Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

hola amigos, espero me puedan ayudar con mi problema, al abrir el explorer busco con google pero al hacer clic en una de las respuestas encontradas solo me abre google y me dice que no encuentra /... con un anuncio de google, pego aca mi log de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:35 p.m., on 22/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavi lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2058
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Docum ents and Settings\florecita\mpyx.exe \s,
O1 - Hosts: 209.85.225.99 msnfix.changelog.fr
O1 - Hosts: 209.85.225.99 www.incodesolutions.com
O1 - Hosts: 209.85.225.99 virusinfo.prevx.com
O1 - Hosts: 209.85.225.99 download.bleepingcomputer.com
O1 - Hosts: 209.85.225.99 www.dazhizhu.cn
O1 - Hosts: 209.85.225.99 foro.noticias3d.com
O1 - Hosts: 209.85.225.99 www.spybotupdates.com
O1 - Hosts: 209.85.225.99 www.nabble.com
O1 - Hosts: 209.85.225.99 lurker.clamav.net
O1 - Hosts: 209.85.225.99 lexikon.ikarus.at
O1 - Hosts: 209.85.225.99 research.sunbelt-software.com
O1 - Hosts: 209.85.225.99 www.virusdoctor.jp
O1 - Hosts: 209.85.225.99 www.elitepvpers.de
O1 - Hosts: 209.85.225.99 guru.avg.com
O1 - Hosts: 209.85.225.99 downloads.sophos.com
O1 - Hosts: 209.85.225.99 www.superuser.co.kr
O1 - Hosts: 209.85.225.99 ntfaq.co.kr
O1 - Hosts: 209.85.225.99 v.dreamwiz.com
O1 - Hosts: 209.85.225.99 cit.kookmin.ac.kr
O1 - Hosts: 209.85.225.99 forums.whatthetech.com
O1 - Hosts: 209.85.225.99 forum.hijackthis.de
O1 - Hosts: 209.85.225.99 avg.vo.llnwd.net
O1 - Hosts: 209.85.225.99 ftp.drweb.com
O1 - Hosts: 209.85.225.99 www.zonealarm.com
O1 - Hosts: 209.85.225.99 www.huaifai.go.th
O1 - Hosts: 209.85.225.99 www.mostz.com
O1 - Hosts: 209.85.225.99 www.krupunmai.com
O1 - Hosts: 209.85.225.99 www.cddchiangmai.net
O1 - Hosts: 209.85.225.99 forum.malekal.com
O1 - Hosts: 209.85.225.99 tech.pantip.com
O1 - Hosts: 209.85.225.99 sapcupgrades.com
O1 - Hosts: 209.85.225.99 www.elguruinformatico.com
O1 - Hosts: 209.85.225.99 www.247fixes.com
O1 - Hosts: 209.85.225.99 forum.sysinternals.com
O1 - Hosts: 209.85.225.99 forum.telecharger.01net.com
O1 - Hosts: 209.85.225.99 sophos.com
O1 - Hosts: 209.85.225.99 foros.softonic.com
O1 - Hosts: 209.85.225.99 avast-home.uptodown.com
O1 - Hosts: 209.85.225.99 dr-web-cureit.softonic.com
O1 - Hosts: 209.85.225.99 www.f-secure.com
O1 - Hosts: 209.85.225.99 www.chkrootkit.org
O1 - Hosts: 209.85.225.99 diamondcs.com.au
O1 - Hosts: 209.85.225.99 www.rootkit.nl
O1 - Hosts: 209.85.225.99 www.sysinternals.com
O1 - Hosts: 209.85.225.99 z-oleg.com
O1 - Hosts: 209.85.225.99 espanol.dir.groups.yahoo.com
O1 - Hosts: 209.85.225.99 ftp01net.telechargement.fr
O1 - Hosts: 209.85.225.99 www.castlecrops.com
O1 - Hosts: 209.85.225.99 www.misec.net
O1 - Hosts: 209.85.225.99 safecomputing.umn.edu
O1 - Hosts: 209.85.225.99 www.antirootkit.com
O1 - Hosts: 209.85.225.99 www.greatis.com
O1 - Hosts: 209.85.225.99 ar.answers.yahoo.com
O1 - Hosts: 209.85.225.99 www.elhacker.org
O1 - Hosts: 209.85.225.99 research.pandasecurity.com
O1 - Hosts: 209.85.225.99 www.rootkit.com
O1 - Hosts: 209.85.225.99 www.pctools.com
O1 - Hosts: 209.85.225.99 www.pcsupportadvisor.com
O1 - Hosts: 209.85.225.99 www.resplendence.com
O1 - Hosts: 209.85.225.99 www.personal.psu.edu
O1 - Hosts: 209.85.225.99 foro.ethek.com
O1 - Hosts: 209.85.225.99 foro.elhacker.net
O1 - Hosts: 209.85.225.99 download.zonealarm.com
O1 - Hosts: 209.85.225.99 vil.nail.com
O1 - Hosts: 209.85.225.99 search.mcafee.com
O1 - Hosts: 209.85.225.99 wwww.mcafee.com
O1 - Hosts: 209.85.225.99 download.nai.com
O1 - Hosts: 209.85.225.99 wwww.experts-exchange.com
O1 - Hosts: 209.85.225.99 www.bakunos.com
O1 - Hosts: 209.85.225.99 www.darkclockers.com
O1 - Hosts: 209.85.225.99 www2.gmer.net
O1 - Hosts: 209.85.225.99 www.Merijn.org
O1 - Hosts: 209.85.225.99 www.spywareinfo.com
O1 - Hosts: 209.85.225.99 www.spybot.info
O1 - Hosts: 209.85.225.99 www.viruslist.com
O1 - Hosts: 209.85.225.99 www.hijackthis.de
O1 - Hosts: 209.85.225.99 ftp.f-secure.com
O1 - Hosts: 209.85.225.99 forum.kaspersky.com
O1 - Hosts: 209.85.225.99 es.trendmicro-europe.com
O1 - Hosts: 209.85.225.99 majorgeeks.com
O1 - Hosts: 209.85.225.99 www.avp.com
O1 - Hosts: 209.85.225.99 www.virustotal.com
O1 - Hosts: 209.85.225.99 www.sophos.com
O1 - Hosts: 209.85.225.99 linhadefensiva.uol.com.br
O1 - Hosts: 209.85.225.99 cmmings.cn
O1 - Hosts: 209.85.225.99 www.sergiwa.com
O1 - Hosts: 209.85.225.99 www.el-hacker.com
O1 - Hosts: 209.85.225.99 dl2.agnitum.com
O1 - Hosts: 209.85.225.99 www.avg-antivirus.net
O1 - Hosts: 209.85.225.99 www.kaspersky-labs.com
O1 - Hosts: 209.85.225.99 www.kaspersky.com
O1 - Hosts: 209.85.225.99 www.bleepingcomputer.com
O1 - Hosts: 209.85.225.99 www.free.grisoft.com
O1 - Hosts: 209.85.225.99 alerta-antivirus.inteco.es
O1 - Hosts: 209.85.225.99 securityresponse.symantec.com
O1 - Hosts: 209.85.225.99 www.analysis.seclab.tuwien.ac.at
O1 - Hosts: 209.85.225.99 www.symantec.com
O1 - Hosts: 209.85.225.99 www.kztechs.com
O1 - Hosts: 209.85.225.99 ad-aware-se.uptodown.com
O1 - Hosts: 209.85.225.99 stdio-labs.blogspot.com
O1 - Hosts: 209.85.225.99 liveupdate.symantecliveupdate.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {9c905b42-976e-43c1-bc30-fc5937017909} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Win2x] C:\WINDOWS\system32\Win2x.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [prueba] C:\WINDOWS\msn.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\Dale Dash.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavili on&pf=laptop
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\WINDOWS\system32\9934.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (mywebsearchservice) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Indicador del estado de Sophos Anti-Virus (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Win2x - Unknown owner - C:\WINDOWS\system32\save.exe (file missing)

--


espero me puedan ayudar, de antemano gracias

Hola luisechartea

Descarga lo siguiente:

º Ccleaner. Lo instalas según Su Manual

º Malwarebytes. Lo instalas y actualizas según su manual, PERO NO LO EJECUTES AUN


Realiza lo siguiente:

Ve a INICIO, EJECUTAR y escribe cmd y aceptas -> en la consola copias y pegas :

Sc Stop mywebsearchservice ->enter y aceptar y luego

Sc Delete mywebsearchservice ->enter y acepta



Sc Stop "Win2x" ->enter y aceptar y luego

Sc Delete "Win2x" ->enter y acepta


Cierra todos los programas, ejecutas HijackThis , tildas las casillas de estas entradas y presionas "FIX Cheked"


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavi lion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2058
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Docum ents and Settings\florecita\mpyx.exe \s,

TODAS LAS ENTRADAS 01

O3 - Toolbar: (no name) - {9c905b42-976e-43c1-bc30-fc5937017909} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O4 - HKLM\..\Run: [Win2x] C:\WINDOWS\system32\Win2x.exe

O4 - HKLM\..\Run: [prueba] C:\WINDOWS\msn.exe

O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\Dale Dash.exe

O23 - Service: My Web Search Service (mywebsearchservice) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

O23 - Service: Win2x - Unknown owner - C:\WINDOWS\system32\save.exe (file missing)



Ejecuta Ccleaner usando sus opciones "Limpiador" y "Registro".


Ejecuta Malwarebytes.

Vas a su pestaña MAS HERRAMIENTAS y abris el FileASSASSYN. Con este busca y eliminas a:


C:\WINDOWS\system32\Win2x.exe

C:\WINDOWS\msn.exe

C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\Dale Dash.exe



Hacé un "escaneo completo". Una vez finalizado, si te detecta algo eliges " quitar lo seleccionado ".
Si te pide reiniciar, lo haces.


En tu próxima respuesta, debes poner lo siguiente:

º El reporte de malwarebyte´s, que se encuentra en su pestaña REGISTROS
º Un nuevo log de Hijackthis
º Como funciona tu pc ahora

Saludos