Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Buenas tardes

He intentado arreglarlo yo con vuestros consejos a otros usuarios y no se si ha servido de algo.
Os cuento, ayer se me empezaron a abrir pag. de juegos etc. en IE,le pase el malwarebytes y me dio lo siguiente:


Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3103
Windows 5.1.2600 Service Pack 3

05/11/2009 12:59:48
mbam-log-2009-11-05 (12-59-48).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 207139
Tiempo transcurrido: 52 minute(s), 39 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 3
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 4

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Program Files\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\Documents and Settings\Administrator\Application Data\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Microsoft\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\dllhst3g.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Lo limpie y pase el SuperantiSpyware, en el cual salieron una Cookies que tambien limpie ;pero las pag. seguian saliendo. Hoy otra vez me daba un trojan Agen, he leido vuestros consejos y he seguido los 9 pasos.

Mientras pasaba el scan on line me salian pag.; He acabado con el antivirus, he pasado el malware y esta limpio.

Por q me siguen saliendo las pag.? y tambien me he dado cuenta que hoy el pc anda mas lento y las pag. de IE tardan mas en cargarse.
A ver si por querer arreglar una cosa me he cargado otra.

Si alguien me puede ayudar se lo agradezco mucho.

Hola, si tienes el informe del scan online lo pones.


Realiza este paso:


1º- Descarga en tu escritorio Lop S & D y su manual

2º- Ejecutas Lop S & D de la siguiente manera. Y si es posible en modo seguro

•Haz doble clic en LopSD.exe
•Elige el idioma escribiendo la letra correspondiente y pulsa en Enter
•Haz clic en "Aceptar (Ok)" en la ventana informativa
•Das 2 para elegir la opción "2 (Fix + Hosts)" y a continuación pulsa en Enter
•Espera hasta el final de la exploración.

•Se generará Un informe, pega el contenido del mismo en tu próxima respuesta.
•(La copia del informe se puede encontrar en esta ubicación:% SystemDrive% \ lopR.txt, en la mayoría de los casos en C: \ lopR.txt).

saludos, espero tu respuesta

Hola Suerte
Gracias por tu rapidez, te mando lo que me has pedido y tambien el informe que me salio con SuperantiSpyware por si te sirve


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Administrator ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:156 Go (Free:80 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:141 Go (Free:25 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 06/11/2009|23:35 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ELIMINAR

í Borrado ! - C:\WINDOWS\Tasks\A6FBF40E918C9CC2.job
í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\MPEG FLAG.dat
í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\MPEG FLAG.exe
í Borrado ! - C:\DOCUME~1\ADMINI~1\APPLIC~1\greato~1\dbpnjtfv.ex e
í Borrado ! - C:\DOCUME~1\ADMINI~1\APPLIC~1\greato~1\EQ AUDIO PILE.exe
í Borrado ! - C:\DOCUME~1\ADMINI~1\APPLIC~1\greato~1\proxyheck.e xe
í Borrado ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site
í Borrado ! - C:\DOCUME~1\ADMINI~1\APPLIC~1\greato~1
í Borrado ! - C:\Program Files\greato~1
-
[ Archivo Hosts ] .. Restaurado

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Lista de carpetas en APPLIC~1

[23/04/2009|21:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[23/04/2009|18:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[22/04/2007|16:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[28/04/2009|23:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[26/10/2009|23:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Babylon
[22/07/2009|20:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canneverbe_Limited
[08/09/2009|13:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\DAEMON Tools Lite
[08/09/2009|17:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\DAEMON Tools Pro
[15/02/2007|00:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
[17/10/2009|18:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[12/03/2007|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Elaborate Bytes
[10/08/2009|19:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\FFSJ
[06/02/2007|16:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[07/10/2009|19:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
[14/02/2007|14:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[15/11/2008|01:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\HiYo
[01/02/2007|10:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[08/09/2009|13:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[09/06/2009|17:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\ISL Online Cache
[04/07/2009|20:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\kikin
[18/02/2009|20:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[27/09/2009|17:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[07/05/2009|22:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\McAfee
[05/11/2009|12:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[31/10/2009|01:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[03/02/2007|01:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
[13/03/2009|21:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Netscape
[13/03/2009|00:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia
[04/06/2008|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\NSeries
[13/03/2009|00:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
[13/03/2009|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Photodex
[03/02/2007|23:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Pinnacle Systems
[26/09/2009|20:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers
[27/08/2009|15:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[27/08/2009|15:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\skypePM
[12/03/2007|12:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\SlySoft
[26/09/2009|20:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony
[24/03/2009|13:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[05/11/2009|12:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
[23/05/2007|14:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
[28/04/2009|18:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\TlrConvergence
[06/11/2009|10:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\TlrPack
[28/04/2009|11:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\TlrSetup
[31/10/2009|01:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\TomTom
[09/09/2009|15:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ubisoft
[02/01/2008|21:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ventrilo
[03/11/2009|18:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[10/08/2008|20:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\VoipBuster
[07/03/2009|15:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\VoipDiscount
[29/04/2009|22:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[25/12/2007|21:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Live Writer
[07/07/2009|11:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR
[27/03/2009|15:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\XLAB ISL Plugins
[18/12/2008|18:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Yahoo!
[0|archivos] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes
[56|dirs] C:\DOCUME~1\ADMINI~1\APPLIC~1\bytes libres

[01/04/2009|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[22/10/2009|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/02/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[27/11/2007|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[27/11/2007|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/11/2009|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[09/12/2008|23:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[08/09/2009|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[10/02/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
[15/11/2008|01:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiYo
[16/07/2009|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[18/02/2009|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[27/09/2009|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[10/07/2009|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[27/08/2009|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[06/10/2007|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[04/06/2008|00:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[24/04/2009|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[02/02/2007|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[12/04/2007|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[04/06/2008|00:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[08/02/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[08/02/2007|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[04/10/2008|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[03/04/2009|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[03/11/2009|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[05/02/2008|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[27/09/2009|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[06/11/2009|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[31/10/2009|01:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
[08/09/2009|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
[18/04/2007|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/02/2007|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[30/12/2007|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/03/2007|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[18/12/2008|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[0|archivos] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[38|dirs] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes libres

[01/02/2007|10:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|archivos] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[3|dirs] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes libres

[05/05/2009|21:46] C:\DOCUME~1\EMULE_~1\APPLIC~1\Adobe
[10/02/2008|00:49] C:\DOCUME~1\EMULE_~1\APPLIC~1\Ahead
[09/09/2008|20:07] C:\DOCUME~1\EMULE_~1\APPLIC~1\Apple Computer
[20/05/2008|18:44] C:\DOCUME~1\EMULE_~1\APPLIC~1\Macromedia
[10/03/2009|14:26] C:\DOCUME~1\EMULE_~1\APPLIC~1\Microsoft
[10/03/2009|14:26] C:\DOCUME~1\EMULE_~1\APPLIC~1\Yahoo!
[0|archivos] C:\DOCUME~1\EMULE_~1\APPLIC~1\bytes
[8|dirs] C:\DOCUME~1\EMULE_~1\APPLIC~1\bytes libres

[20/02/2008|11:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
[09/02/2007|00:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee
[19/04/2007|19:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[06/11/2009|16:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[0|archivos] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[6|dirs] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes libres

[27/02/2008|02:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\McAfee
[10/09/2008|23:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[21/02/2009|00:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\SACore
[18/12/2008|18:50] C:\DOCUME~1\NETWOR~1\APPLIC~1\Yahoo!
[0|archivos] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[6|dirs] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes libres

--------------------\\ Tareas programadas en C:\WINDOWS\Tasks

[06/11/2009 20:09][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{CE3A2804-68A2-4BE8-A3DE-273700FB4912}.job
[27/10/2009 10:31][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/09/2009 00:04][--a------] C:\WINDOWS\tasks\McDefragTask.job
[01/11/2009 01:00][--a------] C:\WINDOWS\tasks\McQcTask.job
[06/11/2009 23:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[15/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Lista de carpetas en C:\Program Files

[29/04/2009|23:54] C:\Program Files\Adobe
[13/10/2009|12:22] C:\Program Files\AGEIA Technologies
[26/01/2008|01:29] C:\Program Files\Ahead
[28/04/2009|23:18] C:\Program Files\Apple Software Update
[27/10/2008|08:11] C:\Program Files\AskTBar
[29/07/2009|10:54] C:\Program Files\AviSynth 2.5
[12/06/2009|16:42] C:\Program Files\Babylon
[16/09/2009|23:56] C:\Program Files\CCleaner
[26/09/2009|20:41] C:\Program Files\Common Files
[12/06/2009|16:13] C:\Program Files\Conduit
[16/02/2009|19:42] C:\Program Files\Cutout Pro
[23/09/2009|09:30] C:\Program Files\DAEMON Tools Lite
[08/11/2007|13:49] C:\Program Files\DIFX
[12/03/2007|13:00] C:\Program Files\Elaborate Bytes
[15/03/2009|23:09] C:\Program Files\eMule
[06/11/2009|18:02] C:\Program Files\EsetOnlineScanner
[31/10/2008|14:03] C:\Program Files\ffdshow
[13/08/2009|13:23] C:\Program Files\free-downloads.net
[25/10/2009|16:51] C:\Program Files\FX Uninstall Information
[15/11/2008|01:17] C:\Program Files\HiYo
[05/11/2009|11:42] C:\Program Files\InstallShield Installation Information
[16/10/2009|10:10] C:\Program Files\Internet Explorer
[27/05/2009|10:49] C:\Program Files\iPod
[09/12/2008|23:26] C:\Program Files\IVT Corporation
[23/06/2008|11:02] C:\Program Files\IVT Corporation(2)
[28/08/2009|23:43] C:\Program Files\Java
[04/07/2009|20:29] C:\Program Files\kikin
[07/08/2009|16:24] C:\Program Files\Kyocera
[18/02/2009|21:20] C:\Program Files\Macromedia
[05/11/2009|12:01] C:\Program Files\Malwarebytes' Anti-Malware
[09/07/2009|23:44] C:\Program Files\McAfee
[07/05/2009|22:58] C:\Program Files\McAfee.com
[20/09/2008|10:33] C:\Program Files\Messenger
[08/07/2009|15:56] C:\Program Files\Messenger Plus! Live
[14/01/2009|23:10] C:\Program Files\Microsoft
[01/02/2007|10:34] C:\Program Files\microsoft frontpage
[30/10/2008|16:19] C:\Program Files\Microsoft Office
[21/02/2009|12:00] C:\Program Files\Microsoft Office Outlook Connector
[01/02/2007|16:33] C:\Program Files\Microsoft SQL Server
[25/12/2007|21:25] C:\Program Files\Microsoft SQL Server Compact Edition
[14/01/2009|23:08] C:\Program Files\Microsoft Sync Framework
[01/02/2007|13:33] C:\Program Files\Microsoft Visual Studio
[03/02/2007|16:10] C:\Program Files\Microsoft Works
[01/02/2007|13:32] C:\Program Files\Microsoft.NET
[20/09/2008|10:27] C:\Program Files\Movie Maker
[09/06/2009|17:25] C:\Program Files\MSBuild
[30/10/2008|16:19] C:\Program Files\MSECache
[03/02/2007|01:21] C:\Program Files\MSN
[01/02/2007|10:25] C:\Program Files\MSN Gaming Zone
[04/06/2008|00:56] C:\Program Files\MSXML 6.0
[13/10/2009|12:21] C:\Program Files\My Company Name
[13/07/2009|11:20] C:\Program Files\myBabylon_English
[20/09/2008|10:25] C:\Program Files\NetMeeting
[16/07/2009|19:18] C:\Program Files\Nokia
[01/02/2007|10:27] C:\Program Files\Online Services
[05/10/2009|17:10] C:\Program Files\OpenAL
[13/08/2009|00:59] C:\Program Files\Outlook Express
[21/02/2009|20:22] C:\Program Files\PC Connectivity Solution
[01/02/2007|17:18] C:\Program Files\Pinnacle
[28/04/2009|23:19] C:\Program Files\QuickTime
[09/06/2009|17:24] C:\Program Files\Reference Assemblies
[03/04/2009|19:31] C:\Program Files\Skype
[04/11/2009|13:38] C:\Program Files\SlySoft
[26/11/2007|20:23] C:\Program Files\Softnyx
[27/09/2009|20:03] C:\Program Files\Sony
[28/07/2009|16:51] C:\Program Files\Sony Setup
[06/11/2009|13:16] C:\Program Files\SpywareBlaster
[05/11/2009|12:02] C:\Program Files\SUPERAntiSpyware
[06/11/2009|20:05] C:\Program Files\THQ
[31/10/2009|01:50] C:\Program Files\TomTom DesktopSuite
[31/10/2009|01:52] C:\Program Files\TomTom HOME 2
[31/10/2009|01:52] C:\Program Files\TomTom International B.V
[01/02/2007|10:40] C:\Program Files\Uninstall Information
[05/08/2009|12:51] C:\Program Files\VideoLAN
[10/08/2008|20:01] C:\Program Files\VoipDiscount.com
[21/02/2009|11:59] C:\Program Files\Windows Live
[14/01/2009|23:04] C:\Program Files\Windows Live SkyDrive
[14/02/2008|02:17] C:\Program Files\Windows Media Connect 2
[26/03/2008|19:47] C:\Program Files\Windows Media Player
[20/09/2008|10:25] C:\Program Files\Windows NT
[01/02/2007|10:27] C:\Program Files\Windows Plus
[01/02/2007|12:20] C:\Program Files\Windows XP MUI Pack
[01/02/2007|10:33] C:\Program Files\WindowsUpdate
[26/02/2008|19:58] C:\Program Files\winLAME
[05/09/2008|16:17] C:\Program Files\WinRAR
[01/02/2007|10:34] C:\Program Files\xerox
[03/08/2009|19:08] C:\Program Files\Yahoo!
[0|archivos] C:\Program Files\bytes
[89|dirs] C:\Program Files\bytes libres

--------------------\\ Lista de carpetas en C:\Program Files\Common Files

[21/10/2009|09:10] C:\Program Files\Common Files\Adobe
[08/03/2009|14:17] C:\Program Files\Common Files\Adobe AIR
[01/02/2007|19:26] C:\Program Files\Common Files\Ahead
[28/04/2009|23:26] C:\Program Files\Common Files\Apple
[29/12/2008|14:47] C:\Program Files\Common Files\Blizzard Entertainment
[01/02/2007|13:33] C:\Program Files\Common Files\DESIGNER
[19/09/2009|17:08] C:\Program Files\Common Files\InstallShield
[24/03/2009|13:42] C:\Program Files\Common Files\Java
[18/02/2009|21:19] C:\Program Files\Common Files\Macromedia
[12/11/2007|10:43] C:\Program Files\Common Files\McAfee
[21/02/2009|11:57] C:\Program Files\Common Files\Microsoft Shared
[01/02/2007|10:32] C:\Program Files\Common Files\MSSoap
[16/07/2009|19:18] C:\Program Files\Common Files\Nokia
[12/09/2006|16:17] C:\Program Files\Common Files\ODBC
[21/02/2009|20:23] C:\Program Files\Common Files\PCSuite
[01/02/2007|10:32] C:\Program Files\Common Files\Services
[03/04/2009|19:31] C:\Program Files\Common Files\Skype
[12/09/2006|16:17] C:\Program Files\Common Files\SpeechEngines
[21/02/2009|12:00] C:\Program Files\Common Files\System
[14/01/2009|22:57] C:\Program Files\Common Files\Windows Live
[25/12/2007|21:22] C:\Program Files\Common Files\WindowsLiveInstaller
[05/11/2009|12:02] C:\Program Files\Common Files\Wise Installation Wizard
[0|archivos] C:\Program Files\Common Files\bytes
[24|dirs] C:\Program Files\Common Files\bytes libres

--------------------\\ Process

( 18 Processes )

... OK !

--------------------\\ Deteccion con S_Lop

¡ No se encontraron carpetas Lop !

--------------------\\ Deteccion de archivos y carpetas Lop

¡ No se encontraron carpetas Lop !

--------------------\\ Deteccion en el registro de windows

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

..... OK !

--------------------\\ Analizando el archivo Hosts

Archivo Hosts LIMPIO


--------------------\\ Deteccion de archivos invisibles con Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 23:37:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 11

--------------------\\ Deteccion de otras infecciones


¡ No se encontraron otras infecciones !

[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:7][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:14][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 06/11/2009|23:38 - Option : [2]

--------------------\\ Analisis terminado a 23:38:25



# version=4
# OnlineScanner.ocx=1.0.0.638
# OnlineScannerDLLA.dll=1, 0, 0, 52
# OnlineScannerDLLW.dll=1, 0, 0, 53
# OnlineScannerUninstaller.exe=1, 0, 0, 50
# vers_standard_module=4579 (20091106)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=cb711d86ede06a428640b526e78fafa5
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-11-06 05:02:50
# local_time=2009-11-06 06:02:50 (+0100, Romance Standard Time)
# country="Spain"
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 21 100 88 36526227500000
# scanned=411148
# found=3
# scan_time=7905
E:\CORO\eMule\Incoming\hallo beyonce 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 8BBDE4D6878B077B0955868FA5F9E7E2
E:\CORO\koni\Programas\Nero\Actualizacion\Nero-6.6.1.15a(1).exe Win32/Toolbar.AskSBar application (deleted) 00000000000000000000000000000000
E:\CORO\koni\Programas\Nero\Actualizacion\Nero-6.6.1.15a(1).exe »RAR »Toolbar.exe Win32/Toolbar.AskSBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/06/2009 at 01:15 PM

Application Version : 4.29.1002

Core Rules Database Version : 4232
Trace Rules Database Version: 2129

Scan type : Complete Scan
Total Scan Time : 00:29:53

Memory items scanned : 283
Memory threats detected : 0
Registry items scanned : 7838
Registry threats detected : 0
File items scanned : 33958
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmeb f[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtec h[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trade doubler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.at wola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.se rving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@conte nt.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.m ktrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@quest ionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servi ng-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adver tising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media plex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yi eldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accou nt.yusho[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacod a[2].txt


Saludos y muchas gracias

Hola.

veo que tienes instalado en tu pc el Messenger Plus! deverias desintarlo ya que viene con un adware. Si quieres vuelves a instalarlo, pero sin su patrocinador.

vuelve y comenta si el problema se soluciono

Hola suerte

En el rato que he estado esperando tu respuesta he estado abriendo pag. de IE y no me ha salido ninguna de CID y ademas se abren mas rapido que antes.

Desde luego sois todos unos fenomenos.

Respecto al msn plus no tengo ni idea de como se me ha metido (seguro que ha sido mi hijo pequeño), el problema es que no me deja desistalarlo,por lo que he leido en el lng. creo que el desinstalador se ha instalado mal.

Ya me diras como puedo quitarlo.

Gracias

Prueba con esta herramienta haber si puede desintalarlo.

REVO UNINSTALLER

Vuelves y comentas como sigue todo en se PC.

A ver te cuento

Cuando me dijiste que lo quitase me fui al CCleaner y no lo vi , entonces me fui a quitar programas de windows y tampoco estaba,lo intente desde el desistalador de la carpeta de msn plus y me decia que no parece estar instaldo en este equipo y es cuando lei lo del error; El caso es que con el programa que me has dicho tampoco lo veo para poder quitarlo a no ser que este con otro nombre y como yo no tengo ni idea que pinta tiene pues no se cual es.

Perdona por volverte loco

Hola, no te preocupes, si no esta y los problemas de las ventanas se solucionaron, no pasa nada.

De todas formas si quieres, el lop sd, lo encuentra en esta ruta>> C:\Program Files\Messenger Plus! Live pero que si todo esta bien en el PC lo dejas y ya esta

Me comentas como sigue el pc y si podemos darlo por terminado.

saludos

Hola Suerte
Las ventanas ya no salen,el pc anda bien y el trojan Agen tambien ya que parece resucitar ayer hice un examen rapido y salio uno y ahora he hecho otro y salen dos,te mando el log y si crees que no es dañino cerramos la consulta

Saludos y gracias


Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3103
Windows 5.1.2600 Service Pack 3

07/11/2009 18:34:33
mbam-log-2009-11-07 (18-34-33).txt

Tipo de examen : Examen Rápido
Objetos examinados: 116855
Tiempo transcurrido: 8 minute(s), 33 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\system\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hola, parece que Malwarebytes encuentra rastros.


Deberia de realizar un examen completo con Malwarebytes, antes lo actualizas.

Despues Realizas un scan con un antivirus online Pruebas con Kaspersky o con Panda ActiveScan 2.0

traes los dos informes, de Malwarebytes y el del antivirus online, para comprobar que todo este bien.