Buenas noches, ando desesperado con un spy ware que me entro! la situación es la siguiente:

Tengo un fondo de azul con un texto que pone:

Warning: Spyware threat has been detected in your PC.
Your computer has several fatal errors due to spyware activity. It is strongly recomended to install and antispyware software to close all security vulnerability. Antispyware software help protected your Pc against spyware another security threats. Click here to scan your pc for spyware

Si le doy click a este link se abre una pagina de Internet con una información Top rated spyware removers. Spymaxx y otro mas

Tambien se mee abre una pantalla de Windows Security center system warning con la detección de:
c:/windows/ati2dvag32.dll
c:/windows/temp/salm.exe
c:/windows/msapasrc.dll
c:/windows/saiemod.dll
trojandownloader.xs

Me salen muchos por-ups amarillos al lado del reloj con estos mensajes:
- Internet attack attempt detected, somebody's trying to infected your pc with spyware or harmful viruses. Run FULL SYSTEM SCAN now to protect your system from internet attacks, hijackthing attempts and spyware.!
- Your computer is working slowly. Slow operation speednight have been caused by spyware. Download latest antispyware software and run FULL SYSTEM SCAN to remove viruses and spyware.!
- Warning. Your computer is infected with spyware. Help to protect your computer and remove spyware.!
- Your computer is infected with spyware windows has detected spyware infection on your pc. It is recommended to update your antispyware protection to prevent data loss. Click here to download and install the most up-to-date antispyware for you.!
- Your security and privancy are at risk! Spyware has been detected on your computer! Click here to run a FULL SYSTEM SCAN to protect your data.!
- Your computer is not protected against spyware. Spywareable to steal your data including passwords, credit card numbers, etc. Scan your computer for spyware immediately.!

He pasado el kaspersky y no me saca problemas, pero los mensajes y el virus siguen ahi..... por favor necesito de su colaboración.

En el foro encontre una duda parecida en donde recomiendan utilizar el Combofix, el Malwarebytes anti Malware y el hijackthis pero no veo como aplicarlo en mi maquina y me da miedo hacer cualquier cambio antes de que uds me aconsejen

Pase el Hijackthis, les pego el Log........... y de antemano muchas gracias por su colaboración:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:38 p.m., on 17/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3 a.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eafit.edu.co/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0C0A/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.epm.net.co/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer proporcionado por EPM.NET
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {62BB0AC1-3040-4428-BAAF-525337BCF879} - C:\WINDOWS\system32\vtUlJcYQ.dll (file missing)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\byXrRhFv.dll (file missing)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Archivos de programa\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {EAB15366-0E81-476D-83CC-1052FDF017C8} - C:\WINDOWS\system32\wvUmmLFV.dll (file missing)
O2 - BHO: (no name) - {F1E7A55D-0244-4E15-9458-386F2454FD9D} - C:\WINDOWS\system32\tuvstRji.dll (file missing)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis 3a.exe" /source=HKLM
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Archivos de programa\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [AAWTray] C:\Archivos de programa\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [BM1fecd53f] Rundll32.exe "C:\WINDOWS\system32\ubhtaaha.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.epm.net.co
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212195982203
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: byXrRhFv - byXrRhFv.dll (file missing)
O20 - Winlogon Notify: wvUmmLFV - wvUmmLFV.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11572 bytes

Les comparto tambien el resultado de correr el Kaspersky Online:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
viernes, 18 de julio de 2008 6:11:42
Sistema operativo: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 18/07/2008
Registros en la base antivirus: 862345
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\
H:\

Estadísticas:
Número de objeros analizados: 72246
Virus encontrados: 3
Objetos infectados: 19 / 0
Objetos sospechosos: 0
Duración del análisis: 01:18:53

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\5FZTRNQH\css4[1] Infectados: Trojan.Win32.Monderc.gen saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\5FZTRNQH\snaptor[1].exe Infectados: Trojan.Win32.Agent.tvy saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\67HFPQ3J\kb671231[1] Infectados: Trojan.Win32.Monderc.gen saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\BJ7O650K\td_snaptor[1].exe Infectados: Trojan-Downloader.Win32.Agent.vzo saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\CWZM9ZPH\css4[1] Infectados: Trojan.Win32.Monderc.gen saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\H1SFYGUF\kb456456[1] Infectados: Trojan.Win32.Monderc.gen saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\VSOMD3JL\kb671231[1] Infectados: Trojan.Win32.Monderc.gen saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\XSKIYEXA\kb456456[1] Infectados: Trojan.Win32.Monderc.gen saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Historial\History.IE5\MSHist0120080717200807 18\index.dat Object is locked saltado
C:\Documents and Settings\Felipe Garces\Configuración local\Temp\~DFEF9A.tmp Object is locked saltado
C:\Documents and Settings\Felipe Garces\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Felipe Garces\Datos de programa\Microsoft\dtsc\8673.exe Infectados: Trojan-Downloader.Win32.Agent.vzo saltado
C:\Documents and Settings\Felipe Garces\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Felipe Garces\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\hpcmerr.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado
C:\WINDOWS\system32\config\OSession.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked saltado
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked saltado
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked saltado
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked saltado
C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
C:\WINDOWS\system32\egaonnsd.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\system32\geBqNheb.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\khfCvVon.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\system32\nnnnlJde.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\system32\pmnoOGVl.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\system32\wvUMEwtt.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\system32\xxyvvWpM.dll Infectados: Trojan.Win32.Monderc.gen saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
D:\Mis Documentos\Mis vídeos\KAVw100keyc\KAV_8.0.0.357__2009__Setup\kav8 .0.0.357en.exe/data0000.cab/IBAESK~1.EXE Infectados: Trojan.Win32.Monderc.gen saltado
D:\Mis Documentos\Mis vídeos\KAVw100keyc\KAV_8.0.0.357__2009__Setup\kav8 .0.0.357en.exe/data0000.cab Infectados: Trojan.Win32.Monderc.gen saltado
D:\Mis Documentos\Mis vídeos\KAVw100keyc\KAV_8.0.0.357__2009__Setup\kav8 .0.0.357en.exe Rsrc-Package: infectado - 2 saltado
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

Análisis completado.

Hola fgarcesa, bienvenido al foro de Infospyware.

En este sector del foro no se publican logs de HijackThis, a menos que lo pida un miembro del Staff.

Realiza lo siguiente:

Ve a Inicio--> ejecutar y escribe: NET STOP "MsSecurity1.209.4" -> pulsa en aceptar.
Ve a Inicio--> ejecutar y escribe: sc delete "MsSecurity1.209.4" -> pulsa en aceptar.

• Descarga y ejecuta OTmoveIT2 como se explica en su manual colocando el siguiente script en la casilla "Paste Standard List of Files / Folders to be Moved".
  
  Código HTML:

  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\5FZTRNQH\css4[1] 
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\5FZTRNQH\snaptor[1].exe 
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\67HFPQ3J\kb671231[1] 
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\BJ7O650K\td_snaptor[1].exe 
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\CWZM9ZPH\css4[1] 
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\H1SFYGUF\kb456456[1] 
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\VSOMD3JL\kb671231[1]
  C:\Documents and Settings\Felipe Garces\Configuración local\Archivos temporales de Internet\Content.IE5\XSKIYEXA\kb456456[1] 
  C:\Documents and Settings\Felipe Garces\Datos de programa\Microsoft\dtsc\8673.exe
  C:\WINDOWS\winself.exe
  C:\WINDOWS\system32\egaonnsd.dll 
  C:\WINDOWS\system32\geBqNheb.dll 
  C:\WINDOWS\system32\khfCvVon.dll 
  C:\WINDOWS\system32\nnnnlJde.dll 
  C:\WINDOWS\system32\pmnoOGVl.dll 
  C:\WINDOWS\system32\wvUMEwtt.dll 
  C:\WINDOWS\system32\xxyvvWpM.dll 
  C:\WINDOWS\system32\ubhtaaha.dll
  C:\WINDOWS\system32\vtUlJcYQ.dll
  C:\WINDOWS\system32\byXrRhFv.dll
  C:\Archivos de programa\webHancer\programs\whiehlpr.dll
  C:\WINDOWS\system32\wvUmmLFV.dll 
  C:\WINDOWS\system32\tuvstRji.dll
  C:\Archivos de programa\webHancer\Programs\whagent.exe
  C:\WINDOWS\NavExt.dll
  C:\WINDOWS\System32\DReplace.dll 
  C:\WINDOWS\System32\MGS_32.DLL
  C:\WINDOWS\System32\msnkmi.dll
  C:\PROGRAM FILES\INTERNET EXPLORER\Toolbar\webinfo.dll
  D:\Mis Documentos\Mis vídeos\KAVw100keyc\KAV_8.0.0.357__2009__Setup\kav8 .0.0.357en.exe
  C:\PROGRAM FILES\SUBMIT\
  C:\Archivos de programa\webHancer\
  

  Nota 1: Asegurate que este marcado "Unregister Dll's and Ocx's"
  Nota 2: Al terminar borra: C:\_OtMoveIt.
  
  
• Descarga Ccleaner.
  
• Descarga DelPSGuard.Zip.
  
• Descarga y actualiza Malwarebytes' Anti-Malware.
  
• Descarga y actualiza SpyBot Search & Destroy. Lees su Manual.
  Nota: Desactiva el Tea Timer (al terminar la desinfección lo puedes deshacer).

• Apaga el Restaurar Sistema (solo en Win Me y XP).
  
• Activa ver archivos ocultos.
  
• Reinicia en Modo seguro (a prueba de fallos).
  
  
  1. Ejecuta DelPSGuard siguiendo las indicaciones de su manual.
     
  2. Ejecuta SpyBot S & D; eliminando todo lo que este encuentre.
     
  3. Ejecuta Malwarebytes' Anti-Malware;
     • Realiza un examen completo del PC y elimina las infecciones que este detecte.
     • El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.
  4. Ejecuta el Ccleaner.
     • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
     • Despues usa su opción de "Registro" para limpiar todo el registro de Windows.
  
  
• Reinicia e inicia en modo normal:
  • Escanea "Mi Pc" con Ewido online Scanner; al terminar pulsa en "Remove Infections".
    
  • Realiza un analisis completo con Panda Active Scan 2.0.

- Deshaces "ver archivos ocultos" y reactivas el "restaurar sistema".
- Pega los reportes de OtMoveIt, DelPSGuard, Malwarebytes' Anti-Malware y Panda para revisarlos.

Salu2!.

Hola maco muchas gracias por tu colaboración, ya los avisos de advertencia no me salen y eso es un alivio. Pero al pasar el panda me salen aun infecciones te pego los reportes menos el de OtMoveIt porque me olvide de copiarlo

DelPSGuard v 4.9.8
by www.ForoSpyware.com
Reporte Creado: 14:02:07,04, 19/07/2008
SO: Microsoft Windows XP [Versi¢n 5.1.2600]
Modo de Inicio: Seguro
_________________________________________


»»»»»»»»»»»» Carpetas y Archivos infectados »»»»»»»»»»»»

C:\WINDOWS\accesss.exe ...: ! Eliminado ! :...
C:\WINDOWS\astctl32.ocx ...: ! Eliminado ! :...
C:\WINDOWS\avpcc.dll ...: ! Eliminado ! :...
C:\WINDOWS\clrssn.exe ...: ! Eliminado ! :...
C:\WINDOWS\cpan.dll ...: ! Eliminado ! :...
C:\WINDOWS\default.htm ...: ! Eliminado ! :...
C:\WINDOWS\loader.exe ...: ! Eliminado ! :...
C:\WINDOWS\mtwirl32.dll ...: ! Eliminado ! :...
C:\WINDOWS\notepad32.exe ...: ! Eliminado ! :...
C:\WINDOWS\olehelp.exe ...: ! Eliminado ! :...
C:\WINDOWS\systeem.exe ...: ! Eliminado ! :...
C:\WINDOWS\systemcritical.exe ...: ! Eliminado ! :...
C:\WINDOWS\time.exe ...: ! Eliminado ! :...
C:\WINDOWS\users32.exe ...: ! Eliminado ! :...
C:\WINDOWS\waol.exe ...: ! Eliminado ! :...
C:\WINDOWS\win32e.exe ...: ! Eliminado ! :...
C:\WINDOWS\win64.exe ...: ! Eliminado ! :...
C:\WINDOWS\winajbm.dll ...: ! Eliminado ! :...
C:\WINDOWS\window.exe ...: ! Eliminado ! :...
C:\WINDOWS\winmgnt.exe ...: ! Eliminado ! :...
C:\WINDOWS\x.exe ...: ! Eliminado ! :...
C:\WINDOWS\xplugin.dll ...: ! Eliminado ! :...
C:\WINDOWS\xxxvideo.hta ...: ! Eliminado ! :...
C:\WINDOWS\y.exe ...: ! Eliminado ! :...

»»»»»»»»»»»»»»»»»»» Programas Malwares »»»»»»»»»»»»»»»»»



»»»»»»»»»»»»»»»»»»» FIN »»»»»»»»»»»»»»»»»»»



Malwarebytes' Anti-Malware 1.21
Versión de la Base de Datos: 966
Windows 5.1.2600 Service Pack 3

16:49:38 19/07/2008
mbam-log-7-19-2008 (16-49-38).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 104624
Tiempo transcurrido: 2 hour(s), 31 minute(s), 6 second(s)

Procesos en Memoria Infectados: 1
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 36
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 3
Carpetas Infectadas: 1
Ficheros Infectados: 59

Procesos en Memoria Infectados:
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\ppo.ob (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5f2b8ee3-5b51-4424-a4bd-6c0595c40007} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{587097ab-a686-4c3b-83a7-2b8e2d47868e} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51e30bdc-0e41-4aed-8fbe-7813cb42497b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{51e30bdc-0e41-4aed-8fbe-7813cb42497b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ppo.ob.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eab15366-0e81-476d-83cc-1052fdf017c8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{eab15366-0e81-476d-83cc-1052fdf017c8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{eab15366-0e81-476d-83cc-1052fdf017c8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\uoyzsydz.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\uoyzsydz.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\Documents and Settings\Felipe Garces\Datos de programa\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\system32\ppobo.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Felipe Garces\Configuración local\Temp\syswcc32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uoyzsydz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1fecd53f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1fecd53f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


PANDA ACTIVESCAN

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-07-19 18:56:21
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 1
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Kaspersky Anti-Virus 8.0.0.357 No Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{587DBF2D-9145-4C9E-92C2-1F953DA73773}
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC28.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll1.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll2.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll3.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\CoolWWWSearchBootconf1.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC23.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC26.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC27.zip
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip
00029036 adware/superspider Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}
00039204 adware/cws Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
00040007 adware/cws.yexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
00041487 adware/webhancer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@toplist[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@apmebf[1].txt
00169189 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@adserver.terra[1].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@hc2.humanclick[2].txt
00177226 spyware/lefeat Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{B847676D-72AC-4393-BFFF-43A1EB979352}
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@bravenet[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@target[1].txt
00226936 adware/cws.payfortraffic Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{98DBBF16-CA43-4c33-BE80-99E6694468A4}
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@www3.addfreestats[1].txt
00286734 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@adserver.filefront[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Felipe Garces\Cookies\felipe_garces@www1.addfreestats[1].txt
03205018 Generic Trojan Virus/Trojan No 0 Yes No C:\Archivos de programa\DelPSGuard\IED.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location 
;================================================= ================================================== ================================================== ==============================
No C:\WINDOWS\system32\aaadef60e1c420de342f7faeb4ba0b ed.sys 
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description 
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================


MUCHAS GRACIAS POR LA COLABORACIÓN

Hola.

Realiza lo siguiente:

1. Ejecuta el Spybot Search & Destroy.
   1. Pulsa en la pestaña "Recuperar (Recovery)".
   2. Selecciona todos los archivos.
   3. Pulsa en la opcion "Purgar la recuperacion selecionada".
   4. Confirma la eliminacion y cierras el Spybot.
2. Luego;
   • Dale clic a: Inicio > Ejecutar ==> Escribes: REGEDIT
     
   • Busca y borra las siguientes claves del registro (en rojo):
   Cita:

   HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{587DBF2D-9145-4C9E-92C2-1F953DA73773} HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E} HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{bc97b254-b2b9-4d40-971d-78e0978f5f26} HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3} HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{B847676D-72AC-4393-BFFF-43A1EB979352} No HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{98DBBF16-CA43-4c33-BE80-99E6694468A4}

3. Busca y elimina los siguientes archivos (en rojo), si tienes problemas usa FILEASSASIN o KillBox.
   
   Cita:

   C:\WINDOWS\system32\aaadef60e1c420de342f7faeb4ba0b ed.sys

Despues:

• Desactiva el Tea Timer del Spybot S & D (al terminar la desinfección lo puedes deshacer).
  
• Actualiza y ejecuta Malwarebytes’ Anti-Malware.
  • Realiza un examen completo del PC y elimina las infecciones que este detecte.
  • El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.
• Ejecuta el CCleaner.
  • Usa la opción Limpiador para borrar cookies y temporales;
  • y la opción Registro para efectuar una limpieza del registro de Windows.

*Nota*
- Pega el reporte de Malwarebytes´.
- Recuerda regresar y comentarnos los resultados.

Saludos y exitos.

Hola, muchas gracias parece qur todo va muy bien, ya no me aperece nada de lo que me molestaba, te comparto el resultado de Malwarebytes, dejare corriendo el activescan y mañana pongo los resultados, MUCHAS GRACIAS!!!!

Malwarebytes' Anti-Malware 1.21
Database version: 966
Windows 5.1.2600 Service Pack 3

02:44:10 a.m. 20/07/2008
mbam-log-7-20-2008 (02-44-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 101703
Time elapsed: 1 hour(s), 0 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dbacdadddcaefeeebb.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbacdadddcaefeee bb (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dbacdadddcaefeeebb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\aaadef60e1c420de342f7faeb4ba0b ed.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Bueno finalmente este es el ultimo reporte de panda activescan 2.0.. creo que he finalizado muchas gracias por la colaboración, tengo una pregunta...... puedo desinstalar todos los programas como malwarebytes, spyboot S&D, y delpsguard?????

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-07-20 14:37:21
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Kaspersky Anti-Virus 8.0.0.357 No Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
03205018 Generic Trojan Virus/Trojan No 0 Yes No C:\Archivos de programa\DelPSGuard\IED.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location c
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description c
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================


De nuevo muchas gracias.

Hola.

Me alegra que se haya resuelto el problema.

De los programas usados para la desinfección, dejas Ccleaner y Malwarebytes, el resto lo desinstalas y borras las carpetas que hayan creado.

Indicale a algún moderador, pulsando en el icono de la esquina superior derecha (), que el tema se puede cerrar por estar solucionado o terminado.

Saludos.

Muchas gracis por tu ayuda!!!

me tenia muy aburrido tener el pc malo