pc lenta

ya descartaste que sean dramas de hardware? que maquina es?
ya resinstalaste windows?

El norton es un antivirus muy pesado si lo sacas sigue andando asi de lenta?, probaste con otro antivirus mejor? o uno online por lo menos?

Además de lo mecionado por storax, podés analizar en forma individual esos archivos para sacarte la duda. Te dejo el enlace: http://www.virustotal.com/es/

Saludos!

es una hp pavilion slimline pc 3620 disco
procesador intel core2 duo
disco 320
3 gb

gracias por contestarme
mastermind hice lo q me dijiste y analize 1 archivo me aparece esto

Análisis del archivo wlcomm.exe recibido el 2009.06.16 08:21:21 (UTC)
Estado actual: análisis terminado
Resultado: 0/39 (0.00%)

Compactar
Imprimir resultados

Motor antivirus Versión Última actualización Resultado a-squared 4.5.0.18 2009.06.16 - AhnLab-V3 5.0.0.2 2009.06.16 - AntiVir 7.9.0.187 2009.06.16 - Antiy-AVL 2.0.3.1 2009.06.15 - Authentium 5.1.2.4 2009.06.15 - Avast 4.8.1335.0 2009.06.15 - AVG 8.5.0.339 2009.06.15 - BitDefender 7.2 2009.06.16 - CAT-QuickHeal 10.00 2009.06.16 - ClamAV 0.94.1 2009.06.16 - Comodo 1340 2009.06.16 - DrWeb 5.0.0.12182 2009.06.16 - eSafe 7.0.17.0 2009.06.15 - eTrust-Vet 31.6.6560 2009.06.15 - F-Prot 4.4.4.56 2009.06.15 - F-Secure 8.0.14470.0 2009.06.16 - Fortinet 3.117.0.0 2009.06.16 - GData 19 2009.06.16 - Ikarus T3.1.1.59.0 2009.06.16 - K7AntiVirus 7.10.762 2009.06.12 - Kaspersky 7.0.0.125 2009.06.16 - McAfee 5647 2009.06.15 - McAfee+Artemis 5647 2009.06.15 - McAfee-GW-Edition 6.7.6 2009.06.16 - Microsoft 1.4701 2009.06.16 - NOD32 4158 2009.06.16 - Norman 6.01.09 2009.06.15 - nProtect 2009.1.8.0 2009.06.16 - Panda 10.0.0.14 2009.06.15 - PCTools 4.4.2.0 2009.06.12 - Prevx 3.0 2009.06.16 - Rising 21.34.11.00 2009.06.16 - Sophos 4.42.0 2009.06.16 - Sunbelt 3.2.1858.2 2009.06.16 - Symantec 1.4.4.12 2009.06.16 - TheHacker 6.3.4.3.345 2009.06.15 - TrendMicro 8.950.0.1094 2009.06.16 - VBA32 3.12.10.7 2009.06.16 - ViRobot 2009.6.16.1788 2009.06.16 - Información adicional File size: 27512 bytes MD5 : 654480ea67078c7b4c6c8ba871b07d5d SHA1 : 4713fc40ed796df5a9e9f89badd68f7d761f137f SHA256: d4599e706d8a814cc0f8b92ed55d8035a6407fbb5a38575f74 6d3faaf394b533 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1772
timedatestamp.....: 0x498CDDF7 (Sat Feb 7 02:03:51 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3D47 0x3E00 6.21 8452d1a2f1e60dadbfa8124fa4cf2b8c
.data 0x5000 0x394 0x200 0.31 439a93bae072b1970f19a870a7d60f44
.rsrc 0x6000 0x6C0 0x800 3.91 b3b58bff246f0579d79e4595971ff9ed
.reloc 0x7000 0x390 0x400 6.18 2d2c3f262e184ec792262f3c796adb87

( 0 imports )


( 0 exports )
TrID : File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%) ThreatExpert: http://www.threatexpert.com/report.a...6c8ba871b07d5d ssdeep: 384:5RBB1nPRy5soMbhCytd1ZzgX2MXN8WUfGd6w0rswozWqh/+KdEL/ih/j0d:fBB1P0soMbEytlcX81OJwswohw/ih/j+ PEiD : - RDS : NSRL Reference Data Set

de

Análisis del archivo searchindexer.exe recibido el 2009.06.17 08:49:01 (UTC)
Estado actual: análisis terminado
Resultado: 1/40 (2.50%)

Compactar
Imprimir resultados

Motor antivirus Versión Última actualización Resultado a-squared 4.5.0.18 2009.06.17 - AhnLab-V3 5.0.0.2 2009.06.17 - AntiVir 7.9.0.187 2009.06.17 - Antiy-AVL 2.0.3.1 2009.06.17 - Authentium 5.1.2.4 2009.06.16 - Avast 4.8.1335.0 2009.06.16 - AVG 8.5.0.339 2009.06.17 - BitDefender 7.2 2009.06.17 - CAT-QuickHeal 10.00 2009.06.17 - ClamAV 0.94.1 2009.06.17 - Comodo 1349 2009.06.17 - DrWeb 5.0.0.12182 2009.06.17 - eSafe 7.0.17.0 2009.06.16 - eTrust-Vet 31.6.6564 2009.06.17 - F-Prot 4.4.4.56 2009.06.16 - F-Secure 8.0.14470.0 2009.06.17 - Fortinet 3.117.0.0 2009.06.17 - GData 19 2009.06.17 - Ikarus T3.1.1.59.0 2009.06.17 - Jiangmin 11.0.706 2009.06.17 - K7AntiVirus 7.10.765 2009.06.16 - Kaspersky 7.0.0.125 2009.06.17 - McAfee 5648 2009.06.16 - McAfee+Artemis 5648 2009.06.16 - McAfee-GW-Edition 6.7.6 2009.06.17 Win32.LooksLike.Virut Microsoft 1.4701 2009.06.17 - NOD32 4160 2009.06.16 - Norman 6.01.09 2009.06.16 - nProtect 2009.1.8.0 2009.06.17 - Panda 10.0.0.14 2009.06.16 - PCTools 4.4.2.0 2009.06.12 - Prevx 3.0 2009.06.17 - Rising 21.34.21.00 2009.06.17 - Sophos 4.42.0 2009.06.17 - Sunbelt 3.2.1858.2 2009.06.17 - Symantec 1.4.4.12 2009.06.17 - TheHacker 6.3.4.3.347 2009.06.17 - TrendMicro 8.950.0.1094 2009.06.17 - VBA32 3.12.10.7 2009.06.17 - ViRobot 2009.6.17.1791 2009.06.17 - Información adicional File size: 439808 bytes MD5 : 7778bdfa3f6f6fba0e75b9594098f737 SHA1 : ed3a478772bddf65d413479f61812d981fefb655 SHA256: 50992333a9d31cf69c13573c24455422791199bd7c63c3fc7c 3f0e4cc1bc6fa4 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xE504
timedatestamp.....: 0x483B99AF (Tue May 27 07:18:39 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4B52E 0x4B600 6.29 aa92f12631cd6026fe0fc967b87b15b8
.data 0x4D000 0x3F6C 0x3E00 0.61 ac463a8c78c0922c8426263b7d1a8d91
.rsrc 0x51000 0x17628 0x17800 4.39 c0e18ba42acd28ab385387cd5b063398
.reloc 0x69000 0x45FC 0x4600 6.67 e0558200b9225229c16695039fe1c2d5

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) ssdeep: 6144:s3jJYfwynmxpY2jGPqkWDZnsZenhO31dRXdtOADVOGx7H Ndc5h8TQ81BXAwQ:uYo0mxpxfpOBjDOGJTc5h8Tb1AwQ PEiD : - RDS : NSRL Reference Data Set

Análisis del archivo M3SRCHMN.EXE recibido el 2009.06.12 02:39:28 (UTC)
Estado actual: análisis terminado
Resultado: 9/39 (23.08%)

Compactar
Imprimir resultados

Motor antivirus Versión Última actualización Resultado a-squared 4.5.0.18 2009.06.12 Riskware.AdWare.Mywebsearch!IK AhnLab-V3 5.0.0.2 2009.06.11 - AntiVir 7.9.0.187 2009.06.12 - Antiy-AVL 2.0.3.1 2009.06.11 - Authentium 5.1.2.4 2009.06.12 - Avast 4.8.1335.0 2009.06.11 - AVG 8.5.0.339 2009.06.11 - BitDefender 7.2 2009.06.12 - CAT-QuickHeal 10.00 2009.06.11 - ClamAV 0.94.1 2009.06.12 - Comodo 1318 2009.06.12 Unclassified Malware DrWeb 5.0.0.12182 2009.06.12 - eSafe 7.0.17.0 2009.06.11 Win32.MiscMywebsearc eTrust-Vet 31.6.6554 2009.06.11 - F-Prot 4.4.4.56 2009.06.12 - F-Secure 8.0.14470.0 2009.06.12 - Fortinet 3.117.0.0 2009.06.11 Misc/Mywebsearch GData 19 2009.06.12 - Ikarus T3.1.1.59.0 2009.06.12 not-a-virus:AdWare.Mywebsearch K7AntiVirus 7.10.760 2009.06.10 - Kaspersky 7.0.0.125 2009.06.12 - McAfee 5643 2009.06.11 potentially unwanted program MWS McAfee+Artemis 5643 2009.06.11 potentially unwanted program MWS McAfee-GW-Edition 6.7.6 2009.06.12 - Microsoft 1.4701 2009.06.12 - NOD32 4149 2009.06.11 - Norman 6.01.09 2009.06.11 - nProtect 2009.1.8.0 2009.06.11 - Panda 10.0.0.14 2009.06.11 - PCTools 4.4.2.0 2009.06.12 - Prevx 3.0 2009.06.12 Low Risk Adware Rising 21.33.32.00 2009.06.11 - Sophos 4.42.0 2009.06.12 - Sunbelt 3.2.1858.2 2009.06.12 MyWebSearch Toolbar Symantec 1.4.4.12 2009.06.12 - TheHacker 6.3.4.3.344 2009.06.11 - TrendMicro 8.950.0.1092 2009.06.11 - VBA32 3.12.10.7 2009.06.11 - ViRobot 2009.6.11.1781 2009.06.11 - Información adicional File size: 24688 bytes MD5 : bb81ab56b5e457e1011e47d9b7fce610 SHA1 : 41850146384b147f1cbb5105f64e8dc82c9f3a1d SHA256: 86816e4a1fcf87dfbc9b4f4566b21a9167d9acd15f29eef1a6 b8af49b1ef1376 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1006
timedatestamp.....: 0x49EA1A32 (Sat Apr 18 20:21:38 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1D40 0x2000 6.02 5ec8b36eb33528ed04043138f20744ed
.rdata 0x3000 0x79C 0x1000 3.10 1b76421409e0e97c1c3fd413a93e4730
.data 0x4000 0x37E 0x1000 1.09 37b632ac7814f3f2ab17df697bd1649f
.rsrc 0x5000 0x3B0 0x1000 0.98 fe8eb0c52b95c23821cb4c64f9b7d3aa

( 3 imports )

> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegFlushKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue, RegCloseKey
> kernel32.dll: LeaveCriticalSection, EnterCriticalSection, LocalFree, GetProcAddress, lstrcatA, lstrcpyA, lstrcpynA, GetFileAttributesA, GetDriveTypeA, CloseHandle, CreateProcessA, FreeLibrary, ResetEvent, lstrlenA, GetModuleFileNameA, WaitForSingleObject, GetLastError, CreateEventA, SetLastError, CompareFileTime, GetSystemTimeAsFileTime, GetTickCount, SystemTimeToFileTime, GetSystemTime, lstrcmpiA, GetVersionExA, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, DebugBreak, DeleteCriticalSection, InitializeCriticalSection, GetModuleHandleA, GetCommandLineA, ExitProcess, LoadLibraryA, GetStartupInfoA
> user32.dll: wsprintfA, SetWindowsHookExA, MsgWaitForMultipleObjects, GetMessageA, TranslateMessage, DispatchMessageA, UnhookWindowsHookEx, CharNextA

( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) ThreatExpert: http://www.threatexpert.com/report.a...1e47d9b7fce610 ssdeep: 384:ekDOTWwcADNohYnBhkBVhPffUcGoAuK7hU:WThDNohwhuV pcCAb7m Prevx Info: http://info.prevx.com/aboutprogramte...16B400B32981A4 PEiD : - CWSandbox: http://research.sunbelt-software.com...1e47d9b7fce610 RDS : NSRL Reference Data Set
-

Análisis del archivo M3SRCHMN.EXE recibido el 2009.06.12 02:39:28 (UTC)
Estado actual: análisis terminado
Resultado: 9/39 (23.08%)

Compactar
Imprimir resultados

Motor antivirus Versión Última actualización Resultado a-squared 4.5.0.18 2009.06.12 Riskware.AdWare.Mywebsearch!IK AhnLab-V3 5.0.0.2 2009.06.11 - AntiVir 7.9.0.187 2009.06.12 - Antiy-AVL 2.0.3.1 2009.06.11 - Authentium 5.1.2.4 2009.06.12 - Avast 4.8.1335.0 2009.06.11 - AVG 8.5.0.339 2009.06.11 - BitDefender 7.2 2009.06.12 - CAT-QuickHeal 10.00 2009.06.11 - ClamAV 0.94.1 2009.06.12 - Comodo 1318 2009.06.12 Unclassified Malware DrWeb 5.0.0.12182 2009.06.12 - eSafe 7.0.17.0 2009.06.11 Win32.MiscMywebsearc eTrust-Vet 31.6.6554 2009.06.11 - F-Prot 4.4.4.56 2009.06.12 - F-Secure 8.0.14470.0 2009.06.12 - Fortinet 3.117.0.0 2009.06.11 Misc/Mywebsearch GData 19 2009.06.12 - Ikarus T3.1.1.59.0 2009.06.12 not-a-virus:AdWare.Mywebsearch K7AntiVirus 7.10.760 2009.06.10 - Kaspersky 7.0.0.125 2009.06.12 - McAfee 5643 2009.06.11 potentially unwanted program MWS McAfee+Artemis 5643 2009.06.11 potentially unwanted program MWS McAfee-GW-Edition 6.7.6 2009.06.12 - Microsoft 1.4701 2009.06.12 - NOD32 4149 2009.06.11 - Norman 6.01.09 2009.06.11 - nProtect 2009.1.8.0 2009.06.11 - Panda 10.0.0.14 2009.06.11 - PCTools 4.4.2.0 2009.06.12 - Prevx 3.0 2009.06.12 Low Risk Adware Rising 21.33.32.00 2009.06.11 - Sophos 4.42.0 2009.06.12 - Sunbelt 3.2.1858.2 2009.06.12 MyWebSearch Toolbar Symantec 1.4.4.12 2009.06.12 - TheHacker 6.3.4.3.344 2009.06.11 - TrendMicro 8.950.0.1092 2009.06.11 - VBA32 3.12.10.7 2009.06.11 - ViRobot 2009.6.11.1781 2009.06.11 - Información adicional File size: 24688 bytes MD5 : bb81ab56b5e457e1011e47d9b7fce610 SHA1 : 41850146384b147f1cbb5105f64e8dc82c9f3a1d SHA256: 86816e4a1fcf87dfbc9b4f4566b21a9167d9acd15f29eef1a6 b8af49b1ef1376 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1006
timedatestamp.....: 0x49EA1A32 (Sat Apr 18 20:21:38 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1D40 0x2000 6.02 5ec8b36eb33528ed04043138f20744ed
.rdata 0x3000 0x79C 0x1000 3.10 1b76421409e0e97c1c3fd413a93e4730
.data 0x4000 0x37E 0x1000 1.09 37b632ac7814f3f2ab17df697bd1649f
.rsrc 0x5000 0x3B0 0x1000 0.98 fe8eb0c52b95c23821cb4c64f9b7d3aa

( 3 imports )

> advapi32.dll: RegOpenKeyExA, RegQueryValueExA, RegFlushKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue, RegCloseKey
> kernel32.dll: LeaveCriticalSection, EnterCriticalSection, LocalFree, GetProcAddress, lstrcatA, lstrcpyA, lstrcpynA, GetFileAttributesA, GetDriveTypeA, CloseHandle, CreateProcessA, FreeLibrary, ResetEvent, lstrlenA, GetModuleFileNameA, WaitForSingleObject, GetLastError, CreateEventA, SetLastError, CompareFileTime, GetSystemTimeAsFileTime, GetTickCount, SystemTimeToFileTime, GetSystemTime, lstrcmpiA, GetVersionExA, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, DebugBreak, DeleteCriticalSection, InitializeCriticalSection, GetModuleHandleA, GetCommandLineA, ExitProcess, LoadLibraryA, GetStartupInfoA
> user32.dll: wsprintfA, SetWindowsHookExA, MsgWaitForMultipleObjects, GetMessageA, TranslateMessage, DispatchMessageA, UnhookWindowsHookEx, CharNextA

( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) ThreatExpert: http://www.threatexpert.com/report.a...1e47d9b7fce610 ssdeep: 384:ekDOTWwcADNohYnBhkBVhPffUcGoAuK7hU:WThDNohwhuV pcCAb7m Prevx Info: http://info.prevx.com/aboutprogramte...16B400B32981A4 PEiD : - CWSandbox: http://research.sunbelt-software.com...1e47d9b7fce610 RDS : NSRL Reference Data Set
-

La idea era que vos analizaras si esos archivos están infectados. Como el resultado no se entiende bien y está incompleto, hacé lo siguiente: bajá el HijackThis ; Luego reiniciá tu PC, no abras ni cierres ningún proceso o programa, ejecutá el HijackThis, elegí Do a system scan only, guardá el log que se genera y pegalo acá.

Saludos!

Hola master.mind ejecute el Hijackthis como me dijiste este es el log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:59 p.m., on 20/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ar.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - 00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar Buscar - C:\ProgramData\AOL\ieToolbar\resources\es-AR\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9e39f580e5015) (gupdate1c9e39f580e5015) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Paola\AppData\Local\Temp\DX9\SessionLaunc her.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10341 bytes

desde ya, gracias por tu tiempo.

a. Tu PC está infectada y no está bien potegida: ambas cosas van de la mano.

- La infección proviene de una barra que instalaste en tu navegador: MyWebSearch . El perjuicio de todas las barras supera cualquier beneficio que puedan tener (además de consumir recursos). Tratá de informante en detalle antes de instalar hasta la más mínima extensión, complemento o aplicación en tu PC. Para evitar futuras infecciones, tomate tu tiempo pra leer este tema y todos los enlaces que incluye: ¿Cómo protejo mi PC? .

- No veo que tengas el Norton activo o instalado. Aclarame este punto, porque es suicida no tener un antivirus. Si lo vas a cambiar, elegí uno de este tema: ¿Cómo protejo mi PC? .

- No tenés un firewall (o tenés el de Windows que no es recomendable). Instalá y configurá el Zone Alarm como indico en este tema ¿Cómo protejo mi PC? .

- Complementá el Windows Defender (no es una buena elección, pero dejalo) con el SpywareBlaster . Instalá, actualizá y configurá como indico en este tema ¿Cómo protejo mi PC? .


b. Bajá estos programas:

- FileASSASSIN: http://fileassassin.softonic.com/descargar o http://fileassassin.uptodown.com
- CCleaner: http://www.ccleaner.com


c. Imprimí estas instrucciones, seguilas al pie de la letra y guardá todos los resultados:

1) Desactivá Restaurar Sistema: vas a Inicio > Configuración > Panel de Control > Sistema > Restaurar Sistema y allí tildás Desactivar Restaurar Sistema.


2) Activá Mostrar todos los archivos y carpetas ocultos: Inicio > Programas > Accesorios > Explorador de Windows y ahí vas a la solapa Herramientas > Opciones de carpeta > Ver y tildá donde dice Mostrar todos los archivos y carpetas ocultos, luego le das Aplicar y después Aceptar (en ese orden por favor!!!).


3) Iniciá tu PC en Modo Seguro con acceso a red (cuando tu PC arranca tenés que apretar F8 en forma sucesiva. Te aparece una pantalla negra con letras blancas: elegí la opción Modo Seguro con acceso a red. Luego aparece un mensaje de advertencia al iniciar Windows, dale Aceptar). Si no podés acceder a Modo Seguro con acceso a red, hacelo en modo normal de esta forma (de lo contrario andá al paso 4):

Inicio ->> Ejecutar ->> tipeá MSCONFIG ->> dale Enter
a.- Desde la solapa Servicios activa la casilla Ocultar todos los Servicios de Microsoft
b.- Presioná el botón Deshabilitar todos
c.- Desde la solapa Inicio presioná el botón Deshabilitar todos
d.- Presioná los botones en este orden: 1° Aplicar , 2° Aceptar , 3° Reiniciar

(si elegiste esta opción, al finalizar todos los escaneos volvé a habilitar todo lo que deshabilitaste recién, y reiniciá).


4) No abras ningún programa hasta terminar.


5) Borrá estas entradas perdidas con Fix checked del HJT:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


6) Esta entrada corresponde a procesos que consumen recursos y no es necesario tenerlos activos. Borrala con Fix checked del HJT:

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKCU\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start


7) Estas entradas pueden ser peligrosas. Si no te resultan confiables los directorios, archivos o sitios a los que hacen referencia, borralas con Fix checked del HJT:

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Paola\AppData\Local\Temp\DX9\SessionLaunc her.exe (file missing)


8) Estas entradas son dudosas o peligrosas. Borralas con Fix checked del HJT:

C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
R3 - URLSearchHook: (no name) - 00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe


9) Limpiá primero temporales y luego el registro con el CCleaner.


10) Hacé un escaneo con el Windows Defender. Guardá los resultados y borrá todo lo que te aparezca.


11) Hacé un escaneo on-line con Panda (http://www.activescan.com.ar). Guardá los resultados y borrá todo lo que te aparezca (si es necesario con el FileASSASSIN). Otra opción es Kaspersky ( http://www.kaspersky.com/sp/virusscanner ).


12) Reiniciá, generá un nuevo log y posteá SÓLO los resultados donde aparecieron infecciones.


Sabiendo el motivo de la lentitud, ahora sí muevo al foro Seguridad Informática.

Saludos!

Master.Mind
Moderador foros Windows, Software y Seguridad Informática
Staff Psicofxp

Hola disculpa la demora: Vamos por parte.

- Borre todas los archivos y las entradas.
- Windows defender: no encontro nada.
- Panda on- line tampoco.

- Cuando reinicie y quise generar un nuevo log con hijack me aparece esto:

For some reason your system denied write acess to th Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.
If tthat happens, you need to edit yourself. To do this, click Start, Run and Type:
notepad C:\Windows\System 32\drivers\etc\hosts
and press Enter. Find the line (s) HijackThis reports and delete them. Save the file as 'hosts'. (with quotes), and reboot.
For vista: simply, exit HijackThis, right click on thr HijackTHis icon choose 'Run as administrator'.

y cuando hago clic genera un log :

en el q encontre:

023 - Service: My web search Service (MywebSearchService) -Unknown owner - C:\PROGRA-1\MYWEBS-1\bar\3bin\mwssvc.exe file missing).

Trate de eliminarl con fix cheked y sigue apareciendo.
Lo busque para borrarlo con file assassin y no lo pude encontrar.

Tambien pase el Avira Antivir Personal porque se sigue tildando en internet y me cambia la pagina de inicio en forma constante.

Resultado:

Avira AntiVir Personal
Report file date: martes, 23 de junio de 2009 17:41

Scanning for 1487535 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PAOLA1

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 22/06/2009 19:22:55
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 00:33:26
ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 12/06/2009 19:22:53
ANTIVIR3.VDF : 7.1.4.129 334848 Bytes 23/06/2009 20:16:26
Engineversion : 8.2.0.193
AEVDF.DLL : 8.1.1.1 106868 Bytes 22/06/2009 19:22:54
AESCRIPT.DLL : 8.1.2.9 409978 Bytes 22/06/2009 19:22:53
AESCN.DLL : 8.1.2.3 127347 Bytes 22/06/2009 19:22:53
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 22:24:41
AEPACK.DLL : 8.1.3.18 401783 Bytes 22/06/2009 19:22:53
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 22/06/2009 19:22:53
AEHEUR.DLL : 8.1.0.133 1798520 Bytes 22/06/2009 19:22:53
AEHELP.DLL : 8.1.3.6 205174 Bytes 22/06/2009 19:22:53
AEGEN.DLL : 8.1.1.46 348533 Bytes 22/06/2009 19:22:53
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 18:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 22/06/2009 19:22:53
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 14:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 18:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 22/06/2009 19:22:53
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 14:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: martes, 23 de junio de 2009 17:41

Starting search for hidden objects.
'92296' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SSDK04.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mfpmp.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'Ares.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lxczcoms.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '41' files ).


Starting the file scan:

Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hp\HPQWare\EasySetup\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
C:\Program Files\HP Games\Mah Jong Adventures\Mah Jong Adventures-WT.exe
[DETECTION] Is the TR/Small.4257736.A Trojan
Begin scan in 'D:\' <FACTORY_IMAGE>

Beginning disinfection:
C:\hp\HPQWare\EasySetup\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
[NOTE] The file was moved to '4ab54a6d.qua'!
C:\Program Files\HP Games\Mah Jong Adventures\Mah Jong Adventures-WT.exe
[DETECTION] Is the TR/Small.4257736.A Trojan
[NOTE] The file was moved to '4aa94a69.qua'!


End of the scan: martes, 23 de junio de 2009 18:32
Used time: 51:24 Minute(s)

The scan has been done completely.

23729 Scanned directories
484731 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
484727 Files not concerned
4239 Archives were scanned
2 Warnings
4 Notes
92296 Objects were scanned with rootkit scan
0 Hidden objects were found

-----------------------------------------------------------------------------------------------------------
Type: File
Detection: Contains recognition pattern of the APPL/ACL Set application
Source: C:\hp\HPQWare\EasySetup\SetACL.exe

Type: File
Detection: Is the TR/Small.4257736.A Trojan
Source: C:\Program Files\HP GAMES\Mah Jong Adventures\Mah Jong Adventures-Wt. exe
------------------------------------------------------------------------------------------------------

Tarda mucho en cargar firefox y a veces se tilda. Me cambia la pagina de inicio, bastante seguido.

Disculpa el tamaño del mensaje. Desde ya muchas gracias por tu tiempo. Chau.

Pasaron muchos días. Tratá de generar un nuevo log (siempre en Modo Normal), y si es necesario, bajá de nuevo el HJT que actualicé el link a la nueva versión.

Después analizo todo junto así tengo más información, pero el antivirus te mandó a cuarentena (lugarseguro) los dos archivos infectados que encontró, así que no te preocupes por eso.

Saludos!

Hola Alexia,

Mi nombre es Daniel y trabajo en un equipo de soporte externo para Symantec.

Las cookies de seguimiento son archivos que casi todos los sitios web colocan en tu equipo. No suelen ser maliciosas (pero existe la posibilidad de que lo sean y, por tanto, el programa las está quitando). Los archivos que sean de confianza en Norton Insight no se analizarán ya que se verificaron como buenos. Los demás archivos se analizarán y, si son maliciosos, se quitarán. Para tener la seguridad de que el equipo no está infectado, abre Norton Antivirus y ejecuta un análisis completo del sistema.

Saludos, Daniel
Norton Forum Assist Team