este es log del hijack comentarte q la entrada 23 ni la repara ni elimina
Logfile of HijackThis v1.99.1
Scan saved at 16:56:00, on 29/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\WINDOWS\System32\alg.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\sysdir\Temp\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ono.es/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ono.es/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por ONO
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender-es.com/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135267867343O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game17.zylomgames.com/activex/zylomgamesplayer.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4657/mcfscan.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabO18 - Protocol: maven-8110 - {2726A296-7F12-4346-A559-60EED562F7F1} - C:\Archivos de programa\sonymovies\bin\bin-0\protocolHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: fvorhdjvgwfu (mzkcltbl6) - Unknown owner - C:\WINDOWS\System32\htuajkja6.exe (file missing)
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
este es log del autoruns
HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ APVXDWIN Platinum permanent protection (Not verified) Panda Software International c:\archivos de programa\panda software\panda platinum 2005 internet security\apvxdwin.exe
+ Cmaudio CmiCnfg DLL (Not verified) C-Media Corporation c:\windows\system\cmicnfg.cpl
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ SCANINICIO (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\inicio.exe
+ SoundMan Realtek Sound Manager (Not verified) Realtek Semiconductor Corp. C:\WINDOWS\soundman.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Documents and Settings\Yuly\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ msnmsgr MSN Messenger (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msnmsgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CRLUpdate UPDCRL (Not verified) Microsoft Corporation c:\windows\system32\updcrl.exe
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido shell guard c:\archivos de programa\ewido anti-malware\shellhook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 45.33 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Explorador de escritorios NVIDIA Desktop Explorer, Version 45.33 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Extensión de icono de HyperTerminal File not found: hticons.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ ISOpenMenuHandler ISOpen Shell Context Menu (Not verified) KoYoTe SoFt c:\archivos de programa\isopen\isopenmenu.dll
+ Panda Antivirus pavole (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavole.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\archivos de programa\real\realone player\rpshell.dll
+ WayTech MultiMouse c:\archivos de programa\combinación inalámbrica labtec\cpdll.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\archivos de programa\winzip\wzshlstb.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Windows Messenger Windows Messenger (Not verified) Microsoft Corporation c:\archivos de programa\messenger\msmsgs.exe
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ ewido security suite control ewido control (Not verified) ewido networks c:\archivos de programa\ewido anti-malware\ewidoctrl.exe
+ ewido security suite guard guard (Not verified) ewido networks c:\archivos de programa\ewido anti-malware\ewidoguard.exe
+ MDM Manages local and remote debugging for Visual Studio debuggers (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\vs7debug\mdm.exe
+ mzkcltbl6 File not found: C:\WINDOWS\System32\htuajkja6.exe
+ PASSRV c:\archivos de programa\panda software\panda platinum 2005 internet security\passrv.exe
+ PAVFIRES Personal Firewall Service (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\firewall\pavfires.exe
+ PAVFNSVR Panda Function Service (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavfnsvr.exe
+ Pavkre PavKre Aplicación (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavkre.exe
+ PavProt PavProt Application (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavprot.exe
+ PAVSRV On-Access Antivirus Scanner Service. (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavsrv51.exe
+ PREVSRV Panda Preventium+ © service (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\prevsrv.exe
+ PSIMSVC Common Interface Manager (Not verified) Panda Software Internacional c:\archivos de programa\panda software\panda platinum 2005 internet security\psimsvc.exe
+ Venturi2 VentC (Not verified) Fourelle Systems, Inc c:\program files\venturi2\client\ventc.exe
HKLM\System\CurrentControlSet\Services
+ actser Actser Serial Filter driver (Not verified) Siemens AG c:\windows\system32\drivers\actser.sys
+ ALCXSENS Sensaura WDM 3D Audio Driver (Not verified) Sensaura Ltd c:\windows\system32\drivers\alcxsens.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) (Not verified) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ cmuda C-Media Audio WDM Driver (Not verified) C-Media Inc c:\windows\system32\drivers\cmuda.sys
+ ComFiltr File not found: C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
+ cpoint cPoint (Not verified) Panda Software c:\windows\system32\drivers\cpoint.sys
+ Defender File not found: C:\Archivos de programa\SinEspias\Defender.sys
+ DumaNT DUMA NT Keyboard Filter (Not verified) NVIDIA Corporation c:\windows\system32\drivers\dumant.sys
+ ewido security suite driver c:\archivos de programa\ewido anti-malware\guard.sys
+ GMSIPCI File not found: D:\INSTALL\GMSIPCI.SYS
+ netflt NetFlt (Not verified) Panda Software c:\windows\system32\drivers\netflt.sys
+ NTACCESS File not found: D:\NTACCESS.sys
+ P2k Motorola Driver (Not verified) Motorola Inc c:\windows\system32\drivers\p2k.sys
+ ser2pl USB-to-Serial Cable Driver (Not verified) Prolific Technology Inc. c:\windows\system32\drivers\ser2pl.sys
+ Teefer Teefer Driver (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\teefer.sys
+ wg3n wgxn (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wg3n.sys
+ wpsdrvnt wpsdrvnt (Not verified) Sygate Technologies, Inc. c:\windows\system32\drivers\wpsdrvnt.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SOFTWARE\Microsoft\Command Processor\Autorun
HKCU\SOFTWARE\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ PAV_LAYERED pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [RAW/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [TCP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
+ PAV_LAYERED over [MSAFD Tcpip [UDP/IP]] pavlsp Dynamic Link Library (Not verified) Panda Software c:\archivos de programa\panda software\panda platinum 2005 internet security\pavlsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors