hola amigos necesito ayuda
me pasa de todo la dichosa (about:blank,mensajes de error y search the web )
Logfile of HijackThis v1.99.1
Scan saved at 17:46:50, on 19/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\sdkpy32.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\crvz32.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jose\Escritorio\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)
O2 - BHO: (no name) - {66A15FEE-5E94-86FB-0CE6-EC4939529CDA} - C:\WINDOWS\msuz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [crvz32.exe] C:\WINDOWS\crvz32.exe
O4 - HKLM\..\RunOnce: [sdkpy32.exe] C:\WINDOWS\system32\sdkpy32.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Workstation NetLogon Service (�%AF夶À¨) - Unknown owner - C:\WINDOWS\winkg32.exe (file missing)

1 - Apaga "Restaurar Sistema": http://www.forospyware.com/showpost....45&postcount=2

Emplea la herramienta "TZ-Kill.inf": http://www.forospyware.com/showpost....50&postcount=7 y elimina:

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

2 - Con todos los programas cerrados, ejecuta HijackThis, marca las siguientes entradas y haces FIX:

C:\WINDOWS\system32\sdkpy32.exe

C:\WINDOWS\crvz32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vhifx.dll/sp.html#12345

R3 - Default URLSearchHook is missing

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)

O2 - BHO: (no name) - {66A15FEE-5E94-86FB-0CE6-EC4939529CDA} - C:\WINDOWS\msuz.dll

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [crvz32.exe] C:\WINDOWS\crvz32.exe

O4 - HKLM\..\RunOnce: [sdkpy32.exe] C:\WINDOWS\system32\sdkpy32.exe

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)

O23 - Service: Workstation NetLogon Service (�%AF夶À¨) - Unknown owner - C:\WINDOWS\winkg32.exe (file missing)

Estas dos sólo en caso de que no correspondan con tus DNS:
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)

3 - Luego limpia el registro con un programa como RegSeeker por ejemplo: http://www.infospyware.com/Herramientas.htm

Borra los siguientes ficheros:

C:\WINDOWS\system32\sdkpy32.exe
C:\WINDOWS\crvz32.exe
y la carpeta:
C:\WINDOWS\isrvs

4 - Usa el Disk Cleaner para limpiar cookies y temporales: http://www.infospyware.com/Herramientas.htm

5 - Reinicia en "Modo a prueba de fallos" o "Modo seguro" y escanea el equipo con Ad-Aware SE y Spybot Search&Destroy.

6 - Reinicia y nos cuentas los resultados.

Suerte.

Me sigue saliendo todo y eso qe he seguido todos los pasos qe me indicas
La carpeta C:\WINDOWS\isrvs no se deja borrar y selecciono todas las entradas del HijackThis, y pincho fix cheked y al volver ha ejecutar el programa me vuelven ha salir casi todas las entradas
En fin hay va mi long

Scan saved at 1:56:56, on 20/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\apphc32.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\msdy32.exe
C:\WINDOWS\System32\sm.exe
C:\WINDOWS\System32\patnfiles.exe
C:\WINDOWS\System32\oakgman.exe
C:\DOCUME~1\jose\CONFIG~1\Temp\5.tmp
C:\Archivos de programa\mkc001\mkc001.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\metro.exe
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\jose\Escritorio\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
O2 - BHO: (no name) - {CFBA6A8B-141A-EFF7-2284-53A16D783BE4} - C:\WINDOWS\system32\d3qb32.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msdy32.exe] C:\WINDOWS\system32\msdy32.exe
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKLM\..\Run: [pF6f35h] patnfiles.exe
O4 - HKLM\..\Run: [antiware] c:\windows\system32\eliteapm32.exe
O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\jose\CONFIG~1\Temp\5.tmp.exe 2 10001
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\RunOnce: [apphc32.exe] C:\WINDOWS\system32\apphc32.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKCU\..\Run: [YoppRRNEU] oakgman.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/esw/games4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

Hola :dedosarri

•» Descarga el Disk Cleaner

•» Desactiva la opcion de Restaurar Sistema, una vez limpio la puedes volver a activar.
•» Asegura que tu sistema Muestre los archivos y carpetas ocultos
•» Reinicia en modo a prueba de fallos
•» Ejecuta el HijackThis
•» Selecciona las siguientes entradas y dale en Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ktuxk.dll/sp.html#12345

R3 - Default URLSearchHook is missing

F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - (no file)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\boln.dll
O2 - BHO: (no name) - {CFBA6A8B-141A-EFF7-2284-53A16D783BE4} - C:\WINDOWS\system32\d3qb32.dll

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [msdy32.exe] C:\WINDOWS\system32\msdy32.exe
O4 - HKLM\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKLM\..\Run: [pF6f35h] patnfiles.exe
O4 - HKLM\..\Run: [antiware] c:\windows\system32\eliteapm32.exe
O4 - HKLM\..\Run: [5.tmp] C:\DOCUME~1\jose\CONFIG~1\Temp\5.tmp.exe 2 10001
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\RunOnce: [apphc32.exe] C:\WINDOWS\system32\apphc32.exe
O4 - HKCU\..\Run: [Web Service] C:\WINDOWS\System32\sm.exe
O4 - HKCU\..\Run: [YoppRRNEU] oakgman.exe

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/esw/games4.cab

•» Busca y elimina lo siguiente:

C:\WINDOWS\System32\soft.exe
C:\WINDOWS\System32\boln.dll
C:\WINDOWS\system32\d3qb32.dll
C:\WINDOWS\isrvs\
C:\WINDOWS\system32\msdy32.exe
C:\WINDOWS\System32\sm.exe
patnfiles.exe
c:\windows\system32\eliteapm32.exe
C:\WINDOWS\system32\apphc32.exe
C:\WINDOWS\System32\sm.exe
oakgman.exe

•» Limpia la papelera
•» Reinicia normalmente
•» Utiliza el Disk Cleaner para eliminar todos los archivos temporales de tu sistema
•» Toma otro log del HijackThis y dejalo aqui

Saludos

Hola angelduciel
he seguido los pasos ke me has dicho y he podido quitar algunos archivos y otros no los he encontrado
este es mi long
Logfile of HijackThis v1.99.1
Scan saved at 23:59:35, on 21/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\d3bz.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Archivos de programa\D-Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\brloosz.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\FSScrCtl.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\apper32.exe
C:\Documents and Settings\jose\Escritorio\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\expqe.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F22B79FB-1D55-C94F-4938-EAA13A2FB4ED} - C:\WINDOWS\d3yl.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\ARCHIV~1\YOURSI~1\ysb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [apper32.exe] C:\WINDOWS\system32\apper32.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\se.dll,DllInstall
O4 - HKLM\..\Run: [IST Service] C:\Archivos de programa\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\archivos de programa\180solutions\sais.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Archivos de programa\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\RunOnce: [d3bz.exe] C:\WINDOWS\system32\d3bz.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\brloosz.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Archivos de programa\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Filter: text/html - {65225307-EF13-4E9A-84BB-E7364A7AC3F7} - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Helper (�%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\iewf32.exe (file missing)