Hola a todos, como la mayoria de los que estamos pidiendo ayuda, no se mucho de como eliminar los malditos virus, necesito su ayuda aqui dejo mi log de hijackthis, gracias de antemano.


Logfile of HijackThis v1.99.1
Scan saved at 08:04:02 a.m., on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.105.1.247:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33782E86-1F29-435C-A103-B05FF717EA32} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0351606-A37E-46CE-9BCB-17BAF714A73D} - C:\WINDOWS\system32\efcawwv.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mfxldajr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\bcxaahgq.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176832227639
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD18A8-B276-41DC-8133-F706F0B3FAB9}: Domain = intranet.telmex.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD18A8-B276-41DC-8133-F706F0B3FAB9}: NameServer = 10.192.10.1,10.106.10.1
O20 - Winlogon Notify: efcawwv - C:\WINDOWS\SYSTEM32\efcawwv.dll
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Descarga DelPSGuard v 4.5.0 pero no lo ejecutes aún.

Sigue estos pasos:

1) Apaga Restaurar Sistema

2) Ver archivos ocultos

3) Reinicia a prueba de fallos

4) Ejecuta HijackThis con todos los programas cerrados y dale Fix checked a:

O2 - BHO: (no name) - {33782E86-1F29-435C-A103-B05FF717EA32} - C:\WINDOWS\system32\jkhff.dll

O2 - BHO: (no name) - {B0351606-A37E-46CE-9BCB-17BAF714A73D} - C:\WINDOWS\system32\efcawwv.dll

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mfxldajr.dll (file missing)

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\bcxaahgq.dll",realset

O20 - Winlogon Notify: efcawwv - C:\WINDOWS\SYSTEM32\efcawwv.dll

O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

5) Busca y elimina estos archivos y/o carpetas con todo su contenido:

C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\efcawwv.dll
C:\WINDOWS\system32\mfxldajr.dll
C:\WINDOWS\system32\bcxaahgq.dll

Para archivos que no se dejen eliminar usa KillBox

6) En modo seguro o a prueba de fallos, ejecuta DelPSGuard y guarda el reporte que te genere.

7) Reinicia normal y sigue estos pasos para "Eliminar Vundo"

Vuelve a reiniciar, deshaz los cambios 1) y 2) y nos cuentas los resultados.

Deja un nuevo log y el reporte de DelPSGuard y de VundoFix.

Saludos

jereque gracias por tu ayuda
te comento que he seguido los pasos indicados, pero en el paso 4 ejecuta hijackthis y dale fixchecked a:

O2 - BHO: (no name) - {33782E86-1F29-435C-A103-B05FF717EA32} - C:\WINDOWS\system32\jkhff.dll

O2 - BHO: (no name) - {B0351606-A37E-46CE-9BCB-17BAF714A73D} - C:\WINDOWS\system32\efcawwv.dll

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mfxldajr.dll (file missing)

O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\bcxaahgq.dll",realset

O20 - Winlogon Notify: efcawwv - C:\WINDOWS\SYSTEM32\efcawwv.dll

O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

estos ya no aparecen cuando le corro el hijackthis

y en el siguiente paso el killbox no puede eliminar el archivo C:\WINDOWS\system32\jkhff.dll

aqui dejo nuevamente mi log ojala me puedas ayudar gracias de antemano

Logfile of HijackThis v1.99.1
Scan saved at 11:33:45 a.m., on 09/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.105.1.247:80
O2 - BHO: (no name) - {008B59A0-9C1B-4BDA-A4C6-F2EDC6E4E8A7} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0351606-A37E-46CE-9BCB-17BAF714A73D} - C:\WINDOWS\system32\efcawwv.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\mfxldajr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\bqfunalm.dll",realset
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\bcxaahgq.dll",realset
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176832227639
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mapinfo.webex.com/client/T25L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD18A8-B276-41DC-8133-F706F0B3FAB9}: Domain = intranet.telmex.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD18A8-B276-41DC-8133-F706F0B3FAB9}: NameServer = 10.192.10.1,10.106.10.1
O20 - Winlogon Notify: efcawwv - efcawwv.dll (file missing)
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Saludos