pc va lenta necesito ayuda

Estado
Cerrado para nuevas respuestas.

JOSELAZCANO

Nuevo Miembro
Miembro
Hola , tengo un problema con mi ordenador desde hace 1 mes empezo a verse lenta al cargar las pantayas del internet y con mucha frecuencia cancela la pagina antes de abrirla les dejo mi log para que le den una checadita de antemano gracias.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:59 PM, on 11/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 69.73.153.186 Bancomer.com
O1 - Hosts: 69.73.153.186 Bancomer.com
O1 - Hosts: 69.73.153.186 bancomer.com
O1 - Hosts: 69.73.153.186 bancomer.com.mx
O1 - Hosts: 69.64.42.230 banamex.com
O1 - Hosts: 69.64.42.230 Banamex.com
O1 - Hosts: 69.64.42.230 banamex.com.mx
O1 - Hosts: 69.64.42.230 bancanetempresarial.banamex.com.mx
O1 - Hosts: 69.64.42.230 boveda.banamex.com
O1 - Hosts: 69.64.42.230 Banamex.com
O1 - Hosts: 69.64.42.230 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 69.64.42.230 www.boveda.banamex.com
O1 - Hosts: Bajionet - Banco del Bajío
O1 - Hosts: bb.com.mx
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10258 bytes
 

Caito

Ex- Mod
Miembro
Realiza los siguientes pasos y nos pasas los resultados:

Actualiza tu sistema Aqui (Si no te deja actualizar pasa al siguiente paso)

Borra todas las cookies y el registro con CCleaner

Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.

Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.

Pásale el Malwarebytes AntiMalware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas) [Si tienes algúna duda aquí tienes un Manual de Malwarebytes AntiMalware]

Ademas, haz un :

Scan on line:

Free Online Virus Scan | BitDefender Online Scanner
Debes usar el Internet Explorer y aceptar los active x
Le pones que elimine lo que te detecte.
Nos copias ese reporte, el del Malwarebytes Antimalware y un nuevo log del hijackthis.

Saludos
Caito
 

JOSELAZCANO

Nuevo Miembro
Miembro
Ok realize los pasos a seguir al parecer no pude actualizar mi sistema , borre todos las cookies y registros .elimine archivos temporales como comentaste que lo hiciera exepto por java ya que me parece no utilizo pues no lo encontré en el panel de control . Despuésseguimos con los reportes aquí te dejo los 3 respectivvos reportes que se generaron .

BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Tue Nov 17 13:54:12 2009
Machine ID: F89FAC73

No infection found.
---------------------

Processes
---------
<unsigned> Ares p2p for Windows 1716 C:\Program Files\Ares\Ares.exe
<unsigned> Nero Home 1732 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
<unsigned> RichVideo Module 2280 C:\Program Files\CyberLink\Shared files\RichVideo.exe
<unsigned> HP CUE Alert Popup Window Objects 3028 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
<unsigned> GPCore COM object 3156 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
<unsigned> HP CUE Status Root 2708 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> hpwuSchd Application 1524 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> DMXLauncher.exe 1548 C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
<unsigned> RocketDock.exe 1772 C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
<unsigned> Windows Explorer 1392 C:\WINDOWS\Explorer.EXE

<verified> avast! service GUI component 1556 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> avast! e-Mail Scanner Service 3676 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
<verified> avast! antivirus service 1320 C:\Program Files\Alwil Software\Avast4\ashServ.exe
<verified> avast! Web Scanner 3796 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
<verified> avast! Antivirus updating service 1272 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
<verified> NMSAccessU.exe 2212 C:\Program Files\CDBurnerXP\NMSAccessU.exe
<verified> HP Digital Imaging Monitor 1744 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<verified> Microsoft SeaPort Search Enhancement Broker 2372 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
<verified> Firefox 3168 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> System settings protector 1708 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<verified> Family Safety Service 1580 C:\Program Files\Windows Live\Family Safety\fsssvc.exe
<verified> Windows Live Messenger 1724 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
<verified> Yahoo! Widgets 236 C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
<verified> Yahoo! Widgets 1792 C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
<verified> Yahoo! Widgets 1956 C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
<verified> Yahoo! Widgets 2000 C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
<verified> Realtek Audio - Event Monitor 1516 C:\WINDOWS\ALCXMNTR.EXE
<verified> Application Layer Gateway Service 1016 C:\WINDOWS\System32\alg.exe
<verified> Client Server Runtime Process 548 C:\WINDOWS\system32\csrss.exe
<verified> LSA Shell (Export Version) 628 C:\WINDOWS\system32\lsass.exe
<verified> Services and Controller app 616 C:\WINDOWS\system32\services.exe
<verified> Windows NT Session Manager 480 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 448 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 1512 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1480 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2112 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1108 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2236 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 968 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2424 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 912 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 844 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 788 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 3848 C:\WINDOWS\system32\svchost.exe
<verified> Windows NT Logon Application 572 C:\WINDOWS\system32\winlogon.exe
<verified> Windows Update 3452 C:\WINDOWS\system32\wuauclt.exe

Network activity
----------------
Process Ares.exe (1716) connected on port 5918 - 224.213.117.91.dynamic.mundo-r.com
Process Ares.exe (1716) connected on port 43225 - c-69-141-191-6.hsd1.pa.comcast.net
Process Ares.exe (1716) connected on port 47718 - 122-165-19-190.fibertel.com.ar
Process Ares.exe (1716) connected on port 42475 - Dynamic-IP-1868410395.cable.net.co
Process Ares.exe (1716) connected on port 22231 - 80-219-116-3.dclient.hispeed.ch
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - yi-in-f138.1e100.net
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - 208.46.17.19
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - 208.46.17.19
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - yi-in-f138.1e100.net
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - a96-17-44-20.deploy.akamaitechnologies.com
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - 208.46.17.19
Process ashWebSv.exe (3796) connected on port 80 (HTTP) - 208.46.17.19

Process svchost.exe (844) listens on ports: 135 (RPC)
Process Ares.exe (1716) listens on ports: 80 (HTTP)

Autoruns and critical files
---------------------------
<unsigned> Ares p2p for Windows C:\Program Files\Ares\Ares.exe
<unsigned> Nero Home C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
<unsigned> Language Application C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
<unsigned> WECP Auto Update Service C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
<unsigned> HpqSRmon C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
<unsigned> hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<unsigned> DMXLauncher.exe C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
<unsigned> RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
<unsigned> Windows Logon UI C:\WINDOWS\system32\logonui.exe
<unsigned> Systray shell service object C:\WINDOWS\system32\stobject.dll
<unsigned> Web Site Monitor C:\WINDOWS\system32\webcheck.dll

<verified> Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> avast! service GUI component C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> Google Installer C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> HP Digital Imaging Monitor C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<verified> Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
<verified> Search Settings application C:\Program Files\Search Settings\SearchSettings.exe
<verified> System settings protector C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<verified> Mantenimiento con 1 clic de TuneUp C:\Program Files\TuneUp Utilities 2008\OneClick.exe
<verified> OneClickStarter.exe C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
<verified> Windows Live Messenger C:\program files\windows live\messenger\msnmsgr.exe
<verified> Yahoo! Widgets C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
<verified> Realtek Audio - Event Monitor C:\WINDOWS\ALCXMNTR.EXE
<verified> System Configuration Utility C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
<verified> Shell Browser UI Library C:\WINDOWS\system32\browseui.dll
<verified> Crypto API32 C:\WINDOWS\system32\crypt32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
<verified> Offline Network Agent C:\WINDOWS\system32\cscdll.dll
<verified> Secondary Logon Service Notification DLL C:\WINDOWS\system32\sclgntfy.dll
<verified> Windows Shell Common Dll C:\WINDOWS\system32\shell32.dll
<verified> Userinit Logon Application c:\windows\system32\userinit.exe
<verified> Common DLL to receive Winlogon notifications C:\WINDOWS\system32\wlnotify.dll
<verified> Windows Portable Device Shell Service Object C:\WINDOWS\system32\WPDShServiceObj.dll

Browser plugins
---------------
<unsigned> DefaultSearch Module c:\program files\asksearch\bin\defaultsearch.dll
<unsigned> npdivxplayerplugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<unsigned> OpenSSL Shared Library C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<unsigned> getplusadobe15235 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<unsigned> npdivxplayerplugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<unsigned> OpenSSL Shared Library C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
<unsigned> InstallShield Update Service Setup Player Module C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service Setup Player C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> InstallShield Update Service Web Agent C:\WINDOWS\Downloaded Program Files\isusweb.dll

<verified> Adobe PDF Helper for Internet Explorer c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> WindowsLiveLogin.dll c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> DivX Web Player versión 1.4.3.4 C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
<verified> HP Smart Web Printing add-on for Internet Explorer c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
<verified> HP Smart Web Printing add-on for Internet Explorer c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
<verified> 3.0.40818.0 c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> Office Live Update v1.3 C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Search Helper for Internet Explorer c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified> DivX Web Player versión 1.4.3.4 C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Office Plugin for Netscape Navigator C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Adobe PDF Plug-In For Firefox and Netscape C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Yahoo! activeX Plug-in Bridge C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
<verified> Search Settings module for Internet Explorer c:\program files\search settings\kb127\searchsettings.dll
<verified> SBSD IE Protection C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
<verified> Family Safety Browser Helper Object Library c:\program files\windows live\family safety\fssbho.dll
<verified> NPWLPG C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Live Toolbar Core c:\program files\windows live\toolbar\wltcore.dll
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> Shell Doc Object and Control Library C:\WINDOWS\system32\shdocvw.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll

Missing files
-------------
File not found: C:\Program Files\Messenger\msmsgs.exe
referenced in: HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\"Exec"

Scan
----

No file uploaded.

Scan finished - communication took 14 sec
Total traffic - 0.06 MB sent, 2.89 KB recvd
Scanned 1102 files and modules - 65 seconds

EL DEL MALAWARE


Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3188
Windows 5.1.2600 Service Pack 2

11/17/2009 1:51:43 PM
mbam-log-2009-11-17 (13-51-43).txt

Tipo de examen : Examen Rápido
Objetos examinados: 100859
Tiempo transcurrido: 3 minute(s), 11 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


Y EL NUEVO LOG DE HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:27 PM, on 11/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 69.73.153.186 Bancomer.com
O1 - Hosts: 69.73.153.186 Bancomer.com
O1 - Hosts: 69.73.153.186 bancomer.com
O1 - Hosts: 69.73.153.186 bancomer.com.mx
O1 - Hosts: 69.64.42.230 banamex.com
O1 - Hosts: 69.64.42.230 Banamex.com
O1 - Hosts: 69.64.42.230 banamex.com.mx
O1 - Hosts: 69.64.42.230 bancanetempresarial.banamex.com.mx
O1 - Hosts: 69.64.42.230 boveda.banamex.com
O1 - Hosts: 69.64.42.230 Banamex.com
O1 - Hosts: 69.64.42.230 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 69.64.42.230 www.boveda.banamex.com
O1 - Hosts: Bajionet - Banco del Bajío
O1 - Hosts: bb.com.mx
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9836 bytes
 

Caito

Ex- Mod
Miembro
Si no las pusiste vos elimina estas con el hijack:

O1 - Hosts: 69.73.153.186 Bancomer.com
O1 - Hosts: 69.73.153.186 Bancomer.com
O1 - Hosts: 69.73.153.186 bancomer.com
O1 - Hosts: 69.73.153.186 bancomer.com.mx
O1 - Hosts: 69.64.42.230 banamex.com
O1 - Hosts: 69.64.42.230 Banamex.com
O1 - Hosts: 69.64.42.230 banamex.com.mx
O1 - Hosts: 69.64.42.230 bancanetempresarial.banamex.com.mx
O1 - Hosts: 69.64.42.230 boveda.banamex.com
O1 - Hosts: 69.64.42.230 Banamex.com
O1 - Hosts: 69.64.42.230 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 69.64.42.230 www.boveda.banamex.com
O1 - Hosts: Bajionet - Banco del Bajío
O1 - Hosts: bb.com.mx
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Tu log se ve limpio, sigues con problemas ?
saludos
Caito
 

JOSELAZCANO

Nuevo Miembro
Miembro
Todo esta mucho mejor ya elimine las diferentes entradas. Agradezco de antemano y puedes dar el caso por resuelto, muchas gracias.
 

Caito

Ex- Mod
Miembro
Nos alegra que lo hayas arreglado :)
Damos por solucionado este tema
Saludos
Caito
 
Estado
Cerrado para nuevas respuestas.
Arriba Pie