Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola, un saludo despues de mucho tiempo.

Mi problema es que hoy enciendo la computadora y me dice que se recupera de un error serio, pero casi nada esta alterado, excepto que cuando navego en internet con el explorer y quiero abrir algun hipervinculo en una nueva ventana, se abre de un tamaño diminuto, con la barra de titulo entrecortada y no he logrado hacer que vuelva a lo normal, ademas, si no le doy a maximizar, no veo el resto de la ventana, solo el titulo.

Adjunto my log

Espero la respuesta

joeharlock

Logfile of HijackThis v1.99.1
Scan saved at 10:45:51 AM, on 1/21/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\WINNEW\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus

Platinum\Firewall\PavFires.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINNEW\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINNEW\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.co.cr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO -

{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} -

C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda

Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNEW\System32\hgqhp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus C60 Series (Copy 2)]

C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE /P32 "EPSON Stylus C60

Series (Copy 2)" /O6 "USB001" /M "Stylus C60"
O4 - HKCU\..\Run: [EPSON Stylus C60 Series]

C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE /P23 "EPSON Stylus C60

Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program

Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program

Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Búsqueda en Google - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página -

res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Program

Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{DAB89124-93D4-427E-B3DF-F22A4E5BC8B8}:

NameServer = 85.255.115.94,85.255.112.68
O17 -

HKLM\System\CCS\Services\Tcpip\..\{DD911E14-3331-431B-9359-2A724E392824}:

NameServer = 85.255.115.94,85.255.112.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software -

C:\Program Files\Panda Software\Panda Antivirus

Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software -

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. -

C:\WINNEW\system32\pctspk.exe

gracias

Por favor, ponga ud. un nuevo log ya que este no esta bien copiado.

Aqui tiene un tutorial flash de como generar un log de hijackthis

Saludos

Aqui va de nuevo copiado completamente

Logfile of HijackThis v1.99.1
Scan saved at 10:45:51 AM, on 1/21/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\WINNEW\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINNEW\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINNEW\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.cr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNEW\System32\hgqhp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus C60 Series (Copy 2)] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE /P32 "EPSON Stylus C60 Series (Copy 2)" /O6 "USB001" /M "Stylus C60"
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Búsqueda en Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB89124-93D4-427E-B3DF-F22A4E5BC8B8}: NameServer = 85.255.115.94,85.255.112.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD911E14-3331-431B-9359-2A724E392824}: NameServer = 85.255.115.94,85.255.112.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNEW\system32\pctspk.exe

Para que le sea mas cómodo seguir los pasos imprímalos

Recuerde pasar por Windows Update regularmente y mantener su sistema actualizado.

Ahora siga estos pasos para la reparación.

• ver archivos ocultos en todos los Windows

• Marque la casilla "Desactivar Restaurar sistema" solo en Win ME y XP

• Modo a prueba de fallos

• Vaya al Panel de Control/ Agregar o Quitar Programas y desinstale estos programas si existen:

MyWebSearch

Si no se dejan desinstalar vaya a sus carpetas y déle clic al archivo uninstall


Con todos los programas cerrados ejecute el HijackThis y déle "FIX Cheked" a estas entradas

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNEW\System32\hgqhp.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

Sin reiniciar, busque y elimine estos archivos o carpetas:

C:\PROGRA~1\MYWEBS~1\
C:\WINNEW\System32\hgqhp.exe

En los casos en los que los nombres de las carpetas y sus rutas no aparezcan completos, ayúdese del explorador de Windows para localizarlas.

Para archivos que no se dejen eliminar use KillBox siguiendo las indicaciones del manual

Recuerde vaciar la papelera

• Reinicie en modo normal

• Analice su sistema con Ewido online

• Analice su sistema con BitDefender online


Ahora instale, actualice y ejecute estas otras aplicaciones:

• SpywareBlaster 3.5

• Ad-Aware 1.0.6

• Disk cleaner

• SpyBoot S.D

• RegSeeker.De este programa deberá usar principalmente la opción de «limpiar el registro»

• Analice su sistema con su antivirus actualizado

• Analice su sistema con el Kaspersky Antivirus online y nos pone aquí el informe que genera el Kaspersky (Por favor, no se olvide del informe del Kaspersky



Cuando termine nos pone un nuevo log de hijackthis y nos cuenta los resultados por favor

Aqui va el Karpersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 22, 2006 15:03:44
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 21/01/2006
Kaspersky Anti-Virus database records: 161851
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 172970
Number of viruses found: 7
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 13537 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\minidrv.exe/data0006 Infected: Trojan-Dropper.Win32.Small.zw
C:\WINDOWS\system32\minidrv.exe Infected: Trojan-Dropper.Win32.Small.zw
C:\Documents and Settings\Familia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive1213.jar-3dc65278-6b79d6a4.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Familia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive1213.jar-3dc65278-6b79d6a4.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Familia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive1213.jar-3dc65278-6b79d6a4.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Familia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive1213.jar-3dc65278-6b79d6a4.zip Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\WINNEW\bqcdkw.dat Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNEW\hwaycf.dat Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINNEW\dnonxz.dat Infected: Trojan-Downloader.Win32.Agent.bc
D:\WINDOWS\browserxtras\pn\remove.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
D:\WINDOWS\browserxtras\pn\remove.exe Infected: Trojan-Downloader.Win32.Keenval.f
D:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Downloader.Win32.Small.dq
D:\Program Files\Kazaa\PerfectNavUninstall.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.e
D:\Program Files\Kazaa\PerfectNavUninstall.exe Infected: Trojan-Downloader.Win32.Keenval.e

Scan process completed.

Y aqui va el log de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 3:05:50 PM, on 1/22/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\WINNEW\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINNEW\system32\pctspk.exe
C:\WINNEW\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\JOE\sofware\emule\emule.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.cr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNEW\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus C60 Series (Copy 2)] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE /P32 "EPSON Stylus C60 Series (Copy 2)" /O6 "USB001" /M "Stylus C60"
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_A10IC2 .EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Búsqueda en Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traducir palabra inglesa - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender-es.com/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB89124-93D4-427E-B3DF-F22A4E5BC8B8}: NameServer = 85.255.115.94,85.255.112.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD911E14-3331-431B-9359-2A724E392824}: NameServer = 85.255.115.94,85.255.112.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNEW\system32\pctspk.exe

Espero la pronta respuesta.

joe

pd:cumpli todos los pasos

Me podrian revisar el log de hijack this y el de kaspersky? Gracias.

joeharlock

Disculpe la demora.

• ver archivos ocultos en todos los Windows

• Marque la casilla "Desactivar Restaurar sistema" solo en Win ME y XP


Busque y elimine estos archivos o carpetas:

C:\WINDOWS\system32\minidrv.exe/data0006
C:\WINDOWS\system32\minidrv.exe
C:\WINNEW\bqcdkw.dat
C:\WINNEW\hwaycf.dat I
C:\WINNEW\dnonxz.dat
D:\WINDOWS\browserxtras\pn\remove.exe/data0003
D:\WINDOWS\browserxtras\pn\remove.exe
D:\Program Files\Windows Media Player\wmplayer.exe.tmp
D:\Program Files\Kazaa\PerfectNavUninstall.exe/data0003
D:\Program Files\Kazaa\PerfectNavUninstall.exe

En los casos en los que los nombres de las carpetas y sus rutas no aparezcan completos, ayúdese del explorador de Windows para localizarlas.

Para archivos que no se dejen eliminar use KillBox siguiendo las indicaciones del manual

Recuerde vaciar la papelera

• Disk cleaner

• RegSeeker.De este programa deberá usar principalmente la opción de «limpiar el registro»

• CCleaner y aqui le dejo el manual de este limpiador de registro.

• Analice su sistema con el Kaspersky Antivirus online y nos pone aquí el informe que genera el Kaspersky