Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Ante todo mil gracias,por todo lo que aportais al simple usuario.
Tal como os pongo en el enunciado,no hay manera primero de eliminar el Virtumonde o do o como sea,en segundo lugar no me deja hacer escaneos online con el TrendMicro HouseCall,ni con el Panda online,de momento estoy probando el McAfee y parece que está trabajando,voy a lo ocurrido:

Hace tiempo se me instalaron el Bagle y el Virtumonde(do o lo que sea),parece que conseguí eliminarlos siguiendo vuestras indicaciones y las que encontraba por internet,aunque núnca he podido pasar los escaners online,pues si bien empiezan al poco se cierra el Firefox en el caso de HouseCall ,o se bloquea el Panda en el caso de IE,con una actualización de seguridad del XP parecía haberse eliminado del todo el Virtu.
Pero esta mañana intenté instalar un emulador de NDS que descargué mediante P2P después de haber escaneado el archivo que se me daba como limpio,no hubo tal emulador pero si salió una ventana que me pedía que programa quería craquear,por supuesto lo cerré temiendome lo que ya ha pasado,acto seguido se reinició solo el pc ,al volver a windows este me informaba que se habia recuperado de un error grave.
Me habían desaparecido los antivirus y antispy (uso el Nod.32 v.3.0 y el Spybot Search&Destroy),además de desconectarme desde el registro el firewall de windows,y además no me permitía entrar en modo seguro (que resolví gracias a vosotros con el SafeMode Repair).
El problema viene ahora:
1ºNo me lo detecta el Nod32.
2ºNo puedo hacer escaneo online con el HouseCall.
3ºVundoFix tampoco encuentra nada.
4ºNo me deja ejecutar ningún AntiRootkit,ya sea el del Panda(dura dos segundos y no encuentra nada),el Bitdefender (dice que no tengo derechos de Administrador,cuando estoy trabajando desde la cuenta de Administrador de Sistema),ni con el AVG que me dice que he de reiniciar el sistema,y el Trend Micro Rootkitbuster dice que el programa está instalado pero no se inicia o algo así,que verifique que está activado.
Que solución teneis?

Hola !

Primero...

• Descargar ATF Cleaner by Atribune
• Haga doble clic en ATF-Cleaner.exe para ejecutar el programa.
• Haga clic en 'Select All' encontró en la parte inferior de la lista.
• Haga clic en el 'Empty Selected'.
• Si utiliza el navegador Firefox y Opera , realize el mismo procedimiento de arriba. (Click , pestaña de FireFox y de Opera.),

Despues...

1. Descarga DelPSGuard [Última version]
2. Dale doble clic sobre DelPSGuard iniciara el asistente de instalación.
   • Reinicia he inicia en "Modo a prueba de fallos"
3. Ejecuta la herramienta.
4. Te saldra cuatro opciones...
   • Desinfectar Win 2K/2003/NT/XP
   • Desinfectar Win 95/98/98st/Me
   • Borrar las entradas 015 True Zone Spyware
   • Exit (Salir)
5. Elige la primera o segunda opción para desinfectar tú sistema operativo.
6. Espera a que termine el proceso de desinfeccion
7. al finalizar el proceso , saldra un block de notas lo guardas en el Escritorio
   • Reinicia el PC a "Modo normal"
8. Vel Block de notas que guardaste de DelPSGuard. Copias y pegas aqui su contenido.

Por ultimo...

1. Descarga el SilentRunner (dale click con el boton derecho del ratón al enlace y luego en Guardar enlace cómo, Save as o Save Link as....)
2. Ejecuta el script, al hacerlo, te hará unas preguntas, en dichas preguntas contesta 'No' y 'Si' (en ese orden)....
3. Luego, deberás esperar (aunque parezca que no hace nada) a que te aparezca un mensaje con el botón OK
4. En la misma carpeta que ejecutes el script aparecerá un archivo llamado Reporte el cual deberás colocarlo aquí (si lo abres o envías antes de ver el mensaje con el botón Ok, no estará completo)

Salu2!
No olvides volver.

Muchas gracias Angel Doze,aquí os pego los reportes:

DelPSGuard v 4.9.2
by www.ForoSpyware.com
Reporte Creado: 21:56:05,51, 16/03/2008
SO: Microsoft Windows XP [Versi¢n 5.1.2600]
Backup generado en C:\DPSG_Backup
Modo de Inicio: Seguro
_________________________________________


»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

C:\WINDOWS1\system32 \ntimage.gif

»»»»»»»»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»»»»»»



»»»»»»»»»»»»»»»»»»» FIN »»»»»»»»»»»»»»»»»»»

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"BitComet" = ""C:\Archivos de programa\BitComet\BitComet.exe" /tray" ["www.BitComet.com"]
"SpybotSD TeaTimer" = ""C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe"" ["Safer Networking Limited"]
"LphantAutoRun" = ""C:\Archivos de programa\lphant\eLePhantClient.exe"" [null data]
"ctfmon.exe" = "C:\WINDOWS1\system32\ctfmon.exe" [MS]
"TuneUp MemOptimizer" = ""C:\Archivos de programa\TuneUp Utilities 2008\MemOptimizer.exe" autostart" ["TuneUp Software GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"Sunkist2k" = ""C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe"" ["Alcor Micro, Corp."]
"SoundMAXPnP" = ""C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe"" ["Analog Devices, Inc."]
"lxcgmon.exe" = ""C:\Archivos de programa\Lexmark 2300 Series\lxcgmon.exe"" ["Lexmark International, Inc."]
"EzPrint" = ""C:\Archivos de programa\Lexmark 2300 Series\ezprint.exe"" ["Lexmark International Inc."]
"SunJavaUpdateSched" = ""C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"UnlockerAssistant" = ""C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"" [null data]
"LXCGCATS" = "rundll32 C:\WINDOWS1\System32\spool\DRIVERS\W32X86\3\LXCGti me.dll,_RunDLLEntry@16" [MS]
"SpybotSnD" = ""C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"" ["Safer Networking Limited"]
"Babylon Client" = ""C:\Archivos de programa\Babylon\Babylon-Pro\Babylon.exe" -AutoStart" ["Babylon Ltd."]
"egui" = ""C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]
"StartCCC" = ""C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" ["Advanced Micro Devices, Inc."]
"QuickTime Task" = ""C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"Adobe Reader Speed Launcher" = ""C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"TkBellExe" = ""C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"NBKeyScan" = ""C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"NeroFilterCheck" = "C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe" ["install"]
"SecurDisc" = "C:\Archivos de programa\Nero\Nero8\InCD\NBHGui.exe" ["Nero AG"]
"InCD" = "C:\Archivos de programa\Nero\Nero8\InCD\InCD.exe" ["Nero AG"]
"SoundMAX" = ""C:\Archivos de programa\Analog Devices\SoundMAX\smax4.exe" /tray" ["Analog Devices, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll " ["RealPlayer"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\BitComet\tools\BitCometBHO_1.2.1.2.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Aplicación auxiliar de inicio de sesión"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS1\System32\hticons.dll" ["Hilgraeve, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{2C4BD141-ADDA-4B8E-8279-CB5F4826CAB0}" = "NOD32 Scanner Advanced Heuristic Shell Extension"
-> {HKLM...CLSID} = "NOD32 Scanner Advanced Heuristic Shell Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\Eset\NODSE.DLL" [null data]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\msoshext.d ll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\msoshext.d ll" [MS]
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Import Autoplay Shim"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Archivos de programa\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Archivos de programa\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS1\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Archivos de programa\Unlocker\UnlockerCOM.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{09bffb91-ecda-4149-bcfd-d87a345c219e}" = "InCDShellExt extension"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\InCD\InCDshx.dll" ["Nero AG"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{692eb3b0-d034-403e-b742-2407bd43bf9b}" = "InCDUdfPerm extension"
-> {HKLM...CLSID} = "InCDUdfPerm Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\InCD\InCDUP.dll" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS1\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> Antiwpa\DLLName = "antiwpa.dll" [null data]
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.D LL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
InCDShellExt\(Default) = "{09bffb91-ecda-4149-bcfd-d87a345c219e}"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\InCD\InCDshx.dll" ["Nero AG"]
NOD32 Scanner Advanced Heuristic Shell Extension\(Default) = "{2C4BD141-ADDA-4B8E-8279-CB5F4826CAB0}"
-> {HKLM...CLSID} = "NOD32 Scanner Advanced Heuristic Shell Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\Eset\NODSE.DLL" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
InCDShellExt\(Default) = "{09bffb91-ecda-4149-bcfd-d87a345c219e}"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\InCD\InCDshx.dll" ["Nero AG"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
InCDShellExt\(Default) = "{09bffb91-ecda-4149-bcfd-d87a345c219e}"
-> {HKLM...CLSID} = "InCDShellExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero8\InCD\InCDshx.dll" ["Nero AG"]
NOD32 Scanner Advanced Heuristic Shell Extension\(Default) = "{2C4BD141-ADDA-4B8E-8279-CB5F4826CAB0}"
-> {HKLM...CLSID} = "NOD32 Scanner Advanced Heuristic Shell Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\Eset\NODSE.DLL" [null data]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Archivos de programa\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Archivos de programa\Unlocker\UnlockerCOM.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"disableregistrytools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

"Homepage" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|
Disable changing home page settings}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS1\system32\config\systemprofile\Configu ración local\Datos de programa\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\oscar.HOGAR-EDEAPQ7F9\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS1\System32\ssmypics.scr" [MS]


Startup items in "oscar" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\oscar.HOGAR-EDEAPQ7F9\Menú Inicio\Programas\Inicio
"Adobe Gamma" -> shortcut to: "C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Computer, Inc."]
"Mantenimiento con 1 clic" -> launches: "C:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" [null data]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK /AUTOFIX" ["Safer Networking Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Archivos de programa\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"
-> {HKLM...CLSID} = "Babylon"
\InProcServer32\(Default) = "C:\Archivos de programa\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" ["Babylon Ltd."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}" = (no title provided)
-> {HKLM...CLSID} = "Babylon"
\InProcServer32\(Default) = "C:\Archivos de programa\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" ["Babylon Ltd."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Referencia"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]

{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\
"ButtonText" = "BitComet"
"Script" = "res://C:\Archivos de programa\BitComet\tools\BitCometBHO_1.2.1.2.dll/206" ["BitComet"]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
BitComet AntiARP, BitComet AntiARP, "C:\Archivos de programa\BitCometAntiARP\BitCometAntiARP.exe" [null data]
InCD Helper, InCDsrv, "C:\Archivos de programa\Nero\Nero8\InCD\InCDsrv.exe" ["Nero AG"]
lxcg_device, lxcg_device, "C:\WINDOWS1\System32\lxcgcoms.exe -service" [" "]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
Servicio Bonjour, Bonjour Service, ""C:\Archivos de programa\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
TuneUp Ampliación del thema, UxTuneUp, "C:\WINDOWS1\System32\svchost.exe -k netsvcs" {"C:\WINDOWS1\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS1\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS1\System32\WUDFSvc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
2300 Series Port\Driver = "lxcglmpm.DLL" [" "]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2008-03-16 2220)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 111 seconds.
---------- (total run time: 151 seconds)


Bueno ,espero sirva de algo...El SpyBot se ha activado correctamente,pero el Nod32 dice que no tiene comunicación con kernel y no inicia.

Hola.

Realiza lo siguiente....

• Descarga y ejecuta el VundoFix.
  • Doble-clic al archivo VundoFix.exe para activarlo.
  • Cuando VundoFix abre de nuevo, presionar el botón de "Scan for Vundo"
  • Una vez que haya hecho la exploración, presionar el botón de "Remove Vundo"
  • Recibirá un mensaje preguntado si desea quitar los archivos y ponerle YES
  • Una vez presionado YES el escritorio parpadeara en blanco y es porque esta quitando el Vundo.
  • Cuando termina presionar en OK para reiniciar el equipo en modo normal.
  • Por favor, publica el contenido de C: \ vundofix.txt

Tambien....

• Descargar VirtumundoBeGone by secured2k
• Guarde el archivo en su escritorio
• Cierre todos los programas abiertos (incluyendo su explorador de Internet)
• Haga doble clic en el escritorio VirtumundoBeGone.exe
• Lea la información introductoria y, a continuación, haga clic en Continuar
• Haga clic en Inicio
• Cuando se le pregunte si desea continuar, haga clic en Sí para ejecutar el escaneo y desinfeccion.
• Haga clic en "Save Log"

Salu2!
Me cuentas !

Vundo Fix como ya dije no encuentra nada,aquí te dejo el Log de VirtumundoBeGone:


[03/17/2008, 23:20:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\oscar.HOGAR-EDEAPQ7F9\Escritorio\VirtumundoBeGone.exe" )
[03/17/2008, 23:21:08] - Detected System Information:
[03/17/2008, 23:21:08] - Windows Version: 5.1.2600, Service Pack 2
[03/17/2008, 23:21:08] - Current Username: oscar (Admin)
[03/17/2008, 23:21:08] - Windows is in NORMAL mode.
[03/17/2008, 23:21:08] - Searching for Browser Helper Objects:
[03/17/2008, 23:21:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/17/2008, 23:21:08] - BHO 2: {0A4695D3-3995-462C-B053-9EC3F1B866E0} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 4: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[03/17/2008, 23:21:08] - BHO 5: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
[03/17/2008, 23:21:08] - BHO 6: {40B1DE0A-03AC-4494-BBF4-DA9757C44FEB} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 7: {4aa6e28b-95b7-4ce0-8a3d-ced945a1e195} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 8: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/17/2008, 23:21:08] - BHO 9: {6052B044-460A-4BEA-98E9-11F33E3C0B9F} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 10: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[03/17/2008, 23:21:08] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/17/2008, 23:21:08] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aplicación auxiliar de inicio de sesión)
[03/17/2008, 23:21:08] - BHO 13: {971CD96F-3439-4E7A-A3FC-29D3314F5944} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 14: {B6AFF688-7D54-4F72-8554-3081E56D0544} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 15: {C90F491C-75F3-41CD-A8A5-5BCD6475B55B} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 16: {D664BAAD-ACF1-4E81-A956-472FE935BF45} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 17: {DBBB4DA1-2DB0-4869-88A8-A8B1D0C289B4} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 18: {DCE5FA5D-75BD-4A41-BFF6-FE92F6DCEA7F} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 19: {E03DE75D-1E9B-48D7-B5C3-032E44034218} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:08] - BHO 20: {E7EA4CDE-0BFF-4142-BA4F-C010288A5EF7} ()
[03/17/2008, 23:21:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:08] - No filename found. Continuing.
[03/17/2008, 23:21:09] - BHO 21: {eebafe42-da0a-41a2-bba8-fa771ba5a72b} ()
[03/17/2008, 23:21:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:09] - No filename found. Continuing.
[03/17/2008, 23:21:09] - BHO 22: {F156768E-81EF-470C-9057-481BA8380DBA} ()
[03/17/2008, 23:21:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/17/2008, 23:21:09] - No filename found. Continuing.
[03/17/2008, 23:21:09] - Finished Searching Browser Helper Objects
[03/17/2008, 23:21:09] - Finishing up...
[03/17/2008, 23:21:09] - Nothing found! Exiting...

Creo que no me quedará más remedio que formatear...

Conseguí pasar el Superantispy en modo seguro,después de haber vuelto a clicar el SafeModeRepair, ya que de nuevo no podía acceder en Modo Seguro,me localizó y eliminó 40 infecciones varias,volví a pasarlo y me localizó y eliminó una más,volví a pasarlo y no encontró nada;pasé el RegSeeker,y después el CCleaner,reinicié y pase el Super en modo normal,cuyo reporte ya te he puesto más arriba.
Nod32 sigue sin conectar con Kernel,Spybot no se ejecuta,no puedo ejecutar ningún antirootkit...en definitiva no me quedará más remedio que formatear.Ya direis algo...gracias de todos modos.

Hola osky@kei.es, por favor realiza los siguientes pasos en modo normal:

Paso 1
Descargue, instale y/o actualice los siguientes programas (pero no los ejecute aun).

• Malwarebytes' Anti-Malware <---instalalo y actualizalo pero no lo ejecutes todavia.
  NOTA: Si despues de instalarlo el lenguaje esta en Ingles ve a la pestaña "Settings" y lo cambias a Español.
  
  
• ComboFix.exe y guárdala en el escritorio.
  
  
• CCleaner

Paso 2
Apaga el "Restaurar Sistema" (solo en Win Me y XP) y activa ver archivos ocultos.

Paso 3
Ejecuta estos programas (de a uno).

• Malwarebytes' Anti-Malware

• Realiza un escaneo completo del PC y elimina las infecciones que este detecte. El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.

• Usa el CCleaner para limpiar el sistema.

• Primero utiliza la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
• Luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Paso 4

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo combofix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
• Pega el reporte de ComboFix.txt en este mismo mensaje.

Reinicia y nos dejas los reportes.

NOTA:
-Para mayor comodidad imprime los pasos.
-Al terminar los pasos esconde los archivos ocultos y activa restaurar sistema.
-Recuerda volver y contarnos los resultados.

Malwarebytes' Anti-Malware 1.08
Versión de la Base de Datos: 501

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 142142
Tiempo transcurrido: 38 minute(s), 13 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 7
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 120

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS1\system32\antiwpa.dll (Malware.Tool) -> Unloaded module successfully.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Malware.Tool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\WINDOWS1\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS1\system32\drivers\down\15232609.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15232859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15239671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15240859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15242328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15244390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15265671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15268671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15270500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15272687.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15280937.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15284531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15285109.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15285406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15287609.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15324531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15330437.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15512296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15512671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15515359.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15516234.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15523625.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\15534484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16128312.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16147656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16152531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16154609.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16156562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16167218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16170656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16171406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16171890.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16174140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16208203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\16213734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29740343.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29740562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29743484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29744703.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29746171.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29748500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29772671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29776765.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29778640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29783937.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29795500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29799171.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29800359.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29800671.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29803000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\29839781.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44389281.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44389593.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44393500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44395640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44397484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44408875.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44437359.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44442968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44444984.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44447187.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44455281.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44459359.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44461046.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44461750.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44466000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44507796.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\44516296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5471203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5480437.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5486859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5487640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5524218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5621468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5733390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5790968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5816515.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5844234.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5879968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5883875.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5884640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5885125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\5887453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\58929468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\58939359.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\58940968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\58946953.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\58991015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59078406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59090125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59092343.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59103859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59159234.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59169140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59170109.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59170406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59180265.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59229984.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\59241484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\709859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\710218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\712390.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\714140.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\716203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\719000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\742718.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\751109.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\753656.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\756640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\770921.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\777187.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\779953.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\780468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\785000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\819046.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\823406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\antiwpa.dll (Malware.Tool) -> Delete on reboot.
C:\WINDOWS1\system32\mdelk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS1\system32\drivers\srosa.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Este es el reporte de Malwarebyte´s,algunos no podía eliminarlos hasta que no reiniciara,dos que no recuerdo cuales eran no los podía eliminar ni en el reinicio (estoy escaneando otra vez para deciros cuales),pues bien di a reinicio y al acceder a mi cuenta de usuario y comenzar a cargar los programas automáticamente vuelve a reiniciar (sólo),me impide nuevamente acceder en Modo Seguro, y en modo normal después de iniciar sesión (sin poder activar ni Spybot ni Nod,quitando la conexión compartida ,o algo así me dice, anula el Firewall,y el único que inicia es el SuperantiSpyware,que no encuentra nada)me sale la típica ventanita diciendo:"windows se ha recuperado de un error grave...",por lo que todavía esta en el Pc.En cuanto acabe el escaneo de Malwarebytes os pongo lo que me dice,si no es que también ha aprendido a ocultarse de este último .

Aquí viene el siguiente:

Malwarebytes' Anti-Malware 1.08
Versión de la Base de Datos: 501

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 142461
Tiempo transcurrido: 36 minute(s), 48 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 20

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\WINDOWS1\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS1\system32\drivers\down\200281.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\200750.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\204218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\206625.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\208953.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\210609.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\213125.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\250187.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\257343.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\259828.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\262234.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\280000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\285921.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\288203.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\288718.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\291500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\328796.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\down\340500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS1\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS1\system32\drivers\srosa.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Como podeis ver vuelve a salir el hldrrr.exe y el srosa.sys.Voy a reiniciar para eliminar lo que no ha podido,ejecutando antes el SafeMode Repair para poder entrar en Modo Seguro y enseguida os reporto lo sucedido... me jodieron,no puedo ejecutarlo,me dice que no es una aplicación Win32 válida......pues reinicio y ya os cuento...

Continua con el siguiente paso en modo normal que es la ejecución de Combofix y pegas su reporte para analizarlo.

Lee detenidamente las recomendaciones antes de usar Combofix.

Saludos.

Con Combofix me dice lo mismo...Es más ni reinstalandolo,parecía que se iba a ejecutar y se me ha cerrado Firefox ha habido dos parpadeos casi imperceptibles en la pantalla,como de dos ventanas del tamaño de la de Combofix,y nada,el ccleaner tampoco se ejecuta,parpadea pero no inicia es lo mismo que me hace el Spybot...