Aqui lez dejo mi log>

Logfile of HijackThis v1.99.0
Scan saved at 오후 7:15:08, on 2005-09-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\System32\pctspk.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\DWDoumi.exe
D:\Program Files\CA-80U\ADSL\CnxDslTb1.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\WinRAR\WinRAR.exe
C:\KBS\Setups\HijackThis\HijackThis.exe

R3 - URLSearchHook: DNURLPlugIn Class - {183D5161-0C62-4295-896C-44E7442CD6F2} - D:\WINDOWS\system32\DIGITA~4.DLL
R3 - URLSearchHook: (no name) - ~{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - ~{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: DNURLPlugIn Class - {183D5161-0C62-4295-896C-44E7442CD6F2} - D:\WINDOWS\system32\DIGITA~4.DLL
O2 - BHO: (no name) - ~{183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - ~{C0E01570-C11B-37D7-26D8-2698281496F0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 드림위즈 툴바 - {5258771B-ACBE-4974-8ABC-AE4969A2A5CD} - D:\WINDOWS\System32\dwtbar.dll
O3 - Toolbar: 라디오(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - D:\Program Files\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] D:\Program Files\CA-80U\ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Ink Monitor] D:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Plus user memo download] D:\Documents and Settings\All Users\Application Data\RemotePokePlusUser\16 chin.exe
O4 - HKLM\..\Run: [dgtstart] dgtstart.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [that shim title bin] D:\Documents and Settings\All Users\Application Data\Five poll that shim\Rect type.exe
O4 - HKCU\..\Run: [dwdoumi] D:\WINDOWS\System32\DWDoumi.exe
O4 - HKCU\..\Run: [netpiadw] D:\Program Files\DreamWiz\doumi\netpiadw.exe
O4 - HKCU\..\Run: [SayclubTachy] C:\Program files\NeoWiz\Tachy\TachyStart.exe
O4 - HKCU\..\Run: [1 RULE] D:\DOCUME~1\Kang\APPLIC~1\BROWSE~1\Bore plan.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: 드림위즈 검색 - http://search.dreamwiz.com/qsearch/qsearch.html
O8 - Extra context menu item: 드림위즈 메일로 보내기 - http://search.dreamwiz.com/qsearch/qmail.html
O8 - Extra context menu item: 드림위즈 북마크하기 - http://search.dreamwiz.com/qsearch/qbookmark.html
O8 - Extra context menu item: 드림위즈 스크랩하기 - http://search.dreamwiz.com/qsearch/qscrap.html
O8 - Extra context menu item: 드림위즈 실시간뉴스 검색 - http://search.dreamwiz.com/qsearch/qnews.html
O8 - Extra context menu item: 드림위즈 영한/한영사전 검색 - http://search.dreamwiz.com/qsearch/qengdic.html
O8 - Extra context menu item: 드림위즈 한국어사전 검색 - http://search.dreamwiz.com/qsearch/qdic.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 컴내꺼 [넷하드] - javascript:window.open("http://www.com.ne.kr/", "_blank", "");
O9 - Extra button: 프린트 - {3B822005-F96F-4CC6-A8A8-64CC252E8F08} - D:\WINDOWS\System32\dwtbar.dll
O9 - Extra button: 새창 - {97AAD984-7BE9-409A-B1B7-DE2C3396F7A0} - D:\WINDOWS\System32\dwtbar.dll
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\pspa-18primaveras\local.htm (file missing)
O9 - Extra button: 툴바 - {DAF5664C-72D2-432B-A5FD-F4EF445F5073} - D:\WINDOWS\System32\dwtbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab
O16 - DPF: {0209E661-80E5-4F94-B479-F559721014DA} (Prjgame.GameExe) - http://www.skylove.com/skygame/download/skygame.CAB
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - http://img.telec.co.kr/file/trustsitex/trustsitex.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {214554E7-6F11-4937-8F49-BB2ACC84CE4D} (CncYKChat Control) - http://kr.chat.yahoo.com/N/APP/CncYKChat.cab
O16 - DPF: {240F0899-15BB-49AE-B820-62CEB9116C0F} (SkyCom Control) - http://www.skylove.com/connect/skycom.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040625.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D4A8ABA-90AF-4918-8AE2-A92D87348B03} (Prjgame.GameExe) - http://skygame.skylove.com/download/skygame.CAB
O16 - DPF: {2F0692E0-771E-41EE-8CC2-4A8D8CCA357F} (Checker Control) - http://connect1.skylove.com/connect/checker.cab
O16 - DPF: {37FC498F-6176-40B3-9421-D38FA01FA6AB} (XNMStarter Control) - http://ufile.mym.net/ActiveX/mymstarter/My...rterInstall.CAB
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {5373CE59-8BB8-45DF-96FB-7DC2F668D674} (P3BugsCtrl Class) - http://player.bugs.co.kr/player/cab/bugsmedia.cab
O16 - DPF: {55CE0824-B8F3-4E6A-9797-17FDA555A8E5} (KvpTopd Control) - http://www.vpay.co.kr/KvpTPd.cab
O16 - DPF: {5AA3139C-2579-407E-B74D-742D709C16CE} (DaumGameStarter Control) - http://211.172.252.226/Launcher/DaumGameStarter.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {60B33001-5F10-4A94-A7E4-77A3D8F5C78E} (OnAirClient Control) - http://ionair.sbs.co.kr/onair/OnAirClient.cab
O16 - DPF: {642BA26B-F76D-4E0D-8421-B24CA1A82EF0} (ChatClubYahoo Control) - http://kr.talk.club.yahoo.com/OPI/ChatClubYahoo.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://www.seevideo.co.kr/pub/seevideo2003/svporsche.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://down.hangame.com/vod/turbois9.cab
O16 - DPF: {7A43F370-05A1-40E3-8C2F-FF83D0768D46} (dmcco Class) - http://cafefiles2.hanmail.net/dmcc.cab
O16 - DPF: {7DC58032-60EE-41E0-84DA-77BFFE156B91} (KcpPayAtx Control) - https://secure.kcp.co.kr/webpay/ISP/KcpPayAtx.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs/MyTVInstaller.cab
O16 - DPF: {814F8226-7A77-4651-8026-B56F4DF13D2C} (SayClub & JukeOn Music Player Control) - http://dl.jukeon.com/jukeon2/p3ed.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {90231C0E-765E-4429-8F70-F4E9A0F8D358} (P3Maxmp3 Class) - http://www.maxmp3.co.kr/use/juke/p2p_playe...40524/p3max.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} (btpgClientCM Class) - https://pg.banktown.com/wallet/plugin/ibtpgClientCM.cab
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://download.netmarble.com/nProtect/npkx/npkxsite.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {9C23D13E-E310-4E25-A8FC-D704B833BB57} (SayClub Playroom Control) - http://dl.sayclub.com/sayclub/sayctl/PrCtl.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdf8106/kdfense8.cab
O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AE4454BD-04EC-4DB0-9BBF-29B32255E69D} (XBugsChat Control) - http://chatbeta.bugs.co.kr/download/XBugsChat.cab
O16 - DPF: {B0A02AAB-94AB-4190-92E2-429B5AC75F50} (download Class) - http://dl.sayclub.com/tachy/dltachy.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {BAE923B7-8344-485E-B82D-82402F30B019} (DaumImageCtl Class) - http://pimg.hanmail.net/tv/cabs/DaImage.cab
O16 - DPF: {C1DF3FF8-4DA4-4168-97BF-A706A5D51985} (SVJukeOn Control) - http://jukeon.dl.sayclub.co.kr/jukeon/svjukeon.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {E08E0CF9-391D-420E-9B67-029DE4DF2DA8} (AOT.AlwaysOnTop) - http://www.ytn.co.kr/main/DigitalYTN.CAB
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab
O16 - DPF: {E4972AF4-E211-49B9-9267-C693E521AEF0} - http://211.172.252.226/launcher/DaumGame_Linkman.cab
O16 - DPF: {E8A22C88-4596-42EE-A8A6-BBD31EF01E5B} (MeinCam Control) - http://www.meincam.com/application/MeinCam.cab
O16 - DPF: {ED9A7BAD-3BC6-4C4A-AB38-DF210C065482} (AtxCardKorea Class) - http://www.cardkorea.com/cardkorea.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6012003C-1C5E-4383-8B8F-7636B9F02BA5}: NameServer = 200.45.191.35 200.45.191.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{6012003C-1C5E-4383-8B8F-7636B9F02BA5}: NameServer = 200.45.191.35 200.45.191.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{6012003C-1C5E-4383-8B8F-7636B9F02BA5}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Daum - Unknown - D:\Program Files\VPower\PCZiggyV4\Daum\PZServiceNt.exe
O23 - Service: MonSvcNT - AhnLab, Inc. - D:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Pasar un buen antivirus on line, luego ejecuta el AdAware Se o el Microsoft Antispyware (actualizados), para luego pegar un nuevo log.
Y el Disk Cleaner para borrar:
Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc.
disk cleaner
http://www.trucoswindows.net/downloadview-details-110-Disk_Cleaner_1.5.5.html
Antivirus on line:
http://housecall.trendmicro.com/
http://www.pandasoftware.com/products/acti...n_principal.htm
http://www.avast.com/eng/down_cleaner.html
http://www.kaspersky.com/beta?product=161744315
http://www.bitdefender.com/scan8/
http://www.ravantivirus.com/scan/
http://www.windowsecurity.com/trojanscan/
Bajar AdAwareSe 1.06 :
http://www.trucoswindows.net/detalles-59-a...rsonal_106.html
Bajar Microsoft Antispyware:
http://microsoft-antispyware.uptodown.com/
Bajar ewido security suite:
http://www.ewido.net/en/download/
Actualizarlo acá :
http://www.ewido.net/en/download/updates/

configurarlo así:

• During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen
You will need to update ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
• Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
• Click on scanner
• Make sure the following boxes are checked before scanning:
o Binder
o Crypter
o Archives
• Click on Start Scan
• Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report
• Save the report to your desktop

limpias con este programa, reinicias y pon el reporte de éste y un nuevo log del hijack
Salu2
Caito

Gracias por la info Caito... Hize todo y aca esta lo siguiente

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 오전 3:32:42, 2005-09-11
+ Report-Checksum: BC2BCC8A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{183D5161-0C62-4295-896C-44E7442CD6F2} -> Spyware.DigitalNames : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} -> Spyware.NProtect : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F426A93-0821-47D2-A126-5A48A874B289} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} -> Spyware.NProtect : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{183D5161-0C62-4295-896C-44E7442CD6F2} -> Spyware.DigitalNames : Cleaned with backup
HKU\S-1-5-21-1708537768-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{183D5161-0C62-4295-896C-44E7442CD6F2} -> Spyware.DigitalNames : Cleaned with backup
HKU\S-1-5-21-1708537768-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup
[1700] D:\WINDOWS\System32\DGTNMRES.DLL -> Spyware.DigitalNames : Error during cleaning
[2008] D:\WINDOWS\System32\DGTNMRES.DLL -> Spyware.DigitalNames : Error during cleaning
[2840] D:\WINDOWS\System32\MACHDSDK.DLL -> Spyware.DigitalNames : Error during cleaning
C:\KBS\Programs\Bearshare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
D:\Documents and Settings\Kang\Cookies\kang@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
D:\Documents and Settings\Kang\Cookies\kang@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
D:\WINDOWS\system32\enkeyres.dll -> Spyware.DigitalNames : Cleaned with backup
D:\WINDOWS\system32\__delete_on_reboot__DGTNMRES.DLL -> Spyware.DigitalNames : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.0
Scan saved at 오전 3:33:19, on 2005-09-11
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\VPower\PCZiggyV4\Daum\PZServiceNt.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\pctspk.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\dgtstart.exe
D:\Program Files\CA-80U\ADSL\CnxDslTb1.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\System32\DWDoumi.exe
D:\Program Files\Internet Explorer\iexplore.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Messenger\msmsgs.exe
C:\KBS\Programs\HJT\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
R3 - URLSearchHook: (no name) - ~{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - ~{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - ~{183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - ~{C0E01570-C11B-37D7-26D8-2698281496F0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 드림위즈 툴바 - {5258771B-ACBE-4974-8ABC-AE4969A2A5CD} - D:\WINDOWS\System32\dwtbar.dll
O3 - Toolbar: 라디오(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - D:\Program Files\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] D:\Program Files\CA-80U\ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Ink Monitor] D:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Plus user memo download] D:\Documents and Settings\All Users\Application Data\RemotePokePlusUser\16 chin.exe
O4 - HKLM\..\Run: [dgtstart] dgtstart.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [that shim title bin] D:\Documents and Settings\All Users\Application Data\Five poll that shim\Rect type.exe
O4 - HKCU\..\Run: [dwdoumi] D:\WINDOWS\System32\DWDoumi.exe
O4 - HKCU\..\Run: [netpiadw] D:\Program Files\DreamWiz\doumi\netpiadw.exe
O4 - HKCU\..\Run: [SayclubTachy] C:\Program files\NeoWiz\Tachy\TachyStart.exe
O4 - HKCU\..\Run: [1 RULE] D:\DOCUME~1\Kang\APPLIC~1\BROWSE~1\Bore plan.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: 드림위즈 검색 - http://search.dreamwiz.com/qsearch/qsearch.html
O8 - Extra context menu item: 드림위즈 메일로 보내기 - http://search.dreamwiz.com/qsearch/qmail.html
O8 - Extra context menu item: 드림위즈 북마크하기 - http://search.dreamwiz.com/qsearch/qbookmark.html
O8 - Extra context menu item: 드림위즈 스크랩하기 - http://search.dreamwiz.com/qsearch/qscrap.html
O8 - Extra context menu item: 드림위즈 실시간뉴스 검색 - http://search.dreamwiz.com/qsearch/qnews.html
O8 - Extra context menu item: 드림위즈 영한/한영사전 검색 - http://search.dreamwiz.com/qsearch/qengdic.html
O8 - Extra context menu item: 드림위즈 한국어사전 검색 - http://search.dreamwiz.com/qsearch/qdic.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 컴내꺼 [넷하드] - javascript:window.open("http://www.com.ne.kr/", "_blank", "");
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble.net/game/NMStarter15.cab
O16 - DPF: {0209E661-80E5-4F94-B479-F559721014DA} (Prjgame.GameExe) - http://www.skylove.com/skygame/download/skygame.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - http://img.telec.co.kr/file/trustsitex/trustsitex.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {214554E7-6F11-4937-8F49-BB2ACC84CE4D} (CncYKChat Control) - http://kr.chat.yahoo.com/N/APP/CncYKChat.cab
O16 - DPF: {240F0899-15BB-49AE-B820-62CEB9116C0F} (SkyCom Control) - http://www.skylove.com/connect/skycom.cab
O16 - DPF: {2712EB12-3BD3-4003-8113-D23B30FACC62} (P3BugsLoad Class) - http://player.bugs.co.kr/player/cab/bugsLoader20040625.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D4A8ABA-90AF-4918-8AE2-A92D87348B03} (Prjgame.GameExe) - http://skygame.skylove.com/download/skygame.CAB
O16 - DPF: {2F0692E0-771E-41EE-8CC2-4A8D8CCA357F} (Checker Control) - http://connect1.skylove.com/connect/checker.cab
O16 - DPF: {37FC498F-6176-40B3-9421-D38FA01FA6AB} (XNMStarter Control) - http://ufile.mym.net/ActiveX/mymstarter/My...rterInstall.CAB
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {5373CE59-8BB8-45DF-96FB-7DC2F668D674} (P3BugsCtrl Class) - http://player.bugs.co.kr/player/cab/bugsmedia.cab
O16 - DPF: {55CE0824-B8F3-4E6A-9797-17FDA555A8E5} (KvpTopd Control) - http://www.vpay.co.kr/KvpTPd.cab
O16 - DPF: {5AA3139C-2579-407E-B74D-742D709C16CE} (DaumGameStarter Control) - http://211.172.252.226/Launcher/DaumGameStarter.cab
O16 - DPF: {60B33001-5F10-4A94-A7E4-77A3D8F5C78E} (OnAirClient Control) - http://ionair.sbs.co.kr/onair/OnAirClient.cab
O16 - DPF: {642BA26B-F76D-4E0D-8421-B24CA1A82EF0} (ChatClubYahoo Control) - http://kr.talk.club.yahoo.com/OPI/ChatClubYahoo.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://www.seevideo.co.kr/pub/seevideo2003/svporsche.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://down.hangame.com/vod/turbois9.cab
O16 - DPF: {7A43F370-05A1-40E3-8C2F-FF83D0768D46} (dmcco Class) - http://cafefiles2.hanmail.net/dmcc.cab
O16 - DPF: {7DC58032-60EE-41E0-84DA-77BFFE156B91} (KcpPayAtx Control) - https://secure.kcp.co.kr/webpay/ISP/KcpPayAtx.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs/MyTVInstaller.cab
O16 - DPF: {814F8226-7A77-4651-8026-B56F4DF13D2C} (SayClub & JukeOn Music Player Control) - http://dl.jukeon.com/jukeon2/p3ed.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {90231C0E-765E-4429-8F70-F4E9A0F8D358} (P3Maxmp3 Class) - http://www.maxmp3.co.kr/use/juke/p2p_playe...40524/p3max.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} (btpgClientCM Class) - https://pg.banktown.com/wallet/plugin/ibtpgClientCM.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {9C23D13E-E310-4E25-A8FC-D704B833BB57} (SayClub Playroom Control) - http://dl.sayclub.com/sayclub/sayctl/PrCtl.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.cachenet.com/kdf8106/kdfense8.cab
O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AE4454BD-04EC-4DB0-9BBF-29B32255E69D} (XBugsChat Control) - http://chatbeta.bugs.co.kr/download/XBugsChat.cab
O16 - DPF: {B0A02AAB-94AB-4190-92E2-429B5AC75F50} (download Class) - http://dl.sayclub.com/tachy/dltachy.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {BAE923B7-8344-485E-B82D-82402F30B019} (DaumImageCtl Class) - http://pimg.hanmail.net/tv/cabs/DaImage.cab
O16 - DPF: {C1DF3FF8-4DA4-4168-97BF-A706A5D51985} (SVJukeOn Control) - http://jukeon.dl.sayclub.co.kr/jukeon/svjukeon.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {DFB64246-00EA-4996-8C31-1F0855BECDDB} (P3WLoader Class) - http://player.bugs.co.kr/player/cab/bugsLoader.cab
O16 - DPF: {E08E0CF9-391D-420E-9B67-029DE4DF2DA8} (AOT.AlwaysOnTop) - http://www.ytn.co.kr/main/DigitalYTN.CAB
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab
O16 - DPF: {E4972AF4-E211-49B9-9267-C693E521AEF0} - http://211.172.252.226/launcher/DaumGame_Linkman.cab
O16 - DPF: {E8A22C88-4596-42EE-A8A6-BBD31EF01E5B} (MeinCam Control) - http://www.meincam.com/application/MeinCam.cab
O16 - DPF: {ED9A7BAD-3BC6-4C4A-AB38-DF210C065482} (AtxCardKorea Class) - http://www.cardkorea.com/cardkorea.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6012003C-1C5E-4383-8B8F-7636B9F02BA5}: NameServer = 200.45.191.35 200.45.191.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{6012003C-1C5E-4383-8B8F-7636B9F02BA5}: NameServer = 200.45.191.35 200.45.191.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{6012003C-1C5E-4383-8B8F-7636B9F02BA5}: NameServer = 200.45.191.35 200.45.191.40
O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Daum - Unknown - D:\Program Files\VPower\PCZiggyV4\Daum\PZServiceNt.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MonSvcNT - AhnLab, Inc. - D:\PROGRA~1\Ahnlab\V3\MonSvcNT.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Si tengo que hacer algo mas... agradeceria tus instrucciones

Es muy difícil saber de tu log lo que has puesto adrede y que te han puesto los spiwares
Las 015 las has puesto vos ?
Las 08 ?
Todas las 016 yo las borraria total las que necesites te las volverás a bajar (Active X)
En fin por lo pronto haz esto:

Imprime o copia estas indicaciones!!!

Si no sabes cómo hacer algunos de los procedimientos mira esto:
http://www.trucoswindows.net/foro/showtopic-25181.html

Esto es muy importante : ( SI TE SALTEAS ESTE PASO TE RECOMIENDO QUE NO HAGAS NADA )

Antes que nada guarda el Hijack en su propia carpeta por ej: C>Limpiar>Hijack

Luego :

Baja este programa:
disk cleaner

http://www.trucoswindows.net/downloadview-details-110-Disk_Cleaner_1.5.5.html

Y el AdAware Se 1.06 :

http://www.trucoswindows.net/detalles-59-a...rsonal_106.html
Actualízalo al 08/09/05

Desconéctate físicamente de Internet (cables,ADSL, o Dial Up modem a tu PC )

Desactiva Restaurar Sistema (si tienes ME o XP )
Reinicia en Modo seguro o A prueba de Fallos
Haz que se vean todos los archivos.
Cierra todas las aplicaciones
Lanza el Hijack
Busca “Open the Misc Tools Section"
Selecciona "Open process manager"
Busca los siguientes procesos:

16 chin.exe
dgtstart.exe
Rect type.exe
DWDoumi.exe
netpiadw.exe
Bore plan.exe

Y uno a uno termina estos procesos clickeando "Kill process" y “Yes”
Cuando terminas con todos clickea "Back"
Scan y luego Fix a estas:

(solo si no sabes a qué se refieren)

D:\WINDOWS\System32\dgtstart.exe
D:\WINDOWS\System32\DWDoumi.exe
R3 - URLSearchHook: (no name) - {183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
R3 - URLSearchHook: (no name) - ~{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - ~{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - ~{183D5161-0C62-4295-896C-44E7442CD6F2} - (no file)
O2 - BHO: (no name) - ~{C0E01570-C11B-37D7-26D8-2698281496F0} - (no file)
O3 - Toolbar: 드림위즈 툴바 - {5258771B-ACBE-4974-8ABC-AE4969A2A5CD} - D:\WINDOWS\System32\dwtbar.dll
O4 - HKLM\..\Run: [Plus user memo download] D:\Documents and Settings\All Users\Application Data\RemotePokePlusUser\16 chin.exe
O4 - HKLM\..\Run: [dgtstart] dgtstart.exe
O4 - HKLM\..\Run: [that shim title bin] D:\Documents and Settings\All Users\Application Data\Five poll that shim\Rect type.exe
O4 - HKCU\..\Run: [dwdoumi] D:\WINDOWS\System32\DWDoumi.exe
O4 - HKCU\..\Run: [netpiadw] D:\Program Files\DreamWiz\doumi\netpiadw.exe
O4 - HKCU\..\Run: [1 RULE] D:\DOCUME~1\Kang\APPLIC~1\BROWSE~1\Bore plan.exe
(si estás de acuerdo agrega todas las 016)

Cierra el Hijack.
Busca estos archivos y los eliminas:

(solo si no sabes a qué se refieren)

D:\WINDOWS\System32\dgtstart.exe
D:\WINDOWS\System32\DWDoumi.exe
D:\WINDOWS\System32\dwtbar.dll
D:\Documents and Settings\All Users\Application Data\RemotePokePlusUser\16 chin.exe
D:\Documents and Settings\All Users\Application Data\Five poll that shim\Rect type.exe
D:\Program Files\DreamWiz\doumi\netpiadw.exe
D:\DOCUME~1\Kang\APPLIC~1\BROWSE~1\Bore plan.exe

Borra con el Disk Cleaner :Archivos Temp. de Internet,Temp. de Sistema,cookies,historial , etc.
Vacía la Papelera
Lanza el AdAware Se 1.06 actualizado al 08/09/05 y el Ewido
Reinicia normal, conecta Internet y pega un nuevo log del hijack y el reporte del Ewido
Salu2
Caito