Hola gente, me encuentro con un problemita bastate serio a mi modesto entender. resulta que abri como un tonto un archivo de esos myspace.facebook.zip que me vino en el msn, la cosa es que a partir de ahi no e parado de tener problemas, tales como el reenvio del virus o lo que sea a mis coontactos y la aparicion constante de paginas como "barrera integral" u otras ofreciendo antivirus como tb otras publicidades y alertas de virus tal como buffer overun.
Estuve chequeando estas paginas y seguí las instrucciones que se dieron a un usuario en http://www.forospyware.com/t164650.html

Limpié pistas y registros pero en vez de usar el ccleaner use glarie utilities, descargue y utilice primero el superspyware y luego el Malwarebytes' Anti-Malware en una primera oportunidad a modo normal y entre ambos detectaron unos 70 troyanos, luego probé y seguian los problemas, volvi a repetir los pasos pero esta vez en modo seguro, y se volvieron a detectar y eliminar troyanos pero esta vez en menos cantidad. Creyendo que estaba todo bien abro el msn y lo primero que hace es renviar el virus nuevamente y de nuevo aparece el mje de virus over run y mas paginas de publicidad. Ya no se que hacer o como encarar el tema.
Aqui posteo los últimos informes luego de haber intentado con los programas que les comenté. Quiero destacar que luego de este del super spyware hice un escaneo mas y no detectó nada sin embargolos problemas siguieron igual que antes. Espero me puedan dar una mano.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/24/2008 at 03:19 PM

Application Version : 4.0.1154

Core Rules Database Version : 3446
Trace Rules Database Version: 1438

Scan type : Quick Scan
Total Scan Time : 00:17:42

Memory items scanned : 441
Memory threats detected : 7
Registry items scanned : 330
Registry threats detected : 10
File items scanned : 5089
File threats detected : 13

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\DDCCTJIA.DLL
C:\WINDOWS\SYSTEM32\DDCCTJIA.DLL
C:\WINDOWS\SYSTEM32\DDCBQHGG.DLL
C:\WINDOWS\SYSTEM32\DDCBQHGG.DLL
C:\WINDOWS\SYSTEM32\OEMJWWBY.DLL
C:\WINDOWS\SYSTEM32\OEMJWWBY.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}\InprocServer32
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}\InprocServer32#ThreadingModel
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcCTjIa

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\USER\JVQXJPH.EXE
C:\DOCUMENTS AND SETTINGS\USER\JVQXJPH.EXE
[dglu] C:\WINDOWS\SYSTEM32\DGLU.EXE
C:\WINDOWS\SYSTEM32\DGLU.EXE
C:\WINDOWS\Prefetch\DGLU.EXE-3AE5A8F8.pf

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\OPNNKJHI.DLL
C:\WINDOWS\SYSTEM32\OPNNKJHI.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\TUHEJAVQ.DLL
C:\WINDOWS\SYSTEM32\TUHEJAVQ.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\AQJINUOR.DLL
C:\WINDOWS\SYSTEM32\AQJINUOR.DLL

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{671207F7-5A97-4A3F-8CC8-6056E72C2F51}
HKCR\CLSID\{671207F7-5A97-4A3F-8CC8-6056E72C2F51}
HKCR\CLSID\{671207F7-5A97-4A3F-8CC8-6056E72C2F51}\InprocServer32
HKCR\CLSID\{671207F7-5A97-4A3F-8CC8-6056E72C2F51}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\USER\Cookies\user@antispywaremaster[2].txt
C:\Documents and Settings\USER\Cookies\user@sale.antispywaremaster[1].txt
C:\Documents and Settings\USER\Cookies\user@atdmt[2].txt
C:\Documents and Settings\USER\Cookies\user@msnportal.112.2o7[1].txt



Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 676

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 106191
Tiempo transcurrido: 1 hour(s), 8 minute(s), 56 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 12
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 6

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\plkruhdq.dll (Trojan.Vundo) -> Unloaded module successfully.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45e46a27-658f-4cf3-ba6a-b31bfcdc912f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{45e46a27-658f-4cf3-ba6a-b31bfcdc912f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMd385cd2a (Trojan.Agent) -> Delete on reboot.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Archivos de programa\ConnectionServices (Adware.BHO) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\Documents and Settings\USER\Configuración local\Archivos temporales de Internet\Content.IE5\WL4BORCZ\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{805AE900-9660-4D6A-A35D-E1AD018D9B8C}\RP551\A0198826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{805AE900-9660-4D6A-A35D-E1AD018D9B8C}\RP551\A0198832.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plkruhdq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Archivos de programa\ConnectionServices\Uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kyoyyuxi.dll (Trojan.Agent) -> Delete on reboot.


y el resultado del ultimo escaneo....


Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 676

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 105392
Tiempo transcurrido: 2 hour(s), 44 minute(s), 13 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 7
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 3

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMd385cd2a (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Documents and Settings\USER\Configuración local\Archivos temporales de Internet\Content.IE5\09I3456F\CAARSTUB (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Configuración local\Archivos temporales de Internet\Content.IE5\C56FYVWL\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{805AE900-9660-4D6A-A35D-E1AD018D9B8C}\RP552\A0199870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



gracias de antemano. Saludos

Walter

Hola bienvenido(a) al foro , por favor realiza lo siguiente:

Descarga e instala los siguientes programas(aún no los ejecutes):

- VundoFix.
- Delpsguard(esta en la parte final del link que te doy).
- Trojan Remover 6.6.5(no olvides actualizarlo al descargarlo).
- ATF-Cleaner

Posteriormente realiza lo siguiente:

Apaga Restaurar sistema.

Inicias en modo a prueba de fallos .

Ejecuta Trojan Remover 6.6.5, se abrirá una ventana tu le das en continue y das click en update para actualizarlo esto último tienes que hacerlo ni bien lo descarges, pero ya estando en modo a prueba de fallos, das click en scan, elimina todo lo que te encuentra.(regresas con su reporte dale en view Log)

Ejecutas VundoFix(no olvides regresar con su reporte) siguiendo estas instrucciones:

Ejecutas Delpsguard (no olvides regresar con su reporte).

Ejecutas ATF- Cleaner de la siguiente manera:

• Dale doble clic a ATF-Cleaner
• Marca la Casilla de "Select All."
• Para eliminar da clic en "Empty Selected"
• Por último, dale clic a Exit

Finalmente reinicias en modo normal y realizas un nuevo escaneo con los siguientes antivirus online, en el orden en los que te doy:

- Ewido (no olvides darle en la opción REMOVE INFECTIONS) dudas sobre este te lees el manual de ewido .

- Kaspersky Online Scanner cualquier duda sobre este último lees su manual y pegas el reporte que te da de resultado.

Saludos

Nota: Si los reportes son largos pegalos en varios post.

Gracias Sikartus..paso a comentar:

E seguido al pie de la letra las instrucciones, como primera medida descargué los programas recomendados.
Apagué restarurar sistema, aun sigue asi.
Inicié a modo seguro
Ejecuté Ttroyan remover, y aqui el reporte

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
26/04/2008 01:47:35 a.m.: Trojan Remover has been restarted
C:\Documents and Settings\USER\jvqxjph.exe has been deleted (if it existed)
C:\WINDOWS\system32\yayyYSli.dll has been renamed to C:\WINDOWS\system32\yayyYSli.dll.vir
C:\WINDOWS\system32\cbXNFyww.dll has been renamed to C:\WINDOWS\system32\cbXNFyww.dll.vir
================================================== =====
Removing the following registry keys:
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - already removed
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\yayyYSli - already removed
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - removed
HKCR\CLSID\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - removed
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - removed
================================================== =====
================================================== =====
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \[GP Result] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \[d0b6feb6] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\[{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}] - already deleted
================================================== =====
The Lsa Authentication Packages registry entry has been reset
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
Unable to rename C:\Documents and Settings\USER\jvqxjph.exe to C:\Documents and Settings\USER\jvqxjph.exe.vir
(C:\Documents and Settings\USER\jvqxjph.exe does not appear to exist)
26/04/2008 01:47:36 a.m.: Trojan Remover closed
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2528. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 01:04:40 a.m. 26 Abr 2008
Using Database v6979
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\USER\Datos de programa\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\USER\Mis documentos\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Archivos de programa\Trojan Remover\
Running with Administrator privileges


**************************************************
PC appears to be in SAFE MODE.

**************************************************

The regfile\shell\open\command Registry Key appears to have been modified.
The current Registry entry is: regedit.exe "%1" %*.
This entry calls the following file:
C:\WINDOWS\regedit.exe
Trojan Remover has restored the Registry regfile\shell\open key.
--------------------

**************************************************
01:04:51 a.m.: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
01:04:51 a.m.: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
01:04:51 a.m.: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
01:04:52 a.m.: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1035776 bytes
Created: 19/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
File: C:\Documents and Settings\USER\jvqxjph.exe
C:\Documents and Settings\USER\jvqxjph.exe - process is either not running or could not be terminated
C:\Documents and Settings\USER\jvqxjph.exe - unable to take ownership/change permissions
C:\Documents and Settings\USER\jvqxjph.exe - file could not be neutralised
[kill file error: C:\Documents and Settings\USER\jvqxjph.exe, El sistema no puede hallar el archivo especificado.
]
C:\Documents and Settings\USER\jvqxjph.exe - marked for renaming when the PC is restarted (if it exists)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Cmaudio
Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd
cmicnfg.cpl [file not found to scan]
--------------------
Value Name: PCTVOICE
Value Data: pctspk.exe
C:\WINDOWS\system32\pctspk.exe
-R- 180224 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company:
--------------------
Value Name: SunJavaUpdateSched
Value Data: C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
49263 bytes
Created: 11/03/2007
Modified: 09/11/2006
Company: Sun Microsystems, Inc.
--------------------
Value Name: avast!
Value Data: C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
--------------------
Value Name: GP Result
Value Data: gpreslt.exe
C:\WINDOWS\system32\gpreslt.exe
-HS- 135168 bytes
Created: 21/04/2008
Modified: 22/04/2008
Company:
gpreslt.exe - this registry value has been removed
C:\WINDOWS\system32\gpreslt.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\gpreslt.exe - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\gpreslt.exe - file renamed to: C:\WINDOWS\system32\gpreslt.exe.vir
--------------------
Value Name: d0b6feb6
Value Data: rundll32.exe "C:\WINDOWS\system32\uklchrfv.dll",b
C:\WINDOWS\system32\uklchrfv.dll
96320 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\uklchrfv.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\uklchrfv.dll - file renamed to: C:\WINDOWS\system32\uklchrfv.dll.vir
C:\WINDOWS\system32\vfrhclku.ini - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\vfrhclku.ini, associated with Adware.VirtuMonde, has been deleted
--------------------
Value Name: BMd385cd2a
Value Data: Rundll32.exe "C:\WINDOWS\system32\ablhrqnh.dll",s
C:\WINDOWS\system32\ablhrqnh.dll
105536 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: C:\Archivos de programa\Trojan Remover\Trjscan.exe
C:\Archivos de programa\Trojan Remover\Trjscan.exe
877136 bytes
Created: 26/04/2008
Modified: 24/04/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: Yahoo! Pager
Value Data: "C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
4538368 bytes
Created: 25/06/2006
Modified: 20/06/2006
Company: Yahoo! Inc.
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
1481968 bytes
Created: 29/02/2008
Modified: 29/02/2008
Company: SUPERAntiSpyware.com
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty

**************************************************
01:05:51 a.m.: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL
C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006
Modified: 20/12/2006
Company: SuperAdBlocker.com
----------
ValueName: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
File: C:\WINDOWS\system32\yayyYSli.dll
C:\WINDOWS\system32\yayyYSli.dll
40448 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\yayyYSli.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\yayyYSli.dll - this registry value has been removed
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - this key has been removed
C:\WINDOWS\system32\yayyYSli.dll - file ownership assigned to: ABC-63C5BBDAB86\USER
C:\WINDOWS\system32\yayyYSli.dll - file backed up to C:\WINDOWS\system32\yayyYSli.dll.vir
C:\WINDOWS\system32\yayyYSli.dll - file has been neutralised
C:\WINDOWS\system32\yayyYSli.dll - marked for renaming when the PC is restarted
----------

**************************************************
01:06:36 a.m.: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
01:06:36 a.m.: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

**************************************************
01:06:36 a.m.: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Archivos de programa\Outlook Express\setup50.exe
73728 bytes
Created: 27/06/2005
Modified: 19/08/2004
Company: Microsoft Corporation
C:\Archivos de programa\Outlook Express\setup50.exe [file not found to scan]
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Archivos de programa\Outlook Express\setup50.exe
73728 bytes
Created: 27/06/2005
Modified: 19/08/2004
Company: Microsoft Corporation
C:\Archivos de programa\Outlook Express\setup50.exe [file not found to scan]
----------

**************************************************
01:06:37 a.m.: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

**************************************************
01:06:39 a.m.: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41600 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: AresChatServer
ImagePath: C:\Archivos de programa\Ares\chatServer.exe
C:\Archivos de programa\Ares\chatServer.exe
263168 bytes
Created: 19/03/2007
Modified: 19/03/2007
Company: Ares Development Group
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\asp net_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 22/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe"
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe"
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
144760 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
345464 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\USER\CONFIG~1\Temp\catchme.sys - this file is globally excluded
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
-R- 755392 bytes
Created: 27/06/2005
Modified: 06/11/2003
Company: C-Media Inc
----------
Key: dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINDOWS\System32\dmadmin.exe
225792 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corp., VERITAS Software
----------
Key: gusvc
ImagePath: "C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 25/12/2006
Modified: 03/01/2007
Company: Google
----------
Key: MBAMCatchMe
ImagePath: \??\C:\Archivos de programa\Malwarebytes' Anti-Malware\catchme.sys
C:\Archivos de programa\Malwarebytes' Anti-Malware\catchme.sys
27048 bytes
Created: 24/04/2008
Modified: 07/04/2008
Company:
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 27/06/2005
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: Ptserial
ImagePath: system32\DRIVERS\ptserial.sys
C:\WINDOWS\system32\DRIVERS\ptserial.sys
-R- 354287 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCTEL, INC.
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\WINDOWS\System32\Drivers\PxHelp20.sys
43528 bytes
Created: 27/09/2006
Modified: 07/03/2007
Company: Sonic Solutions
----------
Key: SASDIFSV
ImagePath: \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 29/02/2008
Modified: 29/02/2008
Company:
----------
Key: SASENUM
ImagePath: \??\C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS
C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006
Modified: 16/02/2006
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys
C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys
51440 bytes
Created: 29/02/2008
Modified: 29/02/2008
Company:
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 17/07/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: SiS315
ImagePath: system32\DRIVERS\sisgrp.sys
C:\WINDOWS\system32\DRIVERS\sisgrp.sys
-R- 427776 bytes
Created: 27/06/2005
Modified: 29/10/2003
Company: Silicon Integrated Systems Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
41088 bytes
Created: 27/06/2005
Modified: 03/08/2004
Company: Silicon Integrated Systems Corporation
----------
Key: SiSkp
ImagePath: system32\drivers\srvkp.sys
C:\WINDOWS\system32\drivers\srvkp.sys
11264 bytes
Created: 27/06/2005
Modified: 29/10/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SISNIC
ImagePath: system32\DRIVERS\sisnic.sys
C:\WINDOWS\system32\DRIVERS\sisnic.sys
32768 bytes
Created: 27/06/2005
Modified: 03/08/2004
Company: SiS Corporation
----------
Key: SONYPVU1
ImagePath: system32\DRIVERS\SONYPVU1.SYS
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
7552 bytes
Created: 27/12/2005
Modified: 17/08/2001
Company: Sony Corporation
----------
Key: sr
ImagePath: \SystemRoot\system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73600 bytes
Created: 27/06/2005
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{368ED74A-8DC3-4AB2-960F-25BFADD2D929}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe"
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: Vmodem
ImagePath: system32\DRIVERS\vmodem.sys
C:\WINDOWS\system32\DRIVERS\vmodem.sys
-R- 703673 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCTEL, INC.
----------
Key: Vpctcom
ImagePath: system32\DRIVERS\vpctcom.sys
C:\WINDOWS\system32\DRIVERS\vpctcom.sys
-R- 801490 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCtel, Inc.
----------
Key: Vvoice
ImagePath: system32\DRIVERS\vvoice.sys
C:\WINDOWS\system32\DRIVERS\vvoice.sys
-R- 70320 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCtel, Inc.
----------
Key: w300bus
ImagePath: system32\DRIVERS\w300bus.sys
C:\WINDOWS\system32\DRIVERS\w300bus.sys
-R- 60800 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mdfl
ImagePath: system32\DRIVERS\w300mdfl.sys
C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
-R- 9264 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mdm
ImagePath: system32\DRIVERS\w300mdm.sys
C:\WINDOWS\system32\DRIVERS\w300mdm.sys
-R- 96352 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mgmt
ImagePath: system32\DRIVERS\w300mgmt.sys
C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
-R- 87824 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300obex
ImagePath: system32\DRIVERS\w300obex.sys
C:\WINDOWS\system32\DRIVERS\w300obex.sys
-R- 85696 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: WLSetupSvc
ImagePath: "C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe"
C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------

**************************************************
01:06:50 a.m.: Scanning -----VXD ENTRIES-----

**************************************************
01:06:50 a.m.: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: !SASWinLogon
DLL: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
294912 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: SUPERAntiSpyware.com
----------
Key: yayyYSli
DLL: yayyYSli.dll
C:\WINDOWS\system32\yayyYSli.dll
40448 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\yayyYSli.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\yayyYSli.dll - this reference has been removed (file already neutralised)
----------

**************************************************
01:06:58 a.m.: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll
C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: BriefcaseMenu
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}
Path: syncui.dll
C:\WINDOWS\system32\syncui.dll
195072 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: Glary Utilities
CLSID: {72923739-5A47-40A3-9895-25AF0DFBB9E4}
Path: C:\ARCHIV~1\GLARYU~1\CONTEX~1.DLL
C:\ARCHIV~1\GLARYU~1\CONTEX~1.DLL
30208 bytes
Created: 23/09/2007
Modified: 20/08/2007
Company: GlarySoft,Inc.
----------
Key: Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
332800 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: PandoShellExt
CLSID: {9C150845-2A2D-44CC-90B3-AA03480AA3D2}
Path: C:\Archivos de programa\Pando Networks\Pando\PandoShellExt.dll
C:\Archivos de programa\Pando Networks\Pando\PandoShellExt.dll
57344 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company: Pando Networks
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\ARCHIV~1\TROJAN~1\Trshlex.dll
C:\ARCHIV~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 26/04/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Archivos de programa\WinRAR\rarext.dll
C:\Archivos de programa\WinRAR\rarext.dll
128512 bytes
Created: 08/08/2007
Modified: 22/05/2007
Company:
----------
Key: Yahoo! Mail
CLSID: {5464D816-CF16-4784-B9F3-75C0DB52B499}
Path: C:\ARCHIV~1\Yahoo!\Common\ymmapi.dll
C:\ARCHIV~1\Yahoo!\Common\ymmapi.dll
180848 bytes
Created: 25/06/2006
Modified: 23/11/2004
Company: Yahoo! Inc.
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Archivos de programa\SUPERAntiSpyware\SASCTXMN.DLL
C:\Archivos de programa\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007
Modified: 27/02/2007
Company: SUPERAntiSpyware.com
----------

**************************************************
01:07:00 a.m.: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------

**************************************************
01:07:00 a.m.: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
439872 bytes
Created: 25/06/2006
Modified: 06/06/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
37808 bytes
Created: 30/07/2005
Modified: 02/03/2001
Company:
----------
Key: {38D3FE60-3D53-4F37-BB0E-C7A97A26A156}
BHO: C:\Archivos de programa\Pando Networks\Pando\PandoIEPlugin.dll
C:\Archivos de programa\Pando Networks\Pando\PandoIEPlugin.dll
569344 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company: Pando Networks
----------
Key: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
BHO: C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll
C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll
176128 bytes
Created: 25/06/2006
Modified: 05/06/2006
Company: Yahoo! Inc.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
440056 bytes
Created: 09/11/2006
Modified: 09/11/2006
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B}
BHO: C:\WINDOWS\system32\cbXNFyww.dll
C:\WINDOWS\system32\cbXNFyww.dll
281088 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\cbXNFyww.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\cbXNFyww.dll - this BHO was being loaded by the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - this key has been removed
C:\WINDOWS\system32\cbXNFyww.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - this key has been removed
C:\WINDOWS\system32\cbXNFyww.dll - file ownership assigned to: ABC-63C5BBDAB86\USER
C:\WINDOWS\system32\cbXNFyww.dll - file backed up to C:\WINDOWS\system32\cbXNFyww.dll.vir
C:\WINDOWS\system32\cbXNFyww.dll - file has been neutralised
C:\WINDOWS\system32\cbXNFyww.dll - marked for renaming when the PC is restarted
C:\WINDOWS\system32\wwyFNXbc.ini - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\wwyFNXbc.ini, associated with Adware.VirtuMonde, has been deleted
C:\WINDOWS\system32\wwyFNXbc.ini2 - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\wwyFNXbc.ini2, associated with Adware.VirtuMonde, has been deleted
Adware.VirtuMonde has modified a critical registry key value:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\"Authent ication Packages"
This key value has been reset.
----------
Key: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
BHO: C:\WINDOWS\system32\yayyYSli.dll
C:\WINDOWS\system32\yayyYSli.dll
40448 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\yayyYSli.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\yayyYSli.dll - this BHO was being loaded by the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - this key has been removed (file already neutralised)
C:\WINDOWS\system32\yayyYSli.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - this key has been removed
----------
Key: {fc79be72-8af8-4abf-b4bb-a0b609b10a82}
BHO: C:\WINDOWS\system32\sghskten.dll
C:\WINDOWS\system32\sghskten.dll
107072 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
----------

**************************************************
01:07:18 a.m.: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
280576 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------

**************************************************
01:07:19 a.m.: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Precargador Browseui
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1023488 bytes
Created: 19/08/2004
Modified: 16/02/2008
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Demonio de caché de las categorías de componente
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1023488 bytes
Created: 19/08/2004
Modified: 16/02/2008
Company: Microsoft Corporation
----------

**************************************************
01:07:19 a.m.: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
01:07:19 a.m.: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
01:07:19 a.m.: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 19/08/2004
Modified: 25/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------

**************************************************
01:07:20 a.m.: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

**************************************************
01:07:20 a.m.: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
-HS- 84 bytes
Created: 27/06/2005
Modified: 27/06/2005
Company:
--------------------
C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 17/02/1999
Modified: 17/02/1999
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
01:07:20 a.m.: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

**************************************************
01:07:20 a.m.: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 27/06/2005
Modified: 24/04/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 27/06/2005
Modified: 24/04/2008
Company:
----------
Additional file checks completed
---------

**************************************************
01:07:22 a.m.: Scanning ------ %TEMP% DIRECTORY ------
**************************************************
01:07:24 a.m.: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
**************************************************
01:07:29 a.m.: Scanning ------ ROOT DIRECTORY ------

**************************************************
01:07:33 a.m.: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[11 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[75 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[52 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[64 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[95 loaded modules in total]
--------------------
C:\Documents and Settings\USER\Datos de programa\Simply Super Software\Trojan Remover\mym2.exe
FileSize: 2478656
[This is a Trojan Remover component]
[23 loaded modules in total]
--------------------

**************************************************
01:08:00 a.m.: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
01:08:00 a.m.: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
01:08:00 a.m.: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
01:08:00 a.m.: started scan of Windows\System32 DLLS
Removing the following DLLs associated with Adware.VirtuMonde:
geBrrRhg.dll
urqRIyYR.dll
1282 DLL files scanned, 2 malicious DLLs deleted (or marked for deletion)
01:09:33 a.m.: completed scan of Windows\System32 DLLS
**************************************************

**************************************************
01:09:33 a.m.: ------ Scan for other files to remove ------
C:\WINDOWS\pskt.ini has been deleted
----------
1 malware-related files deleted (or marked for deletion)

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
This value is blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 26/04/2008 01:09:33 a.m.
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
26/04/2008 01:09:45 a.m.: restart commenced
************************************************** **********
Continúa........

seguidamente y siempre en modo seguro ejecuté Vundo fix...y este es el reporte:



VundoFix V7.0.3

Scan started at 11:48:34 a.m. 23/04/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.3

Scan started at 01:18:48 a.m. 26/04/2008

Listing files found while scanning....

C:\WINDOWS\system32\sghskten.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sghskten.dll
C:\WINDOWS\system32\sghskten.dll Has been deleted!

Performing Repairs to the registry.
Done!


A continuacion siguio el turno del DELSPGUARD (Que a todo esto vino con un troyano que detectó el avast, lo mandé al baul)

este es el informe....:

DelPSGuard v 4.9.7
by www.ForoSpyware.com
Reporte Creado: 1:53:59,00, 26/04/2008
SO: Microsoft Windows XP [Versi¢n 5.1.2600]
Modo de Inicio: Normal
_________________________________________


»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

C:\WINDOWS\system32 \ntimage.gif Eliminado Malware.Bagle
C:\WINDOWS\cookies.ini ...: ! Eliminado ! :...

»»»»»»»»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»»»»»»



»»»»»»»»»»»»»»»»»»» FIN »»»»»»»»»»»»»»»»»»»



Se ejecutó el AFT cleaner que no dio reporte, reinicié en modo normal.


Escanie con ewido...

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\USER\Cookies\user@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\USER\Cookies\user@ssl-hints.netflame[2].txt
Risk: Medium

Name: Dialer.Generic
Path: HKU\S-1-5-21-57989841-152049171-839522115-1003\Software\EGDHTML
Risk: High

Finalmente ejecuté Kaperski on line y parece que aun esta infectado...

Saturday, April 26, 2008 8:57:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726109


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 72315
Number of viruses found 2
Number of infected objects 2 Number of suspicious objects 0
Duration of the scan process 01:42:14

Infected Object Name Virus Name Last Action
C:\Archivos de programa\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Archivos de programa\Alwil Software\Avast4\DATA\report\Protección residente.txt Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Pando\Pando Files\cert\cert8.db Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Pando\Pando Files\cert\key3.db Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Datos de programa\Pando\Pando Files\pando.log Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Historial\History.IE5\MSHist0120080426200804 27\index.dat Object is locked skipped

C:\Documents and Settings\USER\Configuración local\Temp\Perflib_Perfdata_e38.dat Object is locked skipped

C:\Documents and Settings\USER\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\USER\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-4-26-2008( 2-4-25 ).LOG Object is locked skipped

C:\Documents and Settings\USER\Mis documentos\Mis archivos recibidos\VundoFix.exe Infected: Trojan-Downloader.Win32.Delf.gzb skipped

C:\Documents and Settings\USER\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\USER\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\gpreslt.exe.vir Infected: Backdoor.Win32.IRCBot.cpc skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Que mas puedo hacer?, el backdoor aun debe estar dando vueltas por aqui...saludos y gracias nuevamente.

Hola

Realiza estos pasos por favor...

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Salu2
Recuerda volver y contarnos los resltados

Bueno, paso a comentar cual es el estado de situación, ya que dejé pasar un par de dias para estar seguro:
Lo último fue seguir todos los pasos que me indicó Sikartus, aún no ejecuté lo indicado por <¡D3vIL!> ya que queria ver si habia sido suficiente. No e tenido ventanas que se abran ni nada de publicidad, tampoco mis contactos han sido bombardeados por el virus de facebox.zip, sin embargo me han quedado fuertes vibraciones casi permanentes en el monitor, que si estoy con audio suenan espantosamente como golpeteos rápidos similar a una ametralladora, y esto no se a que atribuirlo porque antes jamas lo hizo. Alguien sabrá a que se debe?, tendrá relacion con los ataques?, sigo los pasos de <¡D3vIL!>?. Gracias por sus respuestas. Saluds

Bueno, nuevamente comento como anduvo este tema que parece complicado..
Segui las instrucciones de <¡D3vIL!> aplicando el combo fix e aqui el reporte

ComboFix 08-04-29.5 - USER 2008-05-01 16:31:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.74 [GMT -3:00]
Se ejecuta desde: C:\Documents and Settings\USER\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\USER\Datos de programa\macromedia\Flash Player\#SharedObjects\7KDCGZH7\iforex.com
C:\Documents and Settings\USER\Datos de programa\macromedia\Flash Player\#SharedObjects\7KDCGZH7\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\Documents and Settings\USER\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\Documents and Settings\USER\Datos de programa\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bajybtfm.ini
C:\WINDOWS\system32\fxhemrfy.ini
C:\WINDOWS\system32\Ihjknnpo.ini
C:\WINDOWS\system32\Ihjknnpo.ini2
C:\WINDOWS\system32\NqYcdccf.ini
C:\WINDOWS\system32\NqYcdccf.ini2
C:\WINDOWS\system32\qvajehut.ini
C:\WINDOWS\system32\usjrthty.ini
C:\WINDOWS\system32\WvxGNXbc.ini
C:\WINDOWS\system32\WvxGNXbc.ini2
C:\WINDOWS\system32\wwyFNXbc.ini

.
(((((((((((((((((( Archivos creados desde 2008-04-01 - 2008-05-01 )))))))))))))))))))))))))))))))))
.

2008-04-28 00:53 . 2008-04-28 00:53 <DIR> d-------- C:\Archivos de programa\Alarm
2008-04-28 00:53 . 2001-04-16 20:31 61,440 --a------ C:\WINDOWS\system32\digitbox.ocx
2008-04-27 19:57 . 2008-04-27 20:04 <DIR> d-------- C:\Archivos de programa\UrbanTerror
2008-04-26 21:28 . 2008-04-27 11:40 50 --a------ C:\WINDOWS\GunzLauncher.INI
2008-04-26 21:20 . 2008-04-26 21:20 <DIR> d-------- C:\Archivos de programa\MAIET
2008-04-26 08:57 . 2008-04-26 08:57 38,640 --a------ C:\virus.html
2008-04-26 03:22 . 2008-04-26 03:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 03:22 . 2008-04-26 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-04-26 01:52 . 2008-05-01 12:12 <DIR> d-------- C:\Archivos de programa\DelPSGuard
2008-04-26 01:03 . 2008-05-01 11:34 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-04-26 00:54 . 2008-04-26 00:54 <DIR> d-------- C:\Documents and Settings\USER\Datos de programa\Simply Super Software
2008-04-26 00:54 . 2008-04-26 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Simply Super Software
2008-04-26 00:54 . 2008-05-01 01:41 <DIR> d-------- C:\Archivos de programa\Trojan Remover
2008-04-26 00:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-26 00:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-26 00:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-26 00:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-26 00:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-25 23:37 . 2008-04-25 23:37 40,448 --a------ C:\WINDOWS\system32\yayyYSli.dll.vir
2008-04-24 12:29 . 2008-04-24 12:29 <DIR> d-------- C:\Documents and Settings\USER\Datos de programa\SUPERAntiSpyware.com
2008-04-24 12:29 . 2008-04-24 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-04-24 12:29 . 2008-04-25 17:10 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-04-24 12:22 . 2008-04-24 12:22 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-04-24 12:16 . 2008-04-24 12:16 <DIR> d-------- C:\Documents and Settings\USER\Datos de programa\Malwarebytes
2008-04-24 12:16 . 2008-04-24 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-04-24 12:16 . 2008-04-24 12:16 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-04-23 11:48 . 2008-05-01 01:03 <DIR> d-------- C:\VundoFix Backups
2008-04-22 20:32 . 2008-04-23 00:33 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-22 16:47 . 2008-04-22 16:47 <DIR> d-------- C:\Documents and Settings\USER\DoctorWeb
2008-04-22 15:41 . 2008-04-22 15:41 <DIR> d-------- C:\BackUpMSNCleaner
2008-04-22 13:14 . 2008-04-28 20:50 109,738 --a------ C:\WINDOWS\BMd385cd2a.xml
2008-04-21 23:58 . 2008-04-22 17:44 135,168 --a------ C:\WINDOWS\system32\gpreslt.exe.vir
2008-04-20 16:00 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-20 15:12 . 2008-04-20 15:13 <DIR> d-------- C:\Documents and Settings\USER\Datos de programa\OpenArena

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-20 20:54 --------- d-----w C:\Archivos de programa\VBadgeL4
2008-04-18 01:29 --------- d-----w C:\Archivos de programa\eMule
2008-03-25 02:25 --------- d-----w C:\Archivos de programa\Pando Networks
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 16:49 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Avg7
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-01 14:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAC73096-FACE-4926-B6B0-726D3F985CDE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Archivos de programa\Winamp Toolbar\winamptb.dll" [2007-10-04 17:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Archivos de programa\Winamp Toolbar\winamptb.dll [2007-10-04 17:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:42 15360]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-06-20 16:02 4538368]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"PCTVOICE"="pctspk.exe" [2003-09-23 22:56 180224 C:\WINDOWS\system32\pctspk.exe]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp. exe" [2008-03-29 15:37 79224]
"TrojanScanner"="C:\Archivos de programa\Trojan Remover\Trjscan.exe" [2008-04-24 18:40 877136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:42 15360]
"Picasa Media Detector"="C:\Archivos de programa\Picasa2\PicasaMediaDetector.exe" [2007-09-11 21:29 443968]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 15:35]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 11:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 11:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 11:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 11:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 11:50]

.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 16:36:47
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-05-01 16:42:16
ComboFix-quarantined-files.txt 2008-05-01 19:42:10

11 dirs 22,408,355,840 bytes libres
13 dirs 22,494,961,664 bytes libres

143 --- E O F --