Foro de Spyware - Ver Mensaje Individual - Hola, creo que tengo un spyware que no puedo quitar (Solucionado)

Tema: Hola, creo que tengo un spyware que no puedo quitar (Solucionado)

Ver Mensaje Individual

post #5 (permalink)

01/12/06, 02:20:59

Ramza1086

Usuario

Registrado: ago 2006

Ubicación: mexico

Mensajes: 9

Re: Hola, creo que tengo un spyware que no puedo quitar

ok el del nod aqui estan los threats, el que sigue es el del hijack this.

Time Module Object Name Threat Action User Information
01/12/2006 01:07:34 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
30/11/2006 03:19:48 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
30/11/2006 03:19:36 a.m. AMON file C:\WINDOWS\help\lsass.exe probably unknown NewHeur_PE virus quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
30/11/2006 03:19:34 a.m. AMON file C:\WINDOWS\help\internat.exe Win32/TrojanDropper.VB.FR trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
30/11/2006 03:04:09 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
30/11/2006 00:30:40 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
29/11/2006 20:11:10 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
29/11/2006 14:58:51 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 23:28:19 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 23:03:24 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 20:27:58 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 16:57:24 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 15:13:39 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
27/11/2006 21:20:37 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
27/11/2006 10:44:16 a.m. Kernel file c:\windows\lsass.exe IRC/SdBot trojan Alert was generated during the system startup file check.
27/11/2006 09:25:30 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
26/11/2006 22:43:20 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
25/11/2006 22:59:08 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
25/11/2006 14:02:48 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 23:32:21 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 13:43:07 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 11:49:11 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 10:06:45 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 20:53:24 p.m. AMON file C:\WINDOWS\system32\x.exe a variant of IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\system32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 20:51:27 p.m. AMON file C:\WINDOWS\system32\x.exe a variant of IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\system32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 20:22:26 p.m. Kernel file c:\windows\lsass.exe IRC/SdBot trojan Alert was generated during the system startup file check.
23/11/2006 19:51:38 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 19:49:43 p.m. AMON file C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\87WQCU7M\1[1].exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
23/11/2006 19:49:41 p.m. AMON file C:\WINDOWS\System32\a.exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
23/11/2006 19:49:37 p.m. IMON file http://plstofjeer.com/exes/1.exe IRC/SdBot trojan Connection terminated NT AUTHORITY\SYSTEM
23/11/2006 19:46:10 p.m. AMON file C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\BTZODANZ\1[1].exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
23/11/2006 19:19:24 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 18:49:35 p.m. AMON file C:\WINDOWS\help\lsass.exe probably unknown NewHeur_PE virus quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 18:49:22 p.m. AMON file C:\WINDOWS\help\internat.exe Win32/TrojanDropper.VB.FR trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 18:43:45 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 18:20:59 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 14

53 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 13:55:13 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 11:57:50 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
23/11/2006 11:21:33 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan Event occurred at an attempt to access the file by the application: C:\Archivos de programa\HJT\HijackThis.exe.
23/11/2006 11:07:38 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
22/11/2006 23:26:27 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan CANIVU-ZTIXW6J5\canibal Event occurred at an attempt to access the file by the application: C:\Archivos de programa\HJT\HijackThis.exe.
22/11/2006 22:20:14 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
21/11/2006 22:23:25 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
21/11/2006 19:01:14 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
21/11/2006 08:31:27 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
20/11/2006 23:36:37 p.m. AMON boot sector boot sector of disk A: Wyx.C virus NT AUTHORITY\SYSTEM Virus detected when attempting to access the diskette.
20/11/2006 22:20:11 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
20/11/2006 00:28:39 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
17/11/2006 01:38:06 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
16/11/2006 20:54:20 p.m. Kernel file c:\windows\lsass.exe IRC/SdBot trojan Alert was generated during the system startup file check.
16/11/2006 19:19:58 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
16/11/2006 19:19:56 p.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
16/11/2006 19:19:55 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
15/11/2006 23:08:29 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 23:07:52 p.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 22:46:45 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
15/11/2006 22:35:17 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 22:35:17 p.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 22:35:16 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
15/11/2006 02:11:20 a.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 02:11:18 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 02:11:17 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
14/11/2006 00:13:02 a.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
14/11/2006 00:13:00 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
14/11/2006 00:12:53 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
13/11/2006 02:02:28 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
12/11/2006 00:01:14 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
11/11/2006 13:40:00 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
11/11/2006 01:33:09 a.m. AMON file C:\WINDOWS\system32\salvage.exe Win32/Rbot trojan deleted CANIVU-ZTIXW6J5\canibal Event occurred at an attempt to access the file by the application: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe.
11/11/2006 01:33:01 a.m. AMON file C:\WINDOWS\system32\recsl.exe Win32/Rbot trojan deleted CANIVU-ZTIXW6J5\canibal Event occurred at an attempt to access the file by the application: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe.
11/11/2006 01:29:34 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
11/11/2006 01:06:38 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
11/11/2006 01:06:33 a.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
11/11/2006 01:06:20 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
08/11/2006 20:44:34 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\8DE74XIJ\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:44:31 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
08/11/2006 20:44:25 p.m. AMON file C:\WINDOWS\system32\eraseme_82358.exe IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\system32\ftp.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:42:50 p.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
08/11/2006 20:02:18 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:02:17 p.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:02:14 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 02:24:35 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 02:24:31 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 02:24:27 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 02:21:53 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:44:41 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:44:37 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:44:35 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:44:31 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:33:37 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 01:29:49 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:29:43 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:29:28 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:29:27 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 01:18:02 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:17:59 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:17:52 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 01:17:18 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:04:41 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 00:59:57 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
07/11/2006 00:56:40 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 00:37:29 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\lsass.exe. The file was moved to quarantine. You may close this window.
05/11/2006 01

22 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
05/11/2006 00:17:34 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
03/11/2006 14:22:24 p.m. AMON file C:\WINDOWS\help\lsass.exe probably unknown NewHeur_PE virus quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
03/11/2006 14:22:21 p.m. AMON file C:\WINDOWS\help\internat.exe Win32/TrojanDropper.VB.FR trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
03/11/2006 14:20:09 p.m. IMON file http://66.185.126.51/prod.exe probably a variant of Win32/TrojanProxy.Slaper.C trojan CANIVU-ZTIXW6J5\canibal
03/11/2006 13:31:38 p.m. IMON file http://66.185.126.51/prod.exe probably a variant of Win32/TrojanProxy.Slaper.C trojan CANIVU-ZTIXW6J5\canibal
03/11/2006 13:31:34 p.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM

el hijack this

Logfile of HijackThis v1.99.1
Scan saved at 11:18:24 a.m., on 23/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\msiexec.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{300CB2E7-2EC8-4C1D-905D-3CE6B655D732}: NameServer = 200.33.146.161 200.33.146.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe

grazie de antemano