he leido mucho aqui, y he decidido el trato personalizado.
He usado avg antispyware y creí ver la luz pues encontrño 200 cosas que eiminé, he usado el spysweper,el superspyware o algo asi, a parte soy asiduo de ccleaner, spybot search and destroy y ad aware lavasoft, tengo nod32.
y no se que mas leñe hacer!
he probado vundofix, ..etc..
aunke quiza lo hago mal, que esa es otra.
creo que lo que debo de hacer es pegar el log de hijastrick.no?
----
yo uso mozilla aunque mi mujer explorer ( no comment)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:41:36, on 01/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\noe\Escritorio\dowload universal share\VundoFix.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\noe\Escritorio\dowload universal share\HiJackThis_v2.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Archivos de programa\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Archivos de programa\Bit Lord 1.1\BitLord.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Acceso directo a Conexión ADSL AIM.lnk = ?
O4 - Startup: firefox.lnk = ?
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {08EC5265-BFFB-48C1-8B3B-B96B19921616} (ReveladoOnline Control) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{83C27BA1-95FC-4A00-A8CF-FB0BFBCA7868}: NameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{E94462DE-39C0-4567-AD46-41003A9BC334}: NameServer = 213.176.161.16,213.176.161.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\noe\CONFIG~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Servicio del iPod (iPod Service) - Unknown owner - C:\Archivos de programa\iPod\bin\iPodService.exe (file missing)
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 8694 bytes
-
help me please!!!---
[07/01/2007, 3:37:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\noe\Escritorio\dowload universal share\VirtumundoBeGone.exe" )
[07/01/2007, 3:37:40] - Detected System Information:
[07/01/2007, 3:37:40] - Windows Version: 5.1.2600, Service Pack 2
[07/01/2007, 3:37:40] - Current Username: noe (Admin)
[07/01/2007, 3:37:40] - Windows is in NORMAL mode.
[07/01/2007, 3:37:40] - Searching for Browser Helper Objects:
[07/01/2007, 3:37:40] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/01/2007, 3:37:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/01/2007, 3:37:41] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/01/2007, 3:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/01/2007, 3:37:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/01/2007, 3:37:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/01/2007, 3:37:41] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/01/2007, 3:37:41] - Finished Searching Browser Helper Objects
[07/01/2007, 3:37:41] - Finishing up...
[07/01/2007, 3:37:41] - Nothing found! Exiting...
--
le pasé kapersky, decia que tenia virus, pero me siguen sltando las ventas.. ayudaaaaaa!!!
Monday, July 02, 2007 7:57:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/07/2007
Kaspersky Anti-Virus database records: 356297
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 54014
Number of viruses found 2
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 01:35:04
Infected Object Name Virus Name Last Action
C:\Archivos de programa\Bit Lord 1.1\Downloads\Como Conoci A Vuestra Madre - 122 - Vamos [SATRIP][Fin Temporada][
C:\Archivos de programa\eMule\Temp\005.part Object is locked skipped
C:\Archivos de programa\eMule\Temp\013.part Object is locked skipped
C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked skipped
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked skipped
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \Cache\CF3B4D73d01 Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Historial\History.IE5\MSHist0120070701200707 02\index.dat Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Temp\IH167A.tmp Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Temp\IHAB5.tmp Object is locked skipped
C:\Documents and Settings\noe\Configuración local\Temp\Perflib_Perfdata_5a8.dat Object is locked skipped
C:\Documents and Settings\noe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \cert8.db Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \formhistory.dat Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \history.dat Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \key3.db Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \parent.lock Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \search.sqlite Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\Mozilla\Firefox\Profiles\8f7hlriu.default \urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\noe\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SUP ERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\noe\Escritorio\traveler.106-caph.subtitulado.Esp.avi.part Object is locked skipped
C:\Documents and Settings\noe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\noe\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{418669B8-C989-4677-8EC5-001C4C577D41}\RP219\A0029541.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{418669B8-C989-4677-8EC5-001C4C577D41}\RP219\A0029542.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{418669B8-C989-4677-8EC5-001C4C577D41}\RP219\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C688D3 35-FBCB-4BC2-ABE1-69CE6FEB8953}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bootini.exe Infected: Trojan-Downloader.Win32.VB.ne skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Las ventanas siguen saliendo, netfilia (que me redirecciona) y ahora, cachondeito, me sltan falsas ventanas de antispyware!!! grrrrr
msc hotline sat Virus Research Engineer