hola pongo aqui mi log para que lo chequen, hay un svcchost y un mysvcc y cosas latosas que no puedo eliminar, gracias.

Logfile of HijackThis v1.99.1
Scan saved at 04:33:26 p.m., on 03/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\wintasks32.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\System32\mssvcc.exe
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\Generic.exe
C:\Archivos de programa\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] wuamkop.exe
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [Dx Serv System] dx2s.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] wuamkop.exe
O4 - HKLM\..\RunServices: [Dx Serv System] dx2s.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Network Connections] C:\WINDOWS\help\internat.exe
O4 - HKCU\..\RunServices: [Dx Serv System] dx2s.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Win32 Task Manager (Win32Task) - Unknown owner - C:\WINDOWS\wintasks32.exe

Hola!!!

Sigue estos pasos:

1) Apaga Restaurar Sistema

2) Ver archivos ocultos

3) Reinicia a prueba de fallos

4) Ejecuta HijackThis con todos los programas cerrados y dale Fix checked a:

O4 - HKLM\..\Run: [Microsoft Windows Update] wuamkop.exe

O4 - HKLM\..\Run: [Dx Serv System] dx2s.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [Microsoft Windows Update] wuamkop.exe

O4 - HKLM\..\RunServices: [Dx Serv System] dx2s.exe

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKCU\..\Run: [Network Connections] C:\WINDOWS\help\internat.exe

O4 - HKCU\..\RunServices: [Dx Serv System] dx2s.exe

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

O23 - Service: Win32 Task Manager (Win32Task) - Unknown owner - C:\WINDOWS\wintasks32.exe

5) Busca y elimina estos archivos y/o carpetas con todo su contenido:

C:\WINDOWS\wintasks32.exe
C:\WINDOWS\System32\mssvcc.exe
C:\WINDOWS\System32\svcchost.exe (no lo confundas con svchost.exe)
wuamkop.exe
dx2s.exe
mysvcc.exe
C:\WINDOWS\help\internat.exe
C:\WINDOWS\System32\rpcc.dll

Para archivos que no se dejen eliminar usa KillBox

6) Ve a Inicio-> Ejecutar-> escribe sc delete Win32Task -> Aceptar

7) Reinicia normal y finaliza con estos pasos:

• Haz un analisis con Ewido Online y Panda ActiveScan
• Limpia el registro con RegSeeker y pasa Ad-Aware actualizado.
• Elimina cookies y temporales con Disk Cleaner y vacía la papelera.

Vuelve a reiniciar, deshaz los cambios 1) y 2) y nos cuentas los resultados.

Saludos

logre eliminar todos los directorios que me dijeron, pero de repente la conexion falla, se desconecta y parpadea windows, es decir, pareciera que se pusiera en modo a prueba de fallos por un brevisimo instante y se desconecta, esto porque puede ser? otra cosilla, el NOD32 me detecta que el Isass.exe esta infectado o algo, me detecta un archivo C:/z.exe, o C:/C.exe

Deja un nuevo log para ver cómo quedó y el reporte completo de Nod32.

Saludos

ok el del nod aqui estan los threats, el que sigue es el del hijack this.

Time Module Object Name Threat Action User Information
01/12/2006 01:07:34 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
30/11/2006 03:19:48 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
30/11/2006 03:19:36 a.m. AMON file C:\WINDOWS\help\lsass.exe probably unknown NewHeur_PE virus quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
30/11/2006 03:19:34 a.m. AMON file C:\WINDOWS\help\internat.exe Win32/TrojanDropper.VB.FR trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
30/11/2006 03:04:09 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
30/11/2006 00:30:40 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
29/11/2006 20:11:10 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
29/11/2006 14:58:51 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 23:28:19 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 23:03:24 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 20:27:58 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 16:57:24 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
28/11/2006 15:13:39 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
27/11/2006 21:20:37 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
27/11/2006 10:44:16 a.m. Kernel file c:\windows\lsass.exe IRC/SdBot trojan Alert was generated during the system startup file check.
27/11/2006 09:25:30 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
26/11/2006 22:43:20 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
25/11/2006 22:59:08 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
25/11/2006 14:02:48 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 23:32:21 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 13:43:07 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 11:49:11 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
24/11/2006 10:06:45 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 20:53:24 p.m. AMON file C:\WINDOWS\system32\x.exe a variant of IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\system32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 20:51:27 p.m. AMON file C:\WINDOWS\system32\x.exe a variant of IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\system32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 20:22:26 p.m. Kernel file c:\windows\lsass.exe IRC/SdBot trojan Alert was generated during the system startup file check.
23/11/2006 19:51:38 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 19:49:43 p.m. AMON file C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\87WQCU7M\1[1].exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
23/11/2006 19:49:41 p.m. AMON file C:\WINDOWS\System32\a.exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
23/11/2006 19:49:37 p.m. IMON file http://plstofjeer.com/exes/1.exe IRC/SdBot trojan Connection terminated NT AUTHORITY\SYSTEM
23/11/2006 19:46:10 p.m. AMON file C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\BTZODANZ\1[1].exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
23/11/2006 19:19:24 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 18:49:35 p.m. AMON file C:\WINDOWS\help\lsass.exe probably unknown NewHeur_PE virus quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 18:49:22 p.m. AMON file C:\WINDOWS\help\internat.exe Win32/TrojanDropper.VB.FR trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
23/11/2006 18:43:45 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 18:20:59 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 1453 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 13:55:13 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
23/11/2006 11:57:50 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
23/11/2006 11:21:33 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan Event occurred at an attempt to access the file by the application: C:\Archivos de programa\HJT\HijackThis.exe.
23/11/2006 11:07:38 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
22/11/2006 23:26:27 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan CANIVU-ZTIXW6J5\canibal Event occurred at an attempt to access the file by the application: C:\Archivos de programa\HJT\HijackThis.exe.
22/11/2006 22:20:14 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
21/11/2006 22:23:25 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
21/11/2006 19:01:14 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
21/11/2006 08:31:27 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
20/11/2006 23:36:37 p.m. AMON boot sector boot sector of disk A: Wyx.C virus NT AUTHORITY\SYSTEM Virus detected when attempting to access the diskette.
20/11/2006 22:20:11 p.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
20/11/2006 00:28:39 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
17/11/2006 01:38:06 a.m. AMON file C:\WINDOWS\lsass.exe IRC/SdBot trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\services.exe.
16/11/2006 20:54:20 p.m. Kernel file c:\windows\lsass.exe IRC/SdBot trojan Alert was generated during the system startup file check.
16/11/2006 19:19:58 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
16/11/2006 19:19:56 p.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
16/11/2006 19:19:55 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
15/11/2006 23:08:29 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 23:07:52 p.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 22:46:45 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
15/11/2006 22:35:17 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 22:35:17 p.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 22:35:16 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
15/11/2006 02:11:20 a.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 02:11:18 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
15/11/2006 02:11:17 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
14/11/2006 00:13:02 a.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
14/11/2006 00:13:00 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
14/11/2006 00:12:53 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
13/11/2006 02:02:28 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
12/11/2006 00:01:14 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
11/11/2006 13:40:00 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
11/11/2006 01:33:09 a.m. AMON file C:\WINDOWS\system32\salvage.exe Win32/Rbot trojan deleted CANIVU-ZTIXW6J5\canibal Event occurred at an attempt to access the file by the application: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe.
11/11/2006 01:33:01 a.m. AMON file C:\WINDOWS\system32\recsl.exe Win32/Rbot trojan deleted CANIVU-ZTIXW6J5\canibal Event occurred at an attempt to access the file by the application: C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe.
11/11/2006 01:29:34 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
11/11/2006 01:06:38 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
11/11/2006 01:06:33 a.m. AMON file C:\z.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
11/11/2006 01:06:20 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
08/11/2006 20:44:34 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\8DE74XIJ\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:44:31 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
08/11/2006 20:44:25 p.m. AMON file C:\WINDOWS\system32\eraseme_82358.exe IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\system32\ftp.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:42:50 p.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
08/11/2006 20:02:18 p.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:02:17 p.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
08/11/2006 20:02:14 p.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 02:24:35 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 02:24:31 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 02:24:27 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 02:21:53 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:44:41 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:44:37 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:44:35 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:44:31 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:33:37 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 01:29:49 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:29:43 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:29:28 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:29:27 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 01:18:02 a.m. AMON file C:\Documents and Settings\LocalService.NT AUTHORITY\Configuración local\Archivos temporales de Internet\Content.IE5\OHYRSPYR\c[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:17:59 a.m. AMON file C:\x.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\lsass.exe. The file was moved to quarantine. You may close this window.
07/11/2006 01:17:52 a.m. IMON file http://209.11.244.163/c.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
07/11/2006 01:17:18 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 01:04:41 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 00:59:57 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
07/11/2006 00:56:40 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
07/11/2006 00:37:29 a.m. AMON file C:\WINDOWS\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\lsass.exe. The file was moved to quarantine. You may close this window.
05/11/2006 0122 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
05/11/2006 00:17:34 a.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM
03/11/2006 14:22:24 p.m. AMON file C:\WINDOWS\help\lsass.exe probably unknown NewHeur_PE virus quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
03/11/2006 14:22:21 p.m. AMON file C:\WINDOWS\help\internat.exe Win32/TrojanDropper.VB.FR trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\ftp.exe. The file was moved to quarantine. You may close this window.
03/11/2006 14:20:09 p.m. IMON file http://66.185.126.51/prod.exe probably a variant of Win32/TrojanProxy.Slaper.C trojan CANIVU-ZTIXW6J5\canibal
03/11/2006 13:31:38 p.m. IMON file http://66.185.126.51/prod.exe probably a variant of Win32/TrojanProxy.Slaper.C trojan CANIVU-ZTIXW6J5\canibal
03/11/2006 13:31:34 p.m. IMON file http://209.11.244.115/update.exe a variant of Win32/TrojanProxy.Ranky trojan NT AUTHORITY\SYSTEM


el hijack this

Logfile of HijackThis v1.99.1
Scan saved at 11:18:24 a.m., on 23/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\msiexec.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{300CB2E7-2EC8-4C1D-905D-3CE6B655D732}: NameServer = 200.33.146.161 200.33.146.153
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe

grazie de antemano

Sigue estos pasos:

1) Apaga Restaurar Sistema

2) Ver archivos ocultos

3) Reinicia a prueba de fallos

4) Ejecuta HijackThis con todos los programas cerrados y dale Fix checked a:

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe

5) Busca y elimina estos archivos y/o carpetas con todo su contenido:

C:\WINDOWS\help\lsass.exe <- no elimines el lsass.exe que hay en system32
C:\WINDOWS\lsass.exe <- no elimines el lsass.exe que hay en system32
C:\WINDOWS\System32\ftp.exe
C:\WINDOWS\help\internat.exe
C:\WINDOWS\system32\x.exe
C:\WINDOWS\System32\a.exe
C:\z.exe
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\salvage.exe
C:\WINDOWS\system32\recsl.exe
C:\x.exe
C:\WINDOWS\System32\mysvcc.exe

Para archivos que no se dejen eliminar usa KillBox

6) Ve a Inicio-> Ejecutar-> escribe sc delete sdk -> Aceptar

7) Reinicia normal y finaliza con estos pasos:

• Haz un analisis con Ewido Online y Panda ActiveScan
• Limpia el registro con RegSeeker y pasa Ad-Aware actualizado.
• Elimina cookies y temporales con Disk Cleaner y vacía la papelera.

Vuelve a reiniciar, deshaz los cambios 1) y 2) y nos cuentas los resultados.

Saludos

PD// Es muy importante que pases por Windows Update y descargues todas las actualizaciones de alta prioridad.

hola, muchas gracias jereque, pude quitar todo excepto el z.exe, porque parece que no existe. ni con killbox, sin embargo ahora todo esta bien, ya no aparecen ningunos programas latosos ni ventanas ni se traba ni nada, muchas gracias por la ayuda.

ramza

Bien, pues si no hay más problemas damos el tema por solucionado.

Saludos