Hola buenos dias.
Tras varios dias leyendo informacion sobre como eliminar los diversos spyware, virus y demas malwares, y tras realizar lo mejor que he podido los 11 pasos para la limpieza ( pasado SpyBoot Search & Destroy, Superantispayware, Spyblaster, etc) sigo teniendo problemas con mi PC. Los sintomas son los siguientes:

Al inicio me arranca un falso Windows Security Center, similar a otro que vi en un post anterior.

Tras cerrar la dichosa ventana, se queda el icono rojo con el aspa blanca junto al reloj.

Tras algunos minutos me suele dar un par de errores, hasta que me aparece un mensaje de System Shutdown, diciendome que existe un error con el lsass.exe, y que tengo un minuto para guardar mis datos, a continuacion el equipo se reinicia, y ocurre incluso en el modo a prueba de fallos.

Muchas gracias.

Un saludo.

Hola , te doy la bienvenida al Foro de InfoSpyware.


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos nos comentas.

Ya deje el reporte del Combofix, pero en el mensaje inicial editandolo.

Gracias por todo.

Saludos.:

Buenas noches y gracias por la pronta respuesta.
Tras ejecutar Combofix, el reporte que se obtiene tras ejecutarse es:

ComboFix 08-05-01.3 - domjos 2008-05-06 1:23:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1688 [GMT 2:00]
Running from: C:\Documents and Settings\domjos\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\bkR11
C:\WINDOWS\system32\grouppolicy\machine\scripts\sc ripts.ini
C:\WINDOWS\system32\illnn.ini
C:\WINDOWS\system32\illnn.ini2
C:\WINDOWS\system32\lrlfjyvy.ini
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTSVC
-------\Legacy_FCI
-------\Service_CcEvtSvc
-------\Service_FCI


((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-03 14:51 . 2004-08-04 00:06 25,600 --a------ C:\WINDOWS\system32\setupcl.exe
2008-05-02 15:56 . 2008-05-02 15:56 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-02 15:56 . 2008-05-02 15:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-02 15:56 . 2008-05-02 15:56 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-02 15:51 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-05-02 15:50 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-02 15:49 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003310_.tmp
2008-05-02 12:57 . 2008-05-02 14:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-02 12:51 . 2008-05-02 12:51 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-05-02 12:51 . 2008-05-02 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-02 12:02 . 2008-05-02 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-02 11:50 . 2008-05-02 11:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 15:39 . 2008-05-02 11:21 2,556 --a------ C:\WINDOWS\mozver.dat
2008-04-29 13:28 . 2008-05-03 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 12:45 . 2008-04-29 12:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-28 22:45 . 2008-04-28 22:45 <DIR> d-------- C:\WINDOWS\system32\es-ES
2008-04-28 22:32 . 2008-04-28 22:43 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-28 22:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-28 17:31 . 2008-04-28 17:31 <DIR> d-------- C:\Documents and Settings\domjos\Application Data\Uniblue
2008-04-28 17:01 . 2008-04-28 17:03 267,269 --a------ C:\Quote_DOMJOS080018-0_Draft.pdf
2008-04-23 16:30 . 2008-04-23 16:30 214,502 --a------ C:\Quote_DOMJOS080015-3_Draft.pdf
2008-04-21 16:20 . 2008-04-21 16:24 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-21 12:39 . 2008-04-14 00:30 225,664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-21 12:38 . 2008-04-14 00:45 334,848 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008-04-21 12:37 . 2008-04-14 05:42 142,336 --a------ C:\WINDOWS\system32\nwprovau.dll
2008-04-21 12:37 . 2008-04-14 05:43 139,656 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-21 12:32 . 2008-04-13 22:09 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-21 12:32 . 2008-04-14 05:42 132,096 --a------ C:\WINDOWS\system32\wkssvc.dll
2008-04-21 12:31 . 2008-04-14 00:50 361,344 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-21 12:30 . 2008-04-14 00:09 384,768 --a------ C:\WINDOWS\system32\drivers\update.sys
2008-04-21 12:30 . 2008-04-14 00:02 180,608 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2008-04-21 12:29 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-21 12:26 . 2008-04-14 00:25 202,624 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-21 12:26 . 2008-04-14 00:15 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-21 12:26 . 2008-04-14 00:47 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-21 12:26 . 2008-04-14 00:15 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-21 12:24 . 2008-04-14 05:41 617,472 --a------ C:\WINDOWS\system32\comctl32.dll
2008-04-21 12:24 . 2008-04-14 00:03 129,792 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2008-04-21 12:21 . 2008-04-14 05:41 728,064 --a------ C:\WINDOWS\system32\lsasrv.dll
2008-04-21 12:21 . 2008-04-14 00:45 574,976 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-21 12:21 . 2008-04-14 05:42 144,384 --a------ C:\WINDOWS\system32\schannel.dll
2008-04-21 12:20 . 2008-04-14 05:42 551,936 --a------ C:\WINDOWS\system32\oleaut32.dll
2008-04-21 12:20 . 2008-04-14 05:42 37,376 --a------ C:\WINDOWS\system32\olecnv32.dll
2008-04-21 12:19 . 2008-04-14 00:57 2,188,928 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-21 12:19 . 2008-04-14 00:01 2,065,792 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-21 12:19 . 2008-04-14 01:00 1,845,632 --a------ C:\WINDOWS\system32\win32k.sys
2008-04-21 12:19 . 2008-04-14 00:47 456,576 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-21 12:19 . 2008-04-14 00:58 175,744 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-21 12:19 . 2007-11-13 12:25 20,480 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2008-04-18 09:14 . 2008-04-22 21:47 <DIR> d--h----- C:\WINDOWS\system32\.bc02d86d
2008-04-18 09:14 . 2008-04-18 09:14 249,344 --a------ C:\WINDOWS\system32\luwamkcy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-05 23:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-05 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 13:45 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-05 13:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-05 13:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 13:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 13:31 --------- d-----w C:\Documents and Settings\domjos\Application Data\SUPERAntiSpyware.com
2008-05-05 13:29 --------- d-----w C:\Program Files\DVBViewer
2008-05-05 13:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 16:07 --------- d-----w C:\Program Files\DVBViewer TDT
2008-04-29 21:35 --------- d-----w C:\Program Files\AT&T Global Network Client
2008-04-14 03:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 03:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 03:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 03:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 03:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 03:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 03:43 299,520 ------w C:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-14 03:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 03:43 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-04-14 03:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 03:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 03:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 03:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 03:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 03:40 4,126 ------w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 03:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 22:24 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 22:24 28,672 ----a-w C:\WINDOWS\system32\drivers\nscirda.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 22:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 22:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 22:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 22:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 22:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 22:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 22:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 22:16 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 22:16 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 22:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 22:16 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 22:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 22:16 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 22:16 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 22:16 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 22:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 22:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 22:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 22:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 22:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:13 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 22:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 22:13 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 22:11 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-13 22:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 22:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 22:11 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-13 22:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 22:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 22:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 22:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 22:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoSMHelp"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdaxv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\luwamkcy]
luwamkcy.dll 2008-04-18 09:14 249344 C:\WINDOWS\system32\luwamkcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\bc02d86d]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotKey.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotKey.lnk
backup=C:\WINDOWS\pss\HotKey.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-25 22:52 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bc02d8c2]
C:\WINDOWS\system32\yvyjflrl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a------ 2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2004-07-29 11:37 110592 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
--a------ 2004-07-29 11:37 20480 C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
--a------ 2004-07-29 11:37 395776 C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-06-02 09:21 48752 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2006-07-06 09:26 573440 C:\Program Files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]
--a------ 2002-08-09 06:20 45056 C:\Program Files\IBM\Client Access\cwbckver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]
--a------ 2002-08-09 06:20 20480 C:\Program Files\IBM\Client Access\cwbwlwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]
--a------ 2002-08-09 06:20 24626 C:\Program Files\IBM\Client Access\cwbinhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
--a------ 2002-08-09 06:20 20530 C:\Program Files\IBM\Client Access\cwbsvstr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-07-27 11:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2003-12-25 12:04 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]
--a------ 2004-12-17 04:42 90112 C:\IBMTOOLS\UTILS\ibmprc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2001-08-18 12:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 08:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]
--a------ 2004-02-18 00:51 33992 C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\imjprmzb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mdda]
C:\PROGRA~1\MCROSO~1.NET\wowexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 08:31 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
C:\DOCUME~1\domjos\LOCALS~1\Temp\winvsnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 08:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 08:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLIcon]
--a------ 2004-08-18 13:30 81920 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
--a------ 2001-10-12 09:32 69632 C:\WINDOWS\system32\S3Tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-06-16 20:53 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-06-16 20:53 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 11:05 53248 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2004-08-18 04:32 94208 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2004-02-05 04:39 897024 C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2004-03-27 04:16 102400 C:\WINDOWS\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_Start]
--a------ 2004-07-15 02:34 36864 C:\Program Files\IBM\Updater\\ucstartup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-06-23 19:27 85696 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"Alerter"=2 (0x2)
"wscsvc"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SavRoam"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"bc02d86d"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"wuauserv"=2 (0x2)
"SymWSC"=2 (0x2)
"idsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"CcEvtSvc"=2 (0x2)
"aawservice"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"C:\\Program Files\\Danware Data\\NetOp Remote Control\\HOST\\Nhstw32.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys [2004-12-17 04:05]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shoc kprf.sys [2004-07-07 02:50]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 13:30]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMB LDID.SYS [2004-08-18 13:30]
R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2005249);C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS [2005-09-06 08:00]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\Shoc kMgr.sys [2004-05-14 22:59]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 11:37]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ib mfilter.sys [2004-12-17 05:15]
R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2005249);"C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE" [2005-09-06 08:00]
R3 ABVPN2K;Net Firewall Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2003-10-16 18:03]
R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2005249) (NHOSTNT3);C:\WINDOWS\system32\Drivers\NHOSTNT3.SY S [2005-09-06 08:00]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2004-09-25 02:16]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13:48]
S3 NSX_CUSB;PLC USB IO driver;C:\WINDOWS\system32\Drivers\NSX_CUSB.sys [2005-11-17 13:17]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcnd isif.SYS [2004-08-18 13:30]
S4 bc02d86d;Microsoft DDE+ server;C:\WINDOWS\system32\.bc02d86d\bc02d86d.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{184e7655-7cf5-11dc-ac50-0013ceba23d3}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.
Contents of the 'Scheduled Tasks' folder
"2005-02-08 16:30:54 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2007-08-23 09:44:53 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 01:26:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\luwamkcy.dll
.
Completion time: 2008-05-06 1:27:18
ComboFix-quarantined-files.txt 2008-05-05 23:27:14

Pre-Run: 17,691,127,808 bytes free
Post-Run: 17,668,907,008 bytes free

374 --- E O F --- 2008-04-28 17:05:06

Aun sigue apareciendo el icono del falso windows security center.

Gracias de nuevo por todo.

Hola Nuevamente jad_domin

Disculpa lo tarde de mi respuesta,

Si aun el problema persiste envia otro reporte de ComboFox ya que con el tiempo quiza sufrio algunas modificaciones tu sistema.

Saludos.

Perdon por no contestar antes y gracias por todo.

Tras varios intentos no hubo forma humana de solucionar el problema, asi que tuve que optar por formatear y voila, a empezar de nuevo.

Gracias por todo y un saludo.