buen dia, tengo problemas con estos virus, primero empezo el vitumonde y se desplegaban muchas pantallas de publicidad , ejecute el symatec el super antispyware y spyswepper, en mode a Prueba de fallos y modo normal y ya no me detectan el virtumonde , pero si detectan el vundo y metajuan , pero no los he podido eliminar por completo aqui les paso el reporte de hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:22 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kyocera Wireless Corp\KPC650\Passport Navigator\PASSPORTNavigator.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mx.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://es.search.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu80\toolbaru.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu80\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {61811a05-c4eb-4668-a973-beebcfa12c69} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {76A10FA6-7EFB-4118-A7A2-6D5808C9ED87} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu80\toolbaru.dll (file missing)
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [spa_start] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\{e3326f15-6027-20b9-f1d2-5b893222ec80}.dll" DllInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [b81f0030] "rundll32.exe" "C:\WINDOWS\system32\dvgrkduf.dll",b
O4 - HKLM\..\Run: [BMbb2c33ac] Rundll32.exe "C:\WINDOWS\system32\nscyymlg.dll",s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75B0CBF-0868-4FC4-9566-BD90A0FE9682}: NameServer = 192.168.10.9,207.69.188.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{E31D08A6-651D-4A58-A630-0DCC06A4A494}: NameServer = 207.83.200.200 4.2.2.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifdddBQ - iifdddBQ.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7495 bytes

Hola jesanchez79, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

• ComboFix.exe
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O4 - HKLM\..\Run: [spa_start] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\{e3326f15-6027-20b9-f1d2-5b893222ec80}.dll" DllInit

O4 - HKLM\..\Run: [b81f0030] "rundll32.exe" "C:\WINDOWS\system32\dvgrkduf.dll",b

O4 - HKLM\..\Run: [BMbb2c33ac] Rundll32.exe "C:\WINDOWS\system32\nscyymlg.dll",s

O20 - Winlogon Notify: iifdddBQ - iifdddBQ.dll (file missing)





Paso 3- Ejecuta estas herramientas, de a una:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• Malwarebytes' Anti-Malware
• C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

de antemano muchas gracias por tu ayuda en mi problema, pues ya realize todo lo que me dijiste y creo que ya no hay virus, te dejo los reportes de malwarebytes anti-malware y Combofix y me comentas si aun queda algo que deba preocuparme.

Gracias !



Malwarebytes' Anti-Malware 1.12
Versión de la Base de Datos: 731

Tipo de examen : Examen Rápido
Objetos examinados: 32341
Tiempo transcurrido: 15 minute(s), 40 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

-----------------------------------------

ComboFix 08-05-08.1 - user 2008-05-09 10:49:50.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\Adssite Advanced Toolbar\buttons.xml
C:\Program Files\Adssite Advanced Toolbar\search.xml
C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adetigfj.dll
C:\WINDOWS\system32\bsnzafqa.bin
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\ciiyilta.ini
C:\WINDOWS\system32\dfnqrpts.ini
C:\WINDOWS\system32\fudkrgvd.ini
C:\WINDOWS\system32\kuvbwjng.ini
C:\WINDOWS\system32\lTwHknnn.ini
C:\WINDOWS\system32\lTwHknnn.ini2
C:\WINDOWS\system32\mnuhoykf.ini
C:\WINDOWS\system32\npfhoypi.ini
C:\WINDOWS\system32\pbgpqonm.ini
C:\WINDOWS\system32\pgrrxoce.ini
C:\WINDOWS\system32\pllittpf.ini
C:\WINDOWS\system32\rfbbhvmi.ini
C:\WINDOWS\system32\rjcsytss.ini
C:\WINDOWS\system32\tpnoourw.ini
C:\WINDOWS\system32\uipboaak.ini
C:\WINDOWS\system32\vbnpjcll.ini
C:\WINDOWS\system32\weyftvsh.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-09 09:02 . 2008-05-09 10:48 30,208 --a------ C:\PROLEC Inhouse Report 05-08.xls
2008-05-08 18:20 . 2008-05-08 18:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 18:20 . 2008-05-08 18:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-08 18:20 . 2008-05-08 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 18:20 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-08 18:20 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 15:38 . 2008-05-07 12:28 13,142 --a------ C:\G2191 BOL accs #P4808.pdf
2008-05-07 15:38 . 2008-05-07 12:28 13,141 --a------ C:\G2191 BOL accs #P4803.pdf
2008-05-07 15:38 . 2008-05-07 12:28 13,141 --a------ C:\G2191 BOL accs #P4802.pdf
2008-05-07 15:38 . 2008-05-07 12:28 13,136 --a------ C:\G2191 BOL spare parts #F79.pdf
2008-05-07 08:40 . 2008-05-08 19:12 30,720 --a------ C:\PROLEC Inhouse Report 05-07.xls
2008-05-06 12:40 . 2008-05-06 12:40 279 --a------ C:\Shortcut to Local Disk (C).lnk
2008-05-06 08:51 . 2008-05-06 18:56 30,720 --a------ C:\PROLEC Inhouse Report 05-06.xls
2008-05-03 09:51 . 2008-05-03 13:20 30,720 --a------ C:\PROLEC Inhouse Report 05-03.xls
2008-05-02 16:49 . 2008-05-02 16:49 15 --a------ C:\WINDOWS\system32\b81f12be
2008-05-02 12:15 . 2008-05-02 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-02 12:14 . 2008-05-02 12:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-02 12:14 . 2008-05-02 12:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 12:14 . 2008-05-02 12:14 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-05-02 12:08 . 2008-05-02 12:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 08:39 . 2008-05-02 18:30 30,720 --a------ C:\PROLEC Inhouse Report 05-02.xls
2008-05-01 19:17 . 2008-05-09 09:59 58,368 --a------ C:\PROLEC MAY.08.xls
2008-05-01 09:49 . 2008-05-02 08:37 30,208 --a------ C:\PROLEC Inhouse Report 05-01.xls
2008-04-30 18:00 . 2008-04-30 18:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-30 10:32 . 2008-04-30 10:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-30 10:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-30 10:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-30 10:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-30 10:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-30 10:31 . 2008-04-30 10:31 <DIR> d-------- C:\Program Files\Webroot
2008-04-30 10:31 . 2008-04-30 10:31 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-04-30 10:31 . 2008-04-30 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-30 10:31 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-30 09:07 . 2008-05-01 09:48 30,720 --a------ C:\PROLEC Inhouse Report 04-30.xls
2008-04-29 09:18 . 2008-04-29 19:01 30,720 --a------ C:\PROLEC Inhouse Report 04-29.xls
2008-04-28 12:27 . 2008-04-28 12:27 164 --a------ C:\install.dat
2008-04-28 12:24 . 2008-04-28 12:24 14,546,304 --a------ C:\SpySweeperSNRSetup_ES.exe
2008-04-28 09:29 . 2008-04-28 20:32 30,720 --a------ C:\PROLEC Inhouse Report 04-28.xls
2008-04-26 13:14 . 2008-04-26 13:14 6,144 --ahs---- C:\WINDOWS\system32\access.ctl
2008-04-26 13:02 . 2008-04-26 13:09 <DIR> d-------- C:\Program Files\ExpressZIP
2008-04-26 09:59 . 2008-04-26 13:55 30,208 --a------ C:\PROLEC Inhouse Report 04-26.xls
2008-04-25 09:24 . 2008-04-25 18:48 30,720 --a------ C:\PROLEC Inhouse Report 04-25.xls
2008-04-24 17:15 . 2008-04-24 17:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-24 09:19 . 2008-04-24 19:14 30,720 --a------ C:\PROLEC Inhouse Report 04-24.xls
2008-04-23 17:21 . 2008-04-23 17:21 95 --a------ C:\WINDOWS\wininit.ini
2008-04-23 11:28 . 2008-04-23 12:04 <DIR> d-------- C:\Program Files\Disk Cleaner
2008-04-23 08:54 . 2008-04-23 18:33 30,720 --a------ C:\PROLEC Inhouse Report 04-23.xls
2008-04-22 12:10 . 2008-04-30 12:12 <DIR> d-------- C:\WINDOWS\system32\gzmrotate
2008-04-22 09:51 . 2008-04-22 09:41 2,834,413 --a------ C:\Quirofano_Muguerza.zip
2008-04-22 09:17 . 2008-04-22 18:12 30,720 --a------ C:\PROLEC Inhouse Report 04-22.xls
2008-04-21 09:17 . 2008-04-21 18:25 30,720 --a------ C:\PROLEC Inhouse Report 04-21.xls
2008-04-19 09:54 . 2008-04-19 13:29 31,232 --a------ C:\PROLEC Inhouse Report 04-19.xls
2008-04-18 12:41 . 2008-04-18 12:26 109,677 --a------ C:\edo cta imss mar08.jpg
2008-04-18 10:43 . 2008-05-09 08:54 109,738 --a------ C:\WINDOWS\BMbb2c33ac.xml
2008-04-18 09:01 . 2008-04-18 17:25 30,208 --a------ C:\PROLEC Inhouse Report 04-18.xls
2008-04-17 08:49 . 2008-04-17 18:35 30,208 --a------ C:\PROLEC Inhouse Report 04-17.xls
2008-04-16 16:18 . 2008-04-16 16:18 60,928 --a------ C:\Documents and Settings\user\zip32.dll
2008-04-16 16:18 . 2008-04-16 16:18 0 --a------ C:\Documents and Settings\user\CC.dll
2008-04-15 09:25 . 2008-04-16 18:31 30,208 --a------ C:\PROLEC Inhouse Report 04-15.xls
2008-04-14 09:56 . 2008-04-14 18:27 30,208 --a------ C:\PROLEC Inhouse Report 04-14.xls
2008-04-12 09:49 . 2008-04-14 09:47 30,720 --a------ C:\PROLEC Inhouse Report 04-12.xls
2008-04-11 09:01 . 2008-04-12 09:48 30,208 --a------ C:\PROLEC Inhouse Report 04-11.xls
2008-04-10 09:05 . 2008-04-10 18:24 30,720 --a------ C:\PROLEC Inhouse Report 04-10.xls
2008-04-09 09:21 . 2008-04-09 18:43 30,208 --a------ C:\PROLEC Inhouse Report 04-09.xls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-09 15:46 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-03 15:24 --------- d-----w C:\Program Files\Project64 v1.5
2008-04-26 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-16 20:55 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-04-16 20:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 20:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-27 09:09 3,722,389 ----a-w C:\Program Files\Alicia Villarreal - La Que Baje La Guardia.mp3
2007-04-27 08:52 4,455,862 ----a-w C:\Program Files\Yuri - Detras De Mi Ventana.mp3
2007-04-27 08:49 3,608,113 ----a-w C:\Program Files\Yuri - Es ella mas que yo.mp3
2007-04-27 08:43 3,256,782 ----a-w C:\Program Files\Dinora Y La Juventud - El Y Yo.mp3
2007-04-27 08:26 3,924,857 ----a-w C:\Program Files\La Dinastía - Dime Vaquero.mp3
2007-04-27 08:19 3,925,472 ----a-w C:\Program Files\El Gran Silencio - Circulo de Sol.mp3
2007-04-27 08:18 2,999,420 ----a-w C:\Program Files\Lidia Avila-A tu Medida.mp3
2007-04-26 17:44 6,474,587 ----a-w C:\Program Files\La Ley y Ely Guerra - El Duelo.mp3
2007-04-26 17:38 6,519,542 ----a-w C:\Program Files\502-culture_club-karma_chameleon.mp3
2007-04-26 17:21 3,807,516 ----a-w C:\Program Files\Culture Club - Karma Chameleon.mp3
2007-04-26 17:07 3,960,694 ----a-w C:\Program Files\La Sonora Dinamita - Que nadie sepa mi sufrir.MP3
2007-04-26 16:58 3,989,504 ----a-w C:\Program Files\La Sonora Dinamita - Capullo y Sorullo.mp3
2007-04-26 02:36 4,489,299 ----a-w C:\Program Files\La sonora de margarita - La sonora dinamita - Escandalo.mp3
2007-04-25 17:55 3,764,612 ----a-w C:\Program Files\Rumor De Guerra -Hector ''The Father'' Ft Notty -.mp3
2007-04-25 17:35 3,184,161 ----a-w C:\Program Files\Tito 'El Bambino' - Bailarlo.mp3
2007-04-25 17:35 2,782,815 ----a-w C:\Program Files\Hector El Father-Sola (The Bad Boy).mp3
2007-04-25 17:33 3,645,483 ----a-w C:\Program Files\Wisin y Yandel - Pam Pam.mp3
2007-04-25 17:21 3,011,991 ----a-w C:\Program Files\02.Tito ''El Bambino'' Ft Randy - Siente El Boom .mp3
2007-04-25 17:20 5,303,902 ----a-w C:\Program Files\Don Omar Ft Wisin & Yandel - My Space (Los Bandoleros Reloaded) (Www.FlowHot.Net).mp3
2005-10-31 15:56 700,416 ----a-w C:\Program Files\StubInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 13:30 85184]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-03-31 18:32 263824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-11-10 12:49 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{590e9301-8887-11dc-8870-923868d64c5c}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 18:30:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2008-05-08 20:34:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 10:52:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-09 10:54:38
ComboFix-quarantined-files.txt 2008-05-09 15:54:09

Pre-Run: 33,035,812,864 bytes free
Post-Run: 33,030,201,344 bytes free

202 --- E O F --- 2008-04-10 14:15:23

Hola,

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Salu2