Saludos y gracias de antemano. Ojala alguien pueda ayudarme.
Un dia abri un archivo en elcorreo que el Outlook Express me recomendo no abrir. No se si casualmente en ese momento se estropeo el ordenador o el archivo estaba infectado, por que a partir de entonces el ordenador funcionaba fatal, se colgaba a menudo y arrancaba cuando queria. Ya se que parece bastante logico que tengo un virus, pero es que he formateado el disco, he pasado todos los antivirus y antispywares que tengo -AVG, Ad-Ware, Spy-Sweeper, intentaba pasar el Norton Antivirus 2005 antes de formatearlo y siempre llegaba un punto en que quedaba colgado- y sigo sin solucion. Una vez se me abrio la ventana del Errorsafe, pero no le hize caso y no ha vuelto a salir. Despues de formatearlo instale el Windows xp y no me arranca nunca. Asi que voy tirando con el Windows XP 64b Edition, he vuelto a pasar los programas antes mencionados -el norton no por que no funciona con esta version de Windows-, y nada. Ahora el ordenador no se queda colgado, pero tarda mucho en arrancar y una vez que arranca funciona con normalidad salvo continuos cortes en los que se queda parado y no reacciona, el cursor se queda quieto y todos los procesos se quedan parados durante varios segundos hasta que recupera el control.


Ahi va el log del hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 8:36:49 PM, on 3/14/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\SysWOW64\CTsvcCDA.EXE
D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe
D:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe
D:\Program Files (x86)\Trend Micro\Tmas\Tmas.exe
D:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Program Files (x86)\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files (x86)\Creative\MediaSource\CTCMS.exe
D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\SurMixer.exe
D:\PROGRA~2\Grisoft\AVG7\avgw.exe
D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
D:\Program Files (x86)\WinAce\WinAce.exe
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files (x86)\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [stnospy] "D:\Program Files (x86)\SinEspias\no-spy.exe" /autorun
O4 - HKLM\..\Run: [CTSysVol] "D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [RCSystem] "D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Personal Firewall] "D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe" /waitservice
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Program Files (x86)\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC8F51A8-7858-4887-B487-037C6071C251}: NameServer = 80.58.0.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O20 - AppInit_DLLs: D:\PROGRA~2\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Lavasoft Personal Firewall Service (LavasoftFirewall) - Agnitum Ltd. - D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Esto es todo, gracias y un saludo.

Hola y bienvenido al foro, descarga las herramientas VundoFix y Spy Sweeper y realiza un escaneo en Modo a Prueba de Fallos

Luego pegas otro log de Hijackthis y nos comentas los resultados.

Saludos

Vale ya los he pasado. Sigue funcionando mal
El Vundufix no encontro nada.
El spy-sweeper encontro unas cuantas cookies, que ya habia encontrado y borrado en otra ocasion, luego en el log venian gran cantidad de errores que no tienen muy buena pinta. Echale un vistazo porfa, es un poco largo:

********
8:23 PM: | Start of Session, Thursday, March 16, 2006 |
8:23 PM: Spy Sweeper started
8:23 PM: Sweep initiated using definitions version 634
8:23 PM: Starting Memory Sweep
8:24 PM: Memory Sweep Complete, Elapsed Time: 00:01:07
8:24 PM: Starting Registry Sweep
8:24 PM: Registry Sweep Complete, Elapsed Time:00:00:06
8:24 PM: Starting Cookie Sweep
8:24 PM: Found Spy Cookie: 2o7.net cookie
8:24 PM: administrator@2o7[1].txt (ID = 1957)
8:24 PM: Found Spy Cookie: pointroll cookie
8:24 PM: administrator@ads.pointroll[1].txt (ID = 3148)
8:24 PM: Found Spy Cookie: apmebf cookie
8:24 PM: administrator@apmebf[2].txt (ID = 2229)
8:24 PM: Found Spy Cookie: falkag cookie
8:24 PM: administrator@as-us.falkag[2].txt (ID = 2650)
8:24 PM: Found Spy Cookie: casalemedia cookie
8:24 PM: administrator@casalemedia[2].txt (ID = 2354)
8:24 PM: Found Spy Cookie: clickbank cookie
8:24 PM: administrator@clickbank[2].txt (ID = 2398)
8:24 PM: Found Spy Cookie: kinghost cookie
8:24 PM: administrator@kinghost[2].txt (ID = 2903)
8:24 PM: administrator@microsofteup.112.2o7[1].txt (ID = 1958)
8:24 PM: administrator@msnportal.112.2o7[1].txt (ID = 1958)
8:24 PM: Found Spy Cookie: questionmarket cookie
8:24 PM: administrator@questionmarket[1].txt (ID = 3217)
8:24 PM: administrator@sel.as-us.falkag[1].txt (ID = 2650)
8:24 PM: Found Spy Cookie: statcounter cookie
8:24 PM: administrator@statcounter[1].txt (ID = 3447)
8:24 PM: Found Spy Cookie: reliablestats cookie
8:24 PM: administrator@stats1.reliablestats[2].txt (ID = 3254)
8:24 PM: Found Spy Cookie: tribalfusion cookie
8:24 PM: administrator@tribalfusion[1].txt (ID = 3589)
8:24 PM: Found Spy Cookie: adminder cookie
8:24 PM: administrator@www.adminder[2].txt (ID = 2079)
8:24 PM: Found Spy Cookie: adserver cookie
8:24 PM: administrator@z1.adserver[1].txt (ID = 2142)
8:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:24 PM: Starting File Sweep
8:51 PM: Warning: Failed to read file "c:\musica\1973 - dark side of the moon\08 - brain damage.mp3". External exception C0000006
8:56 PM: Warning: Failed to read file "c:\avg71t_375a716.exe". External exception C0000006
8:59 PM: Warning: Failed to read file "c:\documents and settings\sergio\escritorio\avg71t_375a716.exe". External exception C0000006
9:00 PM: Warning: Failed to open file "d:\windows\system32\dllcache\d3d9.dll". The system cannot find the path specified
8:20 PM: Warning: Failed to open file "d:\windows\system32\dllcache\tcpmonui.dll". The system cannot find the path specified
8:21 PM: File Sweep Complete, Elapsed Time: 00:24:28
8:21 PM: Full Sweep has completed. Elapsed time 00:25:39
8:21 PM: Traces Found: 13
9:02 PM: Error: Failed to load SSI driver. The operation completed successfully.
9:02 PM: Warning: Driver not initialized
9:05 PM: Error: Driver not initialized.
9:06 PM: Deleted error log without sending: D:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
9:07 PM: Processing Startup Alerts
9:07 PM: Allowed Startup entry: AVG7_Run
9:07 PM: Allowed Startup entry: AVG7_CC
10:07 AM: Error: Failed to load SSI driver. The operation completed successfully.
10:07 AM: Warning: Driver not initialized

7:16 PM: Warning: Driver not initialized
7:16 PM: Error: Failed to load SSI driver. The operation completed successfully.
7:18 PM: Error: Driver not initialized.
7:18 PM: Deleted error log without sending: D:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
10:29 PM: Error: Driver not initialized.
10:29 PM: Error: Failed to load SSI driver. The specified service does not exist as an installed service.
7:20 PM: Error: Driver not initialized.
7:25 PM: Deleted error log without sending: D:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
7:54 PM: Error: Driver not initialized.
7:54 PM: Error: Driver not initialized.
7:54 PM: | End of Session, Thursday, March 09, 2006 |
********
|
Eso estodo, salvo que hay muchisimos mas errores y los warnings, los he omitido por que sino no cabe el mensaje



Yo creo que tengo el ordenador estropeado

Ahi va el log del hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 10:06:45 PM, on 3/16/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe
D:\Program Files (x86)\Trend Micro\Tmas\Tmas.exe
D:\Program Files (x86)\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\SysWOW64\CTsvcCDA.EXE
D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files (x86)\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [stnospy] "D:\Program Files (x86)\SinEspias\no-spy.exe" /autorun
O4 - HKLM\..\Run: [CTSysVol] "D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [RCSystem] "D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Personal Firewall] "D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe" /waitservice
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Program Files (x86)\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC8F51A8-7858-4887-B487-037C6071C251}: NameServer = 80.58.0.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O20 - AppInit_DLLs: D:\PROGRA~2\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Lavasoft Personal Firewall Service (LavasoftFirewall) - Agnitum Ltd. - D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)


Quedo a la espera, muchas gracias!

Sigue estos pasos:

1.- Apaga el "Restaurar Sistema"

2.- Activa la opción Ver Archivos Ocultos

3.- Reinicia en Modo a Prueba de Fallos

4.- Cierra todos los programas, ejecuta HijackThis y dale "Fix Cheked" a estas entradas:

O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll

5.- Sin reiniciar, busca y elimina este archivo, si no se deja eliminar descarga el programa "Killbox" y sigue las indicaciones del mensaje, copia y pega el archivo para que lo elimine al reiniciar.

D:\WINDOWS\SYSTEM32\dimsntfy.dll

6.- Pasa el Disk Cleaner para limpiar cookies y temporales

7.- Pasa el Regseeker para Limpiar el Registro, pásalo hasta q no quede nada para eliminar.

8.- Realiza un escaneo con Spy Sweeper y VundoFix.

9.- Reinicia la maquina y realiza un escaneo con Ewido Online, luego pega otro log de Hijackthis y nos cuentas como te fue.

10.- Deshaz los pasos 1 y 2.

De preferencia imprime las indicaciones para que se te haga mas facil seguirlas.

Saludos

Vale ya lo he echo todo . El archivo ese que me comentas no lo puedo borrar en modo a prueba de fallos por que el killbox no lo encuentra. Lo he borrado en modo normal, pero me vuelve a aparecer. Y ademas tengo otro con el mismo nombre en el directorio d:\windows\wow64, este se puede borrar normalmente con el explorador pero no lo he borrado por si acaso. En el hijack he tenido que borrar la entrada un par de veces. El Vundofix y el spy-sweeper no encontraron nada. Pase el discleaner y regseeker. Borre todo lo que encontro el regseeker y luego Windows no arrancaba, lo tuve que reparar con el disco. El ewido cuando escanea la memoria se para siempre en 11% y no pasa de ahi. Escaneando el disco encontro cookies y un troyano.

Aqui esta el Log del hijack

Logfile of HijackThis v1.99.1
Scan saved at 2:44:21 PM, on 3/20/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
D:\WINDOWS\SysWOW64\CTsvcCDA.EXE
D:\Program Files (x86)\ewido anti-malware\ewidoctrl.exe
D:\Program Files (x86)\ewido anti-malware\ewidoguard.exe
D:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
D:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe
D:\Program Files (x86)\Trend Micro\Tmas\Tmas.exe
D:\Program Files (x86)\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files (x86)\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [stnospy] "D:\Program Files (x86)\SinEspias\no-spy.exe" /autorun
O4 - HKLM\..\Run: [CTSysVol] "D:\Program Files (x86)\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [RCSystem] "D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files (x86)\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Personal Firewall] "D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe" /waitservice
O4 - HKCU\..\Run: [Creative Detector] D:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "D:\Program Files (x86)\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Program Files (x86)\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files (x86)\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC8F51A8-7858-4887-B487-037C6071C251}: NameServer = 80.58.0.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{396C5A76-D232-44EC-BE26-87EEC23F46FB}: NameServer = 80.58.0.33
O20 - AppInit_DLLs: D:\PROGRA~2\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: EFS - D:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files (x86)\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files (x86)\ewido anti-malware\ewidoguard.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Lavasoft Personal Firewall Service (LavasoftFirewall) - Agnitum Ltd. - D:\Program Files (x86)\Lavasoft\Personal Firewall\lpfw.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - (no file)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)


Un cordial saludo!

Sube el archivo que se encuentra en la carpeta wow64 a la página de VirusTotal y pega el reporte en este mismo mensaje para su análisis, esto para descartar que se trate de un malware.

Cuando tengas algún problema luego de realizar la limpieza con Regseeker, tienes la posibilidad de recuperar las entradas eliminadas desde la sección "Backup" del programa.

Descarga Ewido AntiMalwares y realiza un escaneo en Modo a Prueba de Fallos.

Ya nos contarás como te fue.

Saludos

No parece que se trate de un malware:

AntiVir 6.34.0.14 03.23.2006 no virus found
Avast 4.6.695.0 03.23.2006 no virus found
AVG 386 03.23.2006 no virus found
Avira 6.34.0.54 03.23.2006 no virus found
BitDefender 7.2 03.23.2006 no virus found
CAT-QuickHeal 8.00 03.23.2006 no virus found
ClamAV devel-20060126 03.23.2006 no virus found
DrWeb 4.33 03.23.2006 no virus found
eTrust-InoculateIT 23.71.109 03.23.2006 no virus found
eTrust-Vet 12.4.2131 03.23.2006 no virus found
Ewido 3.5 03.23.2006 no virus found
Fortinet 2.71.0.0 03.23.2006 no virus found
F-Prot 3.16c 03.22.2006 no virus found
Ikarus 0.2.59.0 03.23.2006 no virus found
Kaspersky 4.0.2.24 03.23.2006 no virus found
McAfee 4725 03.23.2006 no virus found
NOD32v2 1.1456 03.23.2006 no virus found
Norman 5.70.10 03.23.2006 no virus found
Panda 9.0.0.4 03.23.2006 no virus found
Sophos 4.03.0 03.23.2006 no virus found
Symantec 8.0 03.23.2006 no virus found
TheHacker 5.9.7.118 03.23.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.22.2006 no virus found

De todas formas he subido tambien el archivo que se encuentra en la carpeta system32, y el resultado fue el mismo. Este archivo no lo consigo eliminar de ninguna forma, el killbox lo borra pero despues vuelve a aparecer, aunque lo puse pare que lo eliminara al reiniciar. Lo unico que he conseguido es que ahora al reiniciar me sale el siguiente mensaje: Failed to conect to driver 2.

Lo del backup del regseeker ya lo sabia. Lo que ocurre es que no podia acceder a el debido a que el windows no arrancaba de ninguna de las maneras.

El ewido-antimalwares 3.5 es el que me habia descargado y no pasaba del 11% del analisis de memoria. Lo he pasado en modo a prueba de fallos y me pasa lo mismo

El ordenador sigue funcionando de forma deficiente, ya no se que hacer, empiezo a creer que tiene algo roto de necesidad. De todas formas seguire agradeciendo cualquier consejo o idea, Saludos!