125:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.126:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.127:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.128:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.129:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.130:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.131:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.132:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.133:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.134:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.135:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.136:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.137:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.138:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.139:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.140:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.141:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.142:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.143:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.144:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.145:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.146:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.147:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.148:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.149:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.150:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.151:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.152:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.153:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.154:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.155:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.156:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.157:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.158:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.159:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.160:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.161:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.162:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.163:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.164:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.165:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.166:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.167:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.168:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.169:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.170:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.171:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.172:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.173:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.174:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexlist : Limpio con backup
:mozilla.175:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.176:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.177:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.178:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.179:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.180:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.181:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.182:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.183:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.184:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.185:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.186:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.187:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.188:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.189:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.190:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.191:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.192:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.193:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.194:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.195:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.196:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.197:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.198:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.199:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.200:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.201:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.202:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.203:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.204:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.205:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.206:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.207:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.208:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.209:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.210:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.211:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.212:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.213:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.214:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.215:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.216:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.217:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.218:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.219:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.220:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.221:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.222:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.223:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.224:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sexcounter : Limpio con backup
:mozilla.226:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Valueclick : Limpio con backup
:mozilla.239:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Statcounter : Limpio con backup
:mozilla.324:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.325:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.326:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.338:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Findwhat : Limpio con backup
:mozilla.381:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.442:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.443:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.444:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.445:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.446:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.447:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.448:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.459:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.460:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.461:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.462:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.506:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.519:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.532:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.533:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.559:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.589:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.590:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.591:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.592:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.593:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.595:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Sextracker : Limpio con backup
:mozilla.607:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.608:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.609:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.610:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.611:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Limpio con backup
:mozilla.612:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Atdmt : Limpio con backup
:mozilla.650:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.651:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.652:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.653:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.654:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.670:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Paycounter : Limpio con backup
:mozilla.733:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
:mozilla.734:C:\Documents and Settings\LUCAS.PARTICULAR\Datos de programa\Mozilla\Firefox\Profiles\q2ftpl2a.Lucas\cookies.txt -> Spyware.Cookie.Clickzs : Limpio con backup
::Fin Report
I know you have done this but can you do the following please
Step 1
Delete the current SmitRem file you have
Step 2
Download smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Step 3
You may want to print these instructions or save them as you'll have no internet connection once in Safe Mode
Go into Safe Mode - explained here
Step 4
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
- Close ALL open windows
Click Fix Checked
O4 - HKLM\..\Run: [SpywareStrike] C:\Archivos de programa\SpywareStrike\SpywareStrike.exe /h
Step 5
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Step 6
Reboot into Normal Mode.
Post a new HijackThis Log and the contents of the smitfiles.txt log
1- S&D, Ad-aware and Ewido are good enough combo to keep it clean?
2- Should i get a firewall program also?
Thx a lot for all your help, Trogan!
PD: im being curious: whats the nwiz ("Run: [nwiz] nwiz.exe /install") for?
Logfile of HijackThis v1.99.1
Scan saved at 10:22:31 a.m., on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106309441691
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Versi¢n 5.1.2600]
Running from
C:\Documents and Settings\LUCAS.PARTICULAR\Escritorio\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
Existing Pre-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
replmap.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 696 'explorer.exe'
Killing PID 696 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precargador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demonio de caché de las categorías de componente"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
A Firewall is one of the most important security programs and everyone should one.
Please download ONE of these Free software Firewalls.
Zone Alarm or Sygate
It belongs to NVIDIA
http://www.liutilities.com/products/wintaskspro/processlibrary/nwiz/
=====
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
- Close ALL open windows
Click Fix Checked
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Archivos de programa\GetRight\xx2gr.dll (file missing)
=====
Reboot your computer
Your log is now clean
Let me know how things are
Logfile of HijackThis v1.99.1
Scan saved at 09:49:05 p.m., on 25/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Documents and Settings\LUCAS.PARTICULAR\Escritorio\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Archivos de programa\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O12 - Plugin for .pdf: C:\Archivos de programa\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106309441691
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables.
Install and keep updated, Ad-Aware SE, and Spybot Search & Destroy.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster 3.5.1
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Read the article So How Did I get Infected In The First Place
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS