Buenas, feliz Navidad a todos.
Llevo dias intentando eliminar algun malware que me da la lata con las ventanas emergentes. Cuando intento solucionarlo el ordenador me empieza a mostrar ventenas de que estoy infectado con 800 virus y cosas así.
He realizado los 11 pasos que deciís y no hay manera. He ejecuado AVAST antes de iniciar el ordenador, de antivius online he utilizado el Kapersky. Utilizo el Spyboot y el Ad-Aware. Tambien utilizo el SpywareBlaster. Aquí pego el logfile. Gracias por vuestra ayuda.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:36, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRAM FILES\UNLOCKER\UNLOCKERASSISTANT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\PROGRAM FILES\STICKIES\STICKIES.EXE
C:\PROGRAM FILES\GOOGLE\WEB ACCELERATOR\GOOGLEWEBACCWARDEN.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG 2.0\PROGRAM\soffice.exe
C:\PROGRAM FILES\OPENOFFICE.ORG 2.0\PROGRAM\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.es/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*http://es.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://es.es.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1744592761.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Google Bloc de Notas - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1744592761.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\PROGRAM FILES\UNLOCKER\UNLOCKERASSISTANT.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: Anotar esta página (Google Bloc de Notas) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1744592761.dll/gn_menu1.html
O8 - Extra context menu item: Anotar esto (Google Bloc de Notas) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1744592761.dll/gn_menu2.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46322CE6-23C7-4903-91D6-449FEBDA2D14}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12918 bytes

Hola petitmaus, te doy la bienvenida al Foro de InfoSpyware.

Tu log de HijackThis esta libre de Malwares por lo que sugiero realizar lo siguiente:

Descarga, actualiza y ejecuta el programa:

• SUPERAntiSpyware

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo combofix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
• Pega el reporte de ComboFix.txt en este mismo mensaje.

Reinicia y nos contas los resultados.

Salu2

Muchas grácias ElPiedra, creo que se ha acabado el problema, te comento.
He pasado SUPERAntispyware y me ha detectado un troyano en una carpeta llamada system volumen information la cual debe estar oculta en C porqué no la tengo localizada, el ejecutable se llama A0003022.EXE, el cual lo tengo en cuarentena, supongo que lo tendré que eliminar, correcto?.
Luego he pasado el CCleaner como has indicado y después el Combo fix. Luego he navegado durante una hora y media y no me ha aparecido ninguna ventana emergente cosa rara ya que, antes, en solo dos minutos tenia como cuatro ventanas emergentes. A ver si ahora las hecharé en falta!!! YO creo que podemos decir PROBLEMA SOLUCIONADO. Te adjunto el reporte de Combofix:

ComboFix 07-12-21.4 - xecla 2007-12-27 17:55:29.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.1423 [GMT 1:00]
Running from: C:\Documents and Settings\xecla\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\xecla\Desktop\sudoplanet.lnk
C:\Documents and Settings\xecla\Start Menu\Programs\SudoPlanet
C:\Documents and Settings\xecla\Start Menu\Programs\SudoPlanet\SudoPlanet.lnk
C:\Documents and Settings\xecla\Start Menu\Programs\SudoPlanet\Website.lnk
C:\Program Files\sudoplanet
C:\Program Files\sudoplanet\SudoPlanet.dll
C:\Program Files\sudoplanet\SudoPlanet.exe
C:\Program Files\sudoplanet\SudoPlanet.url
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\drivers\npf.sys
c:\WINDOWS\system32\iweuvump.dat
c:\windows\system32\iweuvump.exe
C:\WINDOWS\system32\iweuvump_nav.dat
c:\WINDOWS\system32\iweuvump_navps.dat
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-26 21:49 . 2007-12-26 21:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-26 17:51 . 2007-12-26 17:51 <DIR> d-------- C:\WINDOWS\system32\HWC HD
2007-12-26 17:51 . 2007-12-26 17:52 <DIR> d-------- C:\WINDOWS\ovtcam
2007-12-26 17:51 . 2007-12-26 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-26 17:51 . 2006-09-27 17:08 274,816 --a------ C:\WINDOWS\system32\drivers\HDvid.sys
2007-12-26 17:51 . 2005-02-16 18:15 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-26 17:51 . 2006-09-26 22:42 53,248 --a------ C:\WINDOWS\system32\HDEXT.DLL
2007-12-26 17:51 . 2006-09-26 22:44 36,864 --a------ C:\WINDOWS\OMNIUNS.EXE
2007-12-26 17:51 . 2006-09-28 00:43 26,624 --a------ C:\WINDOWS\system32\HDExt.ax
2007-12-26 17:51 . 2006-10-03 15:06 22,656 -ra------ C:\WINDOWS\system32\drivers\camfilt.sys
2007-12-16 19:02 . 2007-12-16 19:02 <DIR> d-------- C:\Program Files\SogouInput
2007-12-16 19:02 . 2007-12-16 19:02 <DIR> d-------- C:\Documents and Settings\xecla\Application Data\SogouPY
2007-12-16 18:50 . 2007-12-16 18:50 <DIR> d-------- C:\Documents and Settings\xecla\Application Data\PPLive
2007-12-16 18:49 . 2007-12-16 18:49 <DIR> d-------- C:\Program Files\PPLive
2007-12-15 13:35 . 2007-12-15 13:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-15 13:01 . 2007-12-15 13:01 <DIR> d-------- C:\Program Files\Enterra
2007-12-13 13:57 . 2007-12-13 13:57 <DIR> d--hs---- C:\FOUND.001
2007-12-07 14:39 . 2007-12-07 14:39 <DIR> d--hs---- C:\FOUND.000
2007-12-02 20:26 . 2007-12-02 20:26 <DIR> d-------- C:\Program Files\Skype
2007-12-02 20:26 . 2007-12-02 20:26 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-11-30 19:39 . 2007-11-30 19:39 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-30 19:39 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-11-30 19:39 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 14:29 --------- d-----w C:\Program Files\BillP Studios
2007-11-03 14:29 --------- d-----w C:\Documents and Settings\xecla\Application Data\WinPatrol
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 06:50]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-21 01:41]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-24 17:43]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [2007-09-24 13:11]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 16:32]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 C:\WINDOWS\AGRSMMSG.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-10 04:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-10 04:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-10 04:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-10 04:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 04:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 04:00 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 17:56 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 C:\WINDOWS\SkyTel.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 15:08]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-04-20 09:23]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55]
"LogitechCameraService(E)"="C:\WINDOWS\system32\El kCtrl.exe" [2004-11-01 18:22]
"nwiz"="nwiz.exe" [2006-01-19 01:43 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 14:00]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 18:30]
"Enterra Icon Keeper"="C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 16:32]
"UnlockerAssistant"="C:\PROGRAM FILES\UNLOCKER\UNLOCKERASSISTANT.EXE" [2006-09-07 19:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 04:00]

C:\Documents and Settings\xecla\Start Menu\Programs\Startup\
SpywareBlaster.lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe [2007-08-09 18:31:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHe lper.sys [2004-12-17 16:14]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.s ys [2003-04-28 11:27]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-08-29 16:02]
R2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvic port.sys [2006-08-29 16:02]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 04:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\ps dfilter.sys [2006-04-07 20:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdv disk.sys [2006-03-08 17:10]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutto n.sys []
S2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 22:23:50 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-27 16:13:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{20ABA516-0395-482C-965C-1626C8839B9F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 17:59:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\PROGRAM FILES\UNLOCKER\UnlockerHook.dll
.
Completion time: 2007-12-27 18:01:44 - machine was rebooted
.
2007-12-12 19:48:52 --- E O F ---

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Salu2

PD//Para desbloquear la carpeta donde se guardan las restauraciones automáticas tendrías que seguir estos pasos