Saludos de nuevo

A ver , os cuento;

Me baje otra versión de Nero ¬¬ y me ha infectado el ordenador, además me pasaron el famoso virus del msn.Esto último he podido resolverlo gracias a las instrucciones que dais en el foro :afirmar: (MSNCleaner).

Respecto al primer problema, desinstalé el nero, borré archivos, pasé Ccleaner y mwav.exe
El caso que en la carpeta de system32 ¡me aparecen un montón de archivos de este tipo 7f6e10bf7e06fea80ef5eb51e1f2db7e.TMP!:chillando
Me da miedo borrarlos, pero yo creo que no deberían estar ahi... Ya no se que mas hacer...:negar:


Esto es el resultado de mwav:

Fichero C:\WINDOWS\system32\rqromkj.dll etiquetado como "not-a-virus:AdWare.Win32.Virtumonde.jp". Acción tomada: Ninguna acción tomada.
Fichero C:\WINDOWS\System32\rqromkj.dll etiquetado como "not-a-virus:AdWare.Win32.Virtumonde.jp". Acción tomada: Ninguna acción tomada.
Fichero C:\WINDOWS\System32\ebadafffcbcbfdccdfba.dll infectado por "Spyware.Unknown" Virus. Acción tomada: Ninguna acción tomada.
Fichero C:\WINDOWS\system32\rqromkj.dll etiquetado como "not-a-virus:AdWare.Win32.Virtumonde.jp". Acción tomada: Ninguna acción tomada.
Objeto "video activex access Trojan" encontrado en fichero de sistema. Acción tomada: Ninguna acción tomada.
Entrada "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" referida a un objeto inválido "C:\ARCHIV~1\QUICKT~1\QuickTimePlayer.exe". Acción tomada: Ninguna acción tomada.
Entrada "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" referida a un objeto inválido "C:\ARCHIV~1\QUICKT~1\PictureViewer.exe". Acción tomada: Ninguna acción tomada.
Fichero C:\WINDOWS\System32\rqromkj.dll etiquetado como "not-a-virus:AdWare.Win32.Virtumonde.jp". Acción tomada: Ninguna acción tomada.


MIL GRACIAS, DE NUEVO !!!

hola La Morrigan :biggrin:

sigue los pasos del siguiente enlace y nos dejas el reporte de panda :Bien:

--> http://www.forospyware.com/t14727.html

:bye:

Saludos de nuevo

Hice todos los pasos de la lista (Superantispywar me detectó 2 Trojan.WinFixer ke no pudo eliminar, el resto de archivos .tmp pude eliminarlos) los demás programas no me detectaron nada más ( o eso creo). Limpié y pasé el KASPERSKY (porque el panda no me funcionaba ¿?¿?) Os mando el informe:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
miércoles, 19 de septiembre de 2007 2:01:53
Sistema operativo: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner versión: 5.0.93.0
Ultima actualización: 19/09/2007
Registros en la base antivirus: 420399
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: estendidas
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\

Estadísticas:
Número de objeros analizados: 61076
Virus encontrados: 1
Objetos infectados: 1
Objetos sospechosos: 0
Duración del análisis: 02:29:30

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked saltado
C:\check_LSA7.txt Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Adobe\Acrobat\8.0\Updater\updater.log Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Adobe\Updater5\aumLib.log Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_001_ Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_002_ Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_003_ Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_MAP_ Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF2971.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF3337.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF4331.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF653A.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF6551.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF699.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DF7E27.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~DFFF26.tmp Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~WRD1618.doc Object is locked saltado
C:\Documents and Settings\Liber\Configuración local\Temp\~WRS0005.tmp Object is locked saltado
C:\Documents and Settings\Liber\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Microsoft\Plantillas\Normal.dot Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Microsoft\Word\Guardado con Autorrecuperación de GUERRA.asd Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \cert8.db Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \history.dat Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \key3.db Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \parent.lock Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \search.sqlite Object is locked saltado
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \urlclassifier2.sqlite Object is locked saltado
C:\Documents and Settings\Liber\Escritorio\GUERRA.doc Object is locked saltado
C:\Documents and Settings\Liber\Escritorio\~WRL0002.tmp Object is locked saltado
C:\Documents and Settings\Liber\Escritorio\~WRL0118.tmp Object is locked saltado
C:\Documents and Settings\Liber\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Liber\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\WINDOWS\Debug\oakley.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\rqromkj.dll.vir Infectados: not-a-virus:AdWare.Win32.Virtumonde.jp saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\Temp\Perflib_Perfdata_540.dat Object is locked saltado
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.

Como puedo eliminarlo?? MIL GRACIASSS !

hola :rolleyes:
seguiste todos los pasos??

realizalos todos ,y si los hicistes dejanos los reportes que faltan :afirmar:

busca y elimina el archivo

--> C:\WINDOWS\system32\rqromkj.dll.vir
si no se dejara usa "FileASSASSIN" (http://www.forospyware.com/298547-post10.html)(con la opción "Use la función de borrado normal")
realiza un nuevo scan con karpesky ::pensar:: y nos dejas el reporte en caso que muestre algo :Bien:
nos comentas.
:bye:

Ahi van los reportes ke faltan..el de superantispywar no lo enkuentro :S
Ahora hago lo ke me dijiste ACSIS :) a ver ke tal...

DelPSGuard v 4.7.1
by www.ForoSpyware.com
Escaneo a las: 22:00:58,12, 18/09/2007
SO: Microsoft Windows XP [Versi¢n 5.1.2600]


»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»


»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»


»»»»»»»»»»»» FIN »»»»»»»»»»»»


VundoFix V6.5.8

Checking Java version...

Sun Java not detected
Scan started at 22:15:59 18/09/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


[09/18/2007, 22:24:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Liber\Escritorio\VirtumundoBeGone.exe" )
[09/18/2007, 22:24:50] - Detected System Information:
[09/18/2007, 22:24:50] - Windows Version: 5.1.2600,
[09/18/2007, 22:24:50] - Current Username: Liber (Admin)
[09/18/2007, 22:24:50] - Windows is in SAFE mode with Networking.
[09/18/2007, 22:24:50] - Searching for Browser Helper Objects:
[09/18/2007, 22:24:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aplicación auxiliar de vínculos de Adobe PDF Reader)
[09/18/2007, 22:24:50] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} (Freecorder Toolbar)
[09/18/2007, 22:24:50] - BHO 3: {6BA7399B-11ED-4CD7-B13D-3DFD31780EDA} ()
[09/18/2007, 22:24:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:50] - Checking for HKLM\...\Winlogon\Notify\mlljj
[09/18/2007, 22:24:50] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[09/18/2007, 22:24:50] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/18/2007, 22:24:50] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/18/2007, 22:24:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:50] - No filename found. Continuing.
[09/18/2007, 22:24:50] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/18/2007, 22:24:50] - BHO 7: {9370EFDE-C0DA-42C9-B609-41C87B462011} ()
[09/18/2007, 22:24:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:50] - Checking for HKLM\...\Winlogon\Notify\rqromkj
[09/18/2007, 22:24:50] - Found: HKLM\...\Winlogon\Notify\rqromkj - This is probably Virtumundo.
[09/18/2007, 22:24:50] - Assigning {9370EFDE-C0DA-42C9-B609-41C87B462011} MSEvents Object
[09/18/2007, 22:24:50] - BHO list has been changed! Starting over...
[09/18/2007, 22:24:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aplicación auxiliar de vínculos de Adobe PDF Reader)
[09/18/2007, 22:24:50] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} (Freecorder Toolbar)
[09/18/2007, 22:24:50] - BHO 3: {6BA7399B-11ED-4CD7-B13D-3DFD31780EDA} ()
[09/18/2007, 22:24:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:50] - Checking for HKLM\...\Winlogon\Notify\mlljj
[09/18/2007, 22:24:50] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[09/18/2007, 22:24:51] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/18/2007, 22:24:51] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/18/2007, 22:24:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:51] - No filename found. Continuing.
[09/18/2007, 22:24:51] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/18/2007, 22:24:51] - BHO 7: {9370EFDE-C0DA-42C9-B609-41C87B462011} (MSEvents Object)
[09/18/2007, 22:24:51] - ALERT: Found MSEvents Object!
[09/18/2007, 22:24:51] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/18/2007, 22:24:51] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/18/2007, 22:24:51] - Finished Searching Browser Helper Objects
[09/18/2007, 22:24:51] - *** Detected MSEvents Object
[09/18/2007, 22:24:51] - Trying to remove MSEvents Object...
[09/18/2007, 22:24:52] - Terminating Process: IEXPLORE.EXE
[09/18/2007, 22:24:54] - Terminating Process: RUNDLL32.EXE
[09/18/2007, 22:24:54] - Disabling Automatic Shell Restart
[09/18/2007, 22:24:54] - Terminating Process: EXPLORER.EXE
[09/18/2007, 22:24:54] - Suspending the NT Session Manager System Service
[09/18/2007, 22:24:54] - Terminating Windows NT Logon/Logoff Manager
[09/18/2007, 22:24:55] - Re-enabling Automatic Shell Restart
[09/18/2007, 22:24:55] - File to disable: C:\WINDOWS\System32\rqromkj.dll
[09/18/2007, 22:24:55] - Renaming C:\WINDOWS\System32\rqromkj.dll -> C:\WINDOWS\System32\rqromkj.dll.vir
[09/18/2007, 22:24:55] - File successfully renamed!
[09/18/2007, 22:24:55] - Removing HKLM\...\Browser Helper Objects\{9370EFDE-C0DA-42C9-B609-41C87B462011}
[09/18/2007, 22:24:55] - Removing HKCR\CLSID\{9370EFDE-C0DA-42C9-B609-41C87B462011}
[09/18/2007, 22:24:55] - Adding Kill Bit for ActiveX for GUID: {9370EFDE-C0DA-42C9-B609-41C87B462011}
[09/18/2007, 22:24:55] - Deleting ATLEvents/MSEvents Registry entries
[09/18/2007, 22:24:55] - Removing HKLM\...\Winlogon\Notify\rqromkj
[09/18/2007, 22:24:55] - Searching for Browser Helper Objects:
[09/18/2007, 22:24:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aplicación auxiliar de vínculos de Adobe PDF Reader)
[09/18/2007, 22:24:55] - BHO 2: {1392b8d2-5c05-419f-a8f6-b9f15a596612} (Freecorder Toolbar)
[09/18/2007, 22:24:55] - BHO 3: {6BA7399B-11ED-4CD7-B13D-3DFD31780EDA} ()
[09/18/2007, 22:24:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:55] - Checking for HKLM\...\Winlogon\Notify\mlljj
[09/18/2007, 22:24:55] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[09/18/2007, 22:24:55] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/18/2007, 22:24:55] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/18/2007, 22:24:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/18/2007, 22:24:57] - No filename found. Continuing.
[09/18/2007, 22:24:57] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/18/2007, 22:24:57] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/18/2007, 22:24:57] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/18/2007, 22:24:57] - Finished Searching Browser Helper Objects
[09/18/2007, 22:24:57] - Finishing up...
[09/18/2007, 22:24:57] - A restart is needed.
[09/18/2007, 22:25:36] - Attempting to Restart via STOP error (Blue Screen!)

:ojotes: ya no se que hacer!!!Ahora me sale en otro sitio!!

¿Puedo vaciar al completo esta carpeta C:\Documents and Settings\Liber\Configuración local\Archivos temporales de Internet? Me aparecen un montón de archivos de imagen y hojas de estilo....:chillando

Ahi va el reporte de KASPERSKY

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 19, 2007 8:00:02 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 19/09/2007
Kaspersky Anti-Virus database records: 420752
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 60945
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 02:02:51

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Archivos temporales de Internet\Content.IE5\8H6NKHEV\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Liber\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Temp\~DF5DF3.tmp Object is locked skipped
C:\Documents and Settings\Liber\Configuración local\Temp\~DFE2B8.tmp Object is locked skipped
C:\Documents and Settings\Liber\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \cert8.db Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \history.dat Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \key3.db Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \parent.lock Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \search.sqlite Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\Mozilla\Firefox\Profiles\7mj0tk9z.default \urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Liber\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SUP ERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Liber\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Liber\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_544.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

hola,:biggrin: ,,

el que muestra deveria irse usando el Ccleaner(Manual) (http://www.forospyware.com/t39511.html) :afirmar:
--> C:\Documents and Settings\Liber\Configuración local\Archivos temporales de Internet\Content.IE5\8H6NKHEV\valera[1]

por lo demas,,,como sigue el pc??
:bye:

Listo! Efectivamente los borró, pero es que no entiendo porque seguian ahi si acababa de pasar el cleaner antes de pasar el Karspersky.

El ordena me va lento al encender, me tarda bastante al pulsar el navegador (mozilla) y a veces se me abren pestañas (que no ventanas, etc) de publicidad de antivirus :S

Ahora mismo acabo de pasar el mwav.exe y me salió esto (tengo el informe extenso, si es mejor me lo dices ok?):

Objeto "video activex access Trojan" encontrado en fichero de sistema. Acción tomada: Ninguna acción tomada.
Entrada "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" referida a un objeto inválido "C:\ARCHIV~1\QUICKT~1\QuickTimePlayer.exe". Acción tomada: Ninguna acción tomada.
Entrada "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" referida a un objeto inválido "C:\ARCHIV~1\QUICKT~1\PictureViewer.exe". Acción tomada: Ninguna acción tomada.

El ordena me va lento al encender, me tarda bastante al pulsar el navegador (mozilla) y a veces se me abren pestañas (que no ventanas, etc) de publicidad de antivirus :S

.

:rolleyes: Descarga el SilentRunner (http://www.silentrunners.org/Silent%20Runners.vbs) (dale click con el boton derecho del ratón al enlace y luego en Guardar enlace cómo, Save as o Save Link as....)

Ejecuta el script, al hacerlo, te hará unas preguntas, en dichas preguntas contesta 'No' y 'Si' (en ese orden)....

Luego, deberás esperar (aunque parezca que no hace nada) a que te aparezca un mensaje con el botón OK

En la misma carpeta que ejecutes el script aparecerá un archivo llamado Reporte el cual deberás colocarlo aquí (si lo abres o envías antes de ver el mensaje con el botón Ok, no estará completo)

Ten un poquito de paciencia hasta que termine el proceso.
.
:bye:

Saludos de nuevo

Hice lo que me dijiste Acsis, :rolleyes: espero ke este correcto ya que estuve esperando mucho tiempo....ahi va el reporte:
---------------------------------------------------
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"swg" = "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avast!" = "C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"Adobe Reader Speed Launcher" = ""C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Nero AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aplicación auxiliar de vínculos de Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1392b8d2-5c05-419f-a8f6-b9f15a596612}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Freecorder\tbFree.dll" ["Conduit Ltd."]
{3AA7598E-21DB-46DB-B987-789326A13E55}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\mlljj.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"aswBoot.exe /M:5e24b560" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL" ["SUPERAntiSpyware.com"]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
FAExt\(Default) = "{05672D66-9736-42F5-8BEB-FA1DD3CA51C4}"
-> {HKLM...CLSID} = "FAExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\FILEAS~1\FILEAS~1.DLL" ["Malwarebytes"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Liber\Mis documentos\Mis imágenes\140159_1177689272_large.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Liber\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Liber" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Freecorder\tbFree.dll" ["Conduit Ltd."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}" = "Freecorder Toolbar"
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Freecorder\tbFree.dll" ["Conduit Ltd."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{1392b8d2-5c05-419f-a8f6-b9f15a596612}" = (no title provided)
-> {HKLM...CLSID} = "Freecorder Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\Freecorder\tbFree.dll" ["Conduit Ltd."]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "LCU" = hex:0x46E9A1F8
<<H>> "GFC" = "6tgiD7pWsvrbf8b6cSjEuraahmUwwjoZ7xFjpGQ3Ns96vl6BnU QLoRGwbRfgq9u0ol8tD8ODajsN49tizUx/nCH+6VIEBuNFz5fcTYYV8VcoptKJeVkZGbYqHol5Hfyc0ZWSkv 19iYSYmW8Ck5rlWpl2MxbjteczG/+pSETbf68bsUCgjis+lM6nqpc0EbqCkVKRse+wbZve1cgVouwr 3Vv0BYsEVhBS02pmGLVOo1h2x0tVuXaauN45eNXacN6mg7dzKf 9IgQ3/9nygZjXodJ1YRvkEIjX10cB42f54thw5xHuMIBbxefCpJ1C38m eniVjq1V5Rs+r4RRseAlQunaQdQiiGFtC0Ukz8Nj06Kyeq5wY1 7E/XQeJaTuunXngLu4DjjHieC81xNj8vYk/oAuFUmJsK6G9VXi0d6+b/0j/4fGHNPQQNHl8HsTt/aCCUPTYN2DN/URj+thH7tAaxpXglXKRBvN546jzL5fad58lL/3SebCrpegkHaGWj1oyCfPtxJJ4ZU0x6cZlzZ1aHQkoEoMQ8pp7 vSO05XO6BAh2i9uKjk9njvmyeUPMDvQyVGqSs4IybHGZ9Rd0KZ 4UxmKP2Gn0lkmjRmvbhKtym6o1bs5xIfvPG45c+J0+Bcdb+4BO lLWv/VHj/Cflk3tKhtxnGpW34RsQcUbtHxgrO18sZLZFW/ZYqh+H9rsxImkFdA8gH82Hw1gmWVC19FcdxXCxclNSW4GoiqMO f9HCfnIThNzHLcBWgKJEORvwjdFwiYSRRc1UMTLPJiXZN2W43v 78xLVJ3/3lsNBkGeNVT6/lw2+q5ZQYRx+R91S77tSfjvGgbTWtaXdklYH4J8/FZdK0L7z3hnk2rIKFEewFRmFJeHLMZ4A/6EwLQKHnrvT2sD71c4M9bXLBLByunlF5p1H55RYt5sGpyfS7Fl w/tz5VUlduS1uzRlUDgLFccPqw8Qh0ipk3+aB3nAPDCsdnMf5+18 shcJlNw/LL72Ip2U565RWVMuv2PFoHMRHI9nQBJ3FO1sgfS4YxZbTcjyzD xVn1Hx/wEVyZVBeX3LxOjvkBxS9ZlkhNuZ4hFOTUz/R5stb1HGBSd3wnlZY5OSK6TeQUlbn8vOtVoWuo2nmh3fy6TwuC MQeTeneBSFF8s0V3UcWniNfMJ7WpNztI44H/A981dfx5i7FvSYJCu0raJwOaNeXMMCT/9fu6bN83ciQ4Q6bJb9YqXoRF4GEeZx0IZykMq8QSGuDXFyYCGO ZMQimINQQbY2211CdQ70Lkhp94XDvPNEGXbJ43aD8FeGBShb8p pZmiwAjeATj0vmla0D8yqESC1W65osNk3bpQRwWv4c1x4LAUSl bSUU1BnqFgA01Msye1xyPOGY2VPK2qlroPNZQn3OpSNvQJGMe/s3PM6qKNGbd8MTX7+uE4YanL52pnrT7oAKkF7VFyPUT5zm7LDn pTRG2m3rG8fpI1yHi5fWFe89t7OLBKzFRDHdG3K5qihR8xLemp IjvuUjKSTug7TpkImUIowVI8nESS3V0jy7N24BYD9Oxm26b4Qy Dz2OBlBq1VKeutJOa9vJtwHRsJoCT32qejknU3PF/N9q+ihVhnv4P/9LX6X+UOCS0TlaGnTec+DXHDImHBbpvtTS1dPNVZowtOLJw/LmSbz8jBOxnaNb2LSK9ieQ8LbPuNw2Tw4wH5SSRe+toVIYV5jL rNtqJysMNb3yALQ/hSNl68gGiJMea/tY3fzJG+WoAwrG1JdAvWgi4llGcUhiUUUU2QEed+RPINSlVF99 qDcGh6qjxfvoVqabiK/gxVLrfjHAWyKq/CiofO1IffKOhJ4s25M+yycXOjgpp/VPyRkhN/iIc4I4Nlfk7cM53kKZoRKQBSs5zEaTDgHaBZkG94qaVuLYC6Ss oW2Za17BoslriAxORFDjsnzoK0pWXJ7Fukv2lIokdlQzX1stWU DvVSOzgd5NnK+FM8m0bMZGy2c9O0Yb+b+ZUFzpfzFeGCuytrc9 zxK3eA2drqqcgIxaN6/MC7TNlD3Ba5Fcq94FJRyohMGS6efFqw4tKf6x81viEcBqY3p/qn2Xs5dy25cmS2w2zDa6zss0+jWP8xf96TymU+iCbxcZaCZy+x hRvkBZocchDaTBiB60gHx72VRW5IJEdniOt0RJL9peqQ/Pdk/Xmm2uWGqUyKr9HwoeHJugSWEfZpe5mARIso9hWkIrat6bh6BS/+wKyrXnXCeY/W8UIl8kq5uy/YDvzr8vNrqDerBialiNJMcs4gBR6ilkCwlJF7Segw+4GV38utu HSdcgzZ5hFsSs59TtQyXxtRv9ih9lUaM7My0rRGlKE4axePRjo CLz5u20ZdJioBGgfxe+dXDKVhz2xMVooisDOKTPnO7TG7uROSA MYa/7n2wR/wfCmJux2zjhw2Jc8g4wO0GaoQ+zskcTYlK36mNAQwhGE23VT0f iDSm9W+aO6VgRk3wO12uNbS5rMA/3+jAoSK8nQUAihjNtSkT7Di/CUybhP7HykaoJ/oWcI6WnSOrKFmlhQ/hnH5OEosk/MSkSxn+djRc6jRG6SekfHUmlSVvUyVmgCC/aZwWqGuBLFjgGB/uT+0oYDLfNy2S0tJFTpzXbSZfQUUGP0THnrkIwnQ65WUYQs78P UzJIlqhEjOlvZEor6X3l63n0rA4zkzG8y9s5CWMWhrc//C+o1yQFnoUeQ1rSSrJtCBUHCmb84yQXJGpIa7Z5dIovoWQ7eci KtA1bCDop2WhZWYtZlW95EKm2CpNy5fRzSjZr23jd42O34eGun Vg7V7ZaUwY2DPn/z/bwngc9Yr6jXSgv92nH652NdwZaJH2EJXpq+/Kl1HM3u55QzvxJT2cDpy8mLtWWeMQkAAwpVTHTaPT/XHhmyP/3i4MpWKl2AztqIz35jpfbeTYHftysSOK/6Qtpt6RaYNiLkmTOzDdSuLFsCgnZfYb66YF7lKir8dNIxtaysO C/ycdb3mRAhmXoq+jutJOL6oj2zx6x1VYQAnqduu7UBYqGvgJDMj FDrP3GR+JlxBLFG0eY1WC8Rc5lYAMA2h20c4Pz2esXYPjqoDIF zRhgd4ifKtAZogzayjSpNQiMdFRoSGGD4BnAOpEPtNJePdW0Cm WrXgxyQ+I7fBaiHWhdKjRaMcW5bpnVf3KWHWwjPzWim5ZaP8ft aN6XDuErUHBHIejCk9K+3X4rlmiHYXF6QZ5lR2R8T8p+wB2W9p NJFAS3QgipSQaw9mrO6Tpyo+zck4DrQ6U2C+ioI8pt7J7StAn7 +Uv3aoklGmaz0obz5BS18Un/mhK36l/2DHwczR1HlDtJ7F/Afs+pIZJhbbtLji6Adjr7buIRF3kph1/dKGOGMXkuoJj5HRJpKebMUVZtlz4tU0kH1oiQLRC9pHNyeBnw/ctqv8FxF5QQcHllo1wbM0e4hNtJCo4frryoZrJL19SV6S1e5Hu HixnhnKkBW9dKgt9OPaCGCzuSXXes+n1guTGhO8f7uumLRjOP1 kTod2chHq36i+Ikevxypbkc8FRsjHX6KLRUKCqdGS4rZZPb9MM rozCEm+mhWatUGq91az+NNQLV3zS7IEuSKW45ezbrDiZj+g9aY yDHARSEGA7LtPslfSF8z2s5cFoSnZbxWMBoMYItLNccl8h2GKi ZC+ucvuAo2Ifpuiv9/ZIGT7fDEtQ2lQDw36tSjg/mAjkoaiIxYNCuqL2tHfDyESHvNZw1RiacFI8AsPCOay2Hey30Y tp54voxHohqaTWUrK+irdJg1cClngS/Ysp7977LVFb1Ta+MS94nEu7KSkx4ePwjhpyz0sHFbXjSjcgfGz 4n7+jLeCH" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]


---------- (launch time: 2007-09-20 13:41:06)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 654 seconds.
---------- (total run time: 5391 seconds)

GRACIAS

hola...
Elimina el Siguiente Archivo: ( Si no se deja Eliminar usa Killbox (http://www.forospyware.com/49-post6.html) o FileAssasin (http://www.forospyware.com/t68195.html#post298547)):


C:\WINDOWS\System32\mlljj.dll

abre un bloc de notas y copia lo siguiente en el:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs]
"LCU"=-
"GFC"=-

guardas el archivo y lo nombras archivo.reg luego haces doble click sobre el mismo y aceptas la modificacion del registro..

reinicia la pc e indicanos si continuan saliendo las ventanas?

Hice lo que me dijiste, a la hora de eliminar el archivo lo hice con fileassassin ¬¬ me dijo ke no podia y me aparecio una ventana diciendo ke se iba a reiniciar el ordena...se apagó pero si ke se habia borrado ^_^
Guarde en sistem32 el archivo.reg, he reiniciado y aparentemente todo bien (creo ke ha tardado menos en iniciar windows) no se me han abierto ventanas!!:aplausos: Mil gracias

Otra cosa es ke los navegadores me tardan algo en abrir y no se si es normal ¿?¿?¿? y como hago para quitar los elemntos bloqueados de la barra de google???:sho: me callooo , sorry es que se me vienen muchas preguntas

GRACIAS de nuevo y a ACSIS ;)