Hola. Saludos desde El Salvador.
Norton me detecto Fastlook y Spybot me detecto UnSPYPC y PIPAS.A
Vuelven a reaparecer siempre.
Soy nuevo en esto del log de HijackThis.
Alguien me podria decir si mi log tiene sintomas de infeccion de los spywares mencionados?

Muchas gracias!

Aca el log:
Logfile of HijackThis v1.99.1
Scan saved at 11:11:39 PM, on 26/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\UMCSTUB.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NAVCOLR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Tngsd\BIN\SDSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Tngsd\BIN\TRIGGAG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\SxpInst\sxplog32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dash\4990891\Program\Dash.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WINZIP\winzip32.exe
c:\Documents and Settings\SG0304985\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sabre Holdings Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://inet-pac.sabre.com:81/sabre-proxy.pac
R3 - URLSearchHook: (no name) - {9D518F7C-20F8-69D2-63F4-4C1EAC52BF7C} - ftbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [sabre_as] sabre_as.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Dash] "C:\Program Files\Dash\4990891\Program\Dash.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [EXE32EXE] driver64.exe
O4 - HKLM\..\Run: [DCC_send] newbreed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [Shaitan1678] clamav.exe
O4 - HKCU\..\Run: [pizda] SpyElim.exe
O4 - HKCU\..\Run: [NSYSCPLSTR] sbin.exe
O4 - Global Startup: Dash.lnk = C:\Program Files\Dash\4990891\Program\Dash.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://source.sabre.com
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127467387160
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6E3ECDA-DC0B-4E7A-8414-90FCF5A67125} (Siebel High Interactivity Framework) - http://icrm.sabre.com/callcenter_enu/18356/applets/SiebelAx_HI_Client.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall.webex.com/client/v_mywebex-t20sp18ep3/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com
O17 - HKLM\Software\..\Telephony: DomainName = Global.ad.sabre.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{207A0093-6B4D-4992-8463-1C34D53D6B4A}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CCS\Services\Tcpip\..\{81A69B16-1EBA-4D3C-9978-6C4F180D0D5E}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CCS\Services\Tcpip\..\{87BBBC23-12D0-4AF8-B039-154904BC3FD1}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ADEE01-3999-4473-BCFA-116494FB4F00}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{207A0093-6B4D-4992-8463-1C34D53D6B4A}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{207A0093-6B4D-4992-8463-1C34D53D6B4A}: NameServer = 85.255.113.150,85.255.112.106
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IgniteService - Unknown owner - C:\Program Files\Dash\4990891\Program\IgniteService.exe" -Service (file missing)
O23 - Service: NAV Collector (NAVCollector) - EDS Inc - C:\WINDOWS\system32\NAVCOLR.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sabre Print (SabrePrint) - Sabre Inc. - C:\Program Files\The Sabre Group\Print32\OADP.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Tngsd\BIN\SDSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Hola te doy la bienvenida al foro, no te olvides de pasar por WindowsUpdate periódicamente para tener actualizado el sistema, luego sigue estos pasos:

1.- Descarga la herramienta WinsockFix, pero no la ejecutes aún.

2.- Apaga el "Restaurar Sistema"

3.- Activa la opción Ver Archivos Ocultos

4.- Reinicia en Modo a Prueba de Fallos

5.- Cierra todos los programas, ejecuta HijackThis y dale "Fix Cheked" a estas entradas:

R3 - URLSearchHook: (no name) - {9D518F7C-20F8-69D2-63F4-4C1EAC52BF7C} - ftbar.dll (file missing)

O4 - HKLM\..\Run: [EXE32EXE] driver64.exe

O4 - HKLM\..\Run: [DCC_send] newbreed.exe

O4 - HKCU\..\Run: [Shaitan1678] clamav.exe

O4 - HKCU\..\Run: [pizda] SpyElim.exe

O4 - HKCU\..\Run: [NSYSCPLSTR] sbin.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{207A0093-6B4D-4992-8463-1C34D53D6B4A}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CCS\Services\Tcpip\..\{81A69B16-1EBA-4D3C-9978-6C4F180D0D5E}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CCS\Services\Tcpip\..\{87BBBC23-12D0-4AF8-B039-154904BC3FD1}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ADEE01-3999-4473-BCFA-116494FB4F00}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CS1\Services\Tcpip\..\{207A0093-6B4D-4992-8463-1C34D53D6B4A}: NameServer = 85.255.113.150,85.255.112.106
O17 - HKLM\System\CS2\Services\Tcpip\..\{207A0093-6B4D-4992-8463-1C34D53D6B4A}: NameServer = 85.255.113.150,85.255.112.106

6.- Sin reiniciar, busca y elimina estos archivos, si no se dejan eliminar descarga el programa "Killbox" y sigue las indicaciones del mensaje, copia y pega los archivos para que los elimine al reiniciar.

ftbar.dll

driver64.exe

newbreed.exe

clamav.exe

SpyElim.exe

sbin.exe

7.- Pasa el Disk Cleaner para limpiar cookies y temporales

8.- Pasa el Regseeker para Limpiar el Registro, pásalo hasta q no quede nada para eliminar.

9.- Pasa el Ad-Aware SE actualizado e instala SpywareBlaster

10.- Reinicia la maquina y realiza un escaneo con Ewido Online, luego pega otro log de Hijackthis y nos cuentas como te fue.

11.- Deshaz los pasos 1 y 2.

12.- Es probable que al darle "Fix Checked" a las entradas 017 te quedes sin conexión a internet, para reparar la conexión ejecuta la herramienta WinsockFix, al reinicio de tu máquina puede que tengas que volver a configurar las propiedades de tu conexión.

13.- Este archivo lo desconozco:

sabre_as.exe

Para descartar que se trate de un malware sube ese archivo a la página de VirusTotal y pega el reporte en este mismo mensaje para su análisis.

De preferencia imprime las indicaciones para que se te haga mas facil seguirlas.

Saludos