Me mandaron para aca mi problema es el siguiente

Le pase el avg y me detecto algo alto le di eliminar luego le pase el bitdefender y me di cuenta que a varios no lo pudo eliminar, que puedo hacer para borrar eso, es peligroso???

estoy sin antivirus asi que espero una solucion sin antivirus... gracias



tambien cada vez que me conecto que abro el ie me sale una ventana con esta dirrecion http://www.6969669.com/search.asp?id=&web=yahoo.com si abro yahoo sale eso si abro hotmail pues sale al final de la pagina web=hotmail etc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:08:38 p.m., on 09/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Uninstall Information\ccici.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\inf\svchost.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [asccic] c:\program files\uninstall information\ccici.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O17 - HKLM\System\CS2\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\Windows\system32\lxcgcoms.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7166 bytes

ya actualize

ya limpie todo con el ccleaner

ya borre los archivos temporales d java

borre algunos ya q no me dejo borrarlos todos los archivos temporales

el Avg no encontro nada, ya que a pasado mas de una semana que ya se lo habia pasado. y no encotnre informe para poner aca.

el scan online le pase el bitdefender y puse la foto de lo que encontro en el primer mensaje, voy a ver cual otro le paso para poner el informe.

le pase el scan online ewido y encontro eso y le di deleted


__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Atdmt
Path: C:\Users\Jessiem\AppData\Roaming\Microsoft\Windows\Cookies\jessiem[arroba]atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: C:\Users\Jessiem\AppData\Roaming\Microsoft\Windows\Cookies\jessiem[arroba]realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Users\Jessiem\AppData\Roaming\Microsoft\Windows\Cookies\jessiem[arroba]ssl-hints.netflame[2].txt
Risk: Medium

Aqui el log d nuevo



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:21 p.m., on 09/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Uninstall Information\ccici.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\inf\svchost.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [asccic] c:\program files\uninstall information\ccici.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [systems] c:\windows\inf\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O17 - HKLM\System\CS2\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\Windows\system32\lxcgcoms.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7264 bytes

Baja este programa:
Dr.Web CureIt
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doble click en drweb-cureit.exe
Clic en Star para que comience el scaneo
Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido
Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…
Cuando ese scan termine haz clic en Options > Change settings
Elige la solapa Scan y destildas "Heuristic analysis".
Ahora vuelve a la ventana principal y eliges los discos a scanear:
elige “All Drives”,un punto rojo te indica cuales elegiste
Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo
Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos
Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable
Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.
Ahora en el Menu principal clic en File y elige save report list
Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)
Cierra el programa
Nos cuentas
Salu2

ok guarde el report pero no me deja abrirlo aqui pongo la foto

Renombra el Hijackthis

Existe probablemente una infección que se está escondiendo parte del registro de HijackThis, ya que es llamado hijackthis.exe.
Por favor renombra el hijackthis.exe a goodscanner.exe
Luego ejecuta el HJTs, click en el botón Do a system scan and save a logfile y pegas en tu próxima respuesta el log que este te genere.

Un Saludo

no se donde era que tenia que cambiarle el nombre asi que abri C:\ los programas y busque el programa y donde decia hijackthis le puse goodscanner.exe
no se si esa era la manera
aqui el log, (disculpen mi ignorancia sino era asi espero me expliquen y diasculpen)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47:01 p.m., on 10/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\goodscanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{048CEB56-2075-46FA-ADE3-349B70FBB633}: NameServer = 68.28.250.92 68.28.242.91
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\Windows\system32\lxcgcoms.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6938 bytes

El log esta limpio, dinos como va el pc.

Un Saludo

ComboFix 08-05-09.1 - Jessiem 2008-05-10 15:50:48.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.3082.18.134 [GMT -7:00]Se ejecuta desde: C:\Users\Jessiem\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\cfg32r.dll
C:\Windows\cfg32s.dll
C:\Windows\cs_cache.ini
C:\Windows\dat.txt
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\inf\svchost.exe
C:\Windows\system32\o06PrEz
C:\Windows\system32\S0
C:\Windows\system32\S1
C:\Windows\system32\S4
C:\Windows\system32\S6
C:\Windows\system32\S7
C:\Windows\system32\win
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TNIDRIVER


(((((((((((((((((( Archivos creados desde 2008-04-10 - 2008-05-10 )))))))))))))))))))))))))))))))))
.

Ning£n archivo ha sido creado durante este intervalo de tiempo

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 00:07 --------- d-----w C:\Program Files\Trend Micro
2008-05-09 13:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-09 13:10 74,653,651 ----a-w C:\Windows\DUMP44d9.tmp
2008-05-09 13:10 --------- d-----w C:\Program Files\Windows Mail
2008-05-09 13:10 --------- d-----w C:\Program Files\Windows Calendar
2008-05-09 12:36 82,341,843 ----a-w C:\Windows\DUMP41ac.tmp
2008-05-01 05:31 --------- d-----w C:\Program Files\LimeWire
2008-05-01 02:54 --------- d-----w C:\Users\Jessiem\AppData\Roaming\LimeWire
2008-04-23 03:00 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-18 07:38 --------- d-----w C:\Program Files\CamStudio
2008-04-11 07:03 --------- d-----w C:\Program Files\Xara
2008-04-05 05:47 --------- d-----w C:\Users\Jessiem\AppData\Roaming\Grisoft
2008-03-20 17:31 --------- d-----w C:\ProgramData\Zylom
2008-03-15 05:55 --------- d-----w C:\Users\Jessiem\AppData\Roaming\U3
2008-03-14 21:25 --------- d-----w C:\Program Files\Java
2007-10-01 21:57 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-10-05 00:42 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{32928462-6441-4F84-83D9-4872A51ACAFA}C:\\program files\\kaspersky lab\\kaspersky anti-virus 6.0\\avp.exe"= UDP:C:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe:Kaspersky Anti-Virus
"UDP Query User{8366955E-37F2-49B6-8293-549702B7EFC4}C:\\program files\\kaspersky lab\\kaspersky anti-virus 6.0\\avp.exe"= TCP:C:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe:Kaspersky Anti-Virus
"{8372A07C-C88C-410E-B8FA-95CF1E480BA7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{1C001ED0-D973-4EC2-84B1-512D3E396AC6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C66518A6-BF31-43E2-BA43-4B5AB4D0FAD9}C:\\program files\\yahoo! games\\yahoo! ten pin championship bowling\\yahoo ten pin championship bowling.exe"= UDP:C:\program files\yahoo! games\yahoo! ten pin championship bowling\yahoo ten pin championship bowling.exe:Skyworks Ten Pin Championship Bowling
"UDP Query User{2C5C540C-D404-469F-B9B2-C610CAACBD0D}C:\\program files\\yahoo! games\\yahoo! ten pin championship bowling\\yahoo ten pin championship bowling.exe"= TCP:C:\program files\yahoo! games\yahoo! ten pin championship bowling\yahoo ten pin championship bowling.exe:Skyworks Ten Pin Championship Bowling
"{CADD3FF7-D782-4C62-BF39-873151DA9F7D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8242658C-FA50-4572-B0CA-F0039166F2C1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EFD7EA95-ECBC-482D-88C8-FA3683DD3EA4}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{723EBFE4-26B3-4820-BB85-C7A99902CA60}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{F9B75228-6F49-48D6-ACD8-87B6495AEBAB}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{97D48971-F389-4021-9AE2-C0C31DF6EDF8}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{A2E606E3-190B-495D-B2BC-73FCD4122D95}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{82FE707C-23DF-48A6-9BB4-0AAB7B454200}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"{5DFACC57-F6EE-41FE-B00D-5C08A5642524}"= UDP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{2E15BE23-C8B1-4839-BF31-71D019BF5565}"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{9A04F012-7E10-4CB1-8B0C-525064361398}"= UDP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{BCF89A14-CB79-46C1-B6AD-657175FE85B9}"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{69728AC0-55B8-4BB3-8578-CBEC08C8F621}"= UDP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{B7A89305-3BAE-4B54-A29E-0B099CBBBF3F}"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"{124399F6-1337-49EA-9BA6-8C11CFEB4D22}"= Disabled:UDP:C:\Windows\System32\lxcgcoms.exe:2300 Series
"{6E4C2423-FCBF-4486-92B4-E09060188DA7}"= Disabled:TCP:C:\Windows\System32\lxcgcoms.exe:2300 Series

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13e6c64e-e8a8-11dc-a9b5-bf8637c71753}]
\shell\AutoRun\command - J:\kypdcrkh.exe
\shell\explore\Command - J:\kypdcrkh.exe
\shell\open\Command - J:\kypdcrkh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73777684-bb11-11dc-acba-a8c96a822d8c}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{971a3ffa-ea80-11db-b30a-806e6f6e6963}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc69e0c8-16f0-11dd-9cb7-c7adb9ad4799}]
\shell\AutoRun\command - J:\fadqhvul.exe
\shell\explore\Command - J:\fadqhvul.exe
\shell\open\Command - J:\fadqhvul.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d01e391b-0895-11dc-9649-0013d4e77f78}]
\shell\AutoRun\command - J:\sgdrcsjf.exe
\shell\explore\Command - J:\sgdrcsjf.exe
\shell\open\Command - J:\sgdrcsjf.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 16:02:14
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Tiempo completado: 2008-05-10 16:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 23:20:12

El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
El sistema no puede encontrar el texto del mensaje para el mensaje n£mero 0x2379 en el archivo de mensajes para Application.

141 --- E O F --- 2008-05-10 01:24:50

pues acabo de entrar al ie y no salio la pagina que les habia comentado al parecer anda todo bien
gracias por su ayuda se los agradesco mucho

Tus memorias USB o Pendrives estan infectadas, instala, actualiza y ejecuta en ellas:

MX ONE 3.5


Un Saludo