Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola a todos

Me gustaria que me ayudaran con mi computadora, tardar mucho en cargar el win xp y cuando abro el explorer por primera vez, de igual forma se tarda mucho en cargar, aqui les dejo el log, espero que me puedan ayudar.

Saludos, Oscar de México.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:50 p.m., on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\xampp\filezillaftp\filezillaserver.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm1 2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\CePMTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\ICROSO~1.NET\regsvr32.exe
C:\Program Files\?ymantec\r?ndll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Radamanthys\My Documents\Eliminar w32\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 200.38.67.37:2301
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cewmdms.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: (no name) - {4A734B7E-4D12-1DB4-B052-05929E328F66} - C:\WINDOWS\system32\rugfvzd.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B4695A16-EDFA-9505-F1AA-C2DEB9B55CB1} - C:\WINDOWS\system32\jscwjwsk.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\system32\CePMTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ncxednb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ncxednb.dll,qpkrxnc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Ruea] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\regsvr32.ex e" -vt yazb
O4 - HKCU\..\Run: [Gxxh] "C:\Program Files\?ymantec\r?ndll.exe" 99001122
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_43.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/eng/billardt_2_0_0_28.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winsys2freg - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000271 (file missing)
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\filezillaftp\filezillaserver.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm1 2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Hola y Bienvenid@ a forospyware

Descarga y Actualiza todas las herramientas antes de comenzar

1.- Desactiva Restaurar Sistema

2.- Activa Ver Archivos Ocultos

3.- Reinicia el pc en Modo a Prueba de Fallos

4.- Ve a inicio/panel de control/ agregar o quitar programas y desinstalas lo siguiente:

- TrustIn Contextual
- PartyGaming.Net o PartyPokerNet

5.- Cierra todos los programas, luego ejecuta el HijackThis, marca y les das "Fix Checked" a las siguientes entradas:

O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cewmdms.dll

O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll

O2 - BHO: (no name) - {4A734B7E-4D12-1DB4-B052-05929E328F66} - C:\WINDOWS\system32\rugfvzd.dll

O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B4695A16-EDFA-9505-F1AA-C2DEB9B55CB1} - C:\WINDOWS\system32\jscwjwsk.dll

O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll

O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll

O4 - HKLM\..\Run: [ncxednb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ncxednb.dll,qpkrxnc

O4 - HKCU\..\Run: [Ruea] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\regsvr32.ex e" -vt yazb

O4 - HKCU\..\Run: [Gxxh] "C:\Program Files\?ymantec\r?ndll.exe" 99001122

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_43.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/eng/billardt_2_0_0_28.cab

O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll

O20 - Winlogon Notify: winsys2freg - C:\WINDOWS\

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000271 (file missing)

6.- Busca y elimina estos archivos, en caso de que no los puedas eliminar utilizas la herramienta FileASSASSIN

C:\WINDOWS\system32\cewmdms.dll
C:\WINDOWS\system32\rugfvzd.dll
C:\WINDOWS\system32\mscoriezb.dll
C:\WINDOWS\system32\jscwjwsk.dll
C:\WINDOWS\inetloader.dll
C:\WINDOWS\se_spoof.dll
C:\WINDOWS\system32\ncxednb.dll
C:\WINDOWS\system32\a3dxq.dll
C:\WINDOWS\system32\svchosts.exe <--- "Cuidado" no elimines el archivo svchost.exe

Elimina estas carpetas y todo el contenido

C:\Program Files\TrustIn Contextual
C:\PROGRA~1\COMMON~1\ICROSO~1.NET
C:\Program Files\?ymantec
C:\Program Files\PartyGaming.Net

7.- Analiza el sistema con DelPSGuard - Manual <-- Pega el reporte

8.- Analiza el sistema con SpyBot Search & Destroy, con AVG Anti-spyware - Manual y con el Spy Sweeper 5.0 - Manual

9.- Utiliza el Ccleaner - Manual para eliminar las cookies y temporales

10.- Utiliza el Regseeker - Manual para limpiar el registro

11.- Reinicia, entra en modo normal y analiza el sistema con Kaspersky online - Manual

12.- Instala el SpywareBlaster 3.5 (Manual)

Nota* Al terminar vuelve a activar restaurar sistema y esconde los archivos ocultos

Me cuentas los resultados y pegas un nuevo log de HijackThis

salu2

Hola, al parecer los resultados fueron muy buenos, salvo una duda que tengo del log del hijackthis, que a continuacion voy a pegar, ademas del reporte del Guard para verificar que todo este en orden, pero de inicio el sistema operativo cargo como solia hacerlo.

Saludos y gracias de antemano.

Logfile of HijackThis v1.99.1
Scan saved at 12:53:59 a.m., on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\CePMTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\xampp\filezillaftp\filezillaserver.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm1 2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Radamanthys\My Documents\Eliminar w32\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 200.38.67.37:2301
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\system32\CePMTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\filezillaftp\filezillaserver.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm1 2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Aqui despues pongo el otro reporte:

---------------------------------------------------------
AVG Anti-Spyware - Informe del análisis
---------------------------------------------------------

+ Creado en: 11:32:17 p.m. 27/02/2007

+ Resultado del análisis:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Limpios.
C:\WINDOWS\system32\vxga3me2.exe -> Downloader.Small : Limpios.
C:\WINDOWS\system32\vxga4m1et4.exe -> Downloader.Small : Limpios.
C:\WINDOWS\system32\acctresb.dll -> Downloader.Small.ddp : Limpios.
C:\WINDOWS\system32\adsnwv.dll -> Downloader.Small.ddp : Limpios.
C:\WINDOWS\system32\bitsprx2s.dll -> Downloader.Small.ddp : Limpios.
C:\WINDOWS\system32\cdmodems.dll -> Downloader.Small.ddp : Limpios.
C:\WINDOWS\system32\cnetcfgv.dll -> Downloader.Small.ddp : Limpios.
C:\WINDOWS\system32\colbactv.dll -> Downloader.Small.ddp : Limpios.
C:\Documents and Settings\Radamanthys\Cookies\radamanthys@partygami ng.122.2o7[1].txt -> TrackingCookie.2o7 : Limpios.
C:\Documents and Settings\Radamanthys\Cookies\radamanthys@adbrite[1].txt -> TrackingCookie.Adbrite : Limpios.
C:\Documents and Settings\Radamanthys\Cookies\radamanthys@www.burst net[2].txt -> TrackingCookie.Burstnet : Limpios.
C:\Documents and Settings\Radamanthys\Cookies\radamanthys@cz7.click zs[2].txt -> TrackingCookie.Clickzs : Limpios.
C:\Documents and Settings\Radamanthys\Cookies\radamanthys@tribalfus ion[1].txt -> TrackingCookie.Tribalfusion : Limpios.


::Fin del informe


Saludos =)

Hola

El log esta mucho mas limpio

El AVG Anti-Spyware elimino varios archivos nocivos

1.- Desactiva Restaurar Sistema

2.- Reinicia el pc en Modo a Prueba de Fallos

3.- Cierra todos los programas, luego ejecuta el HijackThis, marca y les das "Fix Checked" a las siguientes entradas:

O20 - Winlogon Notify: A3dxq - C:\WINDOWS\

4.- Utiliza la herramienta LSP-Fix, para que repares las entradas 010, coloca en Remove el siguiente archivo:

c:\windows\system32\msnetax.dll

5.- Busca y elimina este archivo, en caso de que no lo puedas eliminar utilizas la herramienta FileASSASSIN

c:\windows\system32\msnetax.dll

Nota* Al terminar vuelve a activar restaurar sistema

Luego me cuentas como va el problema y pegas un nuevo log de HijackThis

salu2

Ya no he tenido problemas con el msnetax.dll, pero ahora quisiera saber si conocen o me pueden ayudar con un archivo que se llama TOTOUR.EXE por mas que trato de eliminarlo siempre vuelve a aparecer en mi sistema.

Saludos, y gracias por la anterior ayuda.

Saludos Oscar

Hola Oscar

TOTOUR.EXE y msnetax.dll son parte del mismo malware

Si TOTOUR.EXE esta en la siguiente ubicación, lo puedes eliminar sin problema con FileASSASSIN

C:\WINDOWS\system32\TOTOUR.EXE

Ahora, antes de eliminar el archivo, para verificar que no hayan otros archivos nocivos, haz lo siguiente:

1.- Desactiva Restaurar Sistema

2.- Utiliza el Ccleaner - Manual para eliminar las cookies y temporales

3.- Utiliza el Regseeker - Manual para limpiar el registro

4.- Analiza el sistema con Kaspersky online - Manual y con Ewido Online - Manual

Luego pegas ambos reportes online

salu2