Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola que tal, antes que nada me gustaria contarles los antecedentes a estos problemas que tengo.
Hace algunas semanas le di una limpieza a mi computadora siguiendo "Los 11 pasos fundamentales de una buena eliminacion" y todo marchaba de maravilla hasta ayer que detecte una serie de conflictos, primero que mi antivirus no carga si le doy click al acceso directo me dice ""nod32.exe no es una aplicacion win32 valida"" dando el mismo mensaje para el Hijackthis, al ver esto intente ingresar en modo a prueba de fallos y lo unico que me sale es el pantallazo azul y se reinicia. Ademas de que si le doy click al spybot nunca se abre y eso ha sido con los programas que he intentado abrir no se que otros esten afectados.
Por ultimo les comento algo curioso: Intente escanear con el Superantispyware y de pronto se reinicio la computadora.

Saludos

Hola Pixela bienvenid@ al foro de Infospyware.


Realiza lo siguiente:

• Apaga el Restaurar Sistema (solo en Win Me/XP y Vista).
  
• Desactiva el Tea Timer del Spybot S & D (al terminar la desinfección lo puedes deshacer).
  
• Descarga y ejecuta ATF-Cleaner by Atribune.
  
  • Descarga Ccleaner.
    
  • Descarga Dr. Web Cure-It.
    
  • Descarga y actualiza Malwarebytes' Anti-Malware.
    Nota: Si después de instalarlo el lenguaje esta en Ingles ve a la pestaña "Settings" y lo cambias a Español.
  
  
• Reinicia en modo seguro (a prueba de fallos).
  Nota 1: Si tienes problemas con el inicio en modo seguro realiza lo indicado en el siguiente tutorial.
  Nota 2: En caso de no poder iniciar en modo seguro realiza el proceso de desinfección en modo normal.
  
  
  1. Ejecuta Malwarebytes' Anti-Malware;
     • Realiza un examen completo del PC y elimina las infecciones que este detecte.
     • El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.
  2. Ejecuta Dr. Web Cure-It, siguiendo las instrucciones de su Manual.
     
  3. Ejecuta el Ccleaner.
     • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
     • Después usa su opción de "Registro" para limpiar todo el registro de Windows.
  
  
• Reinicia en modo normal y realiza un análisis completo con: Panda ActiveScan 2.0.

* Nota *
- Al terminar reactiva el "restaurar sistema".
- Pega los reportes de Malwarebytes' Anti-Malware, Dr. Web Cure-It y Panda para revisarlos.

Saludos.

Hola maco1128 gracias por resporder tan rapido a mi post, te comento lo siguente:
Intente correr el ATF-Cleaner by Atribune y no lo logre, simplemente no se abria y continue con las instrucciones que me diste. Tampoco se corrigio el problema que tiene para iniciar en modo a prueba de fallos por lo que los escaneos correspondientes los realize en modo normal.
Despues de los escaneos se logró abrir el ATF-Cleaner by Atribune y lo corri, asi como el Ccleaner.
Despues de todo tal parece que sigo infectado y con el mismo problema del NOD32 y el hijackthis, espero tus instrucciones, gracias

Saludos

PD incluyo los logs::::


Malwarebytes' Anti-Malware 1.24
Versión de la Base de Datos: 1012
Windows 5.1.2600 Service Pack 2

11:12:30 a.m. 31/07/2008
mbam-log-7-31-2008 (11-12-30).txt

Tipo de examen : Examen Completo (I:\|)
Objetos examinados: 208742
Tiempo transcurrido: 1 hour(s), 14 minute(s), 40 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 1
Ficheros Infectados: 123

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
I:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Ficheros Infectados:
I:\Archivos de programa\WinRAR\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\100093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\100562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\101375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\101984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\102250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\102906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\102921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\102984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\104140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\105000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\105468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\105562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\106375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\106656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\108062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\110718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\111859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\113390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\113781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\117484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\120250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\1336156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\138296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\142671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\146031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\1476375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\148671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\186968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\196546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\199562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\213593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\218390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\220828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\222578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\224828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\226093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\229390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\230734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\231890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\233250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\233578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\234984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\239890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2467234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2475875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\249843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2501734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2503406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2512734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2519953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\258484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2641015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\2685890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\324000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\347812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\359203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\377984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\397375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\403859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\52828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\54328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\55171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\56281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\56500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\56656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\57390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\57640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\57765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\59765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\60359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\61734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\63015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\63421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\65828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\66218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\66250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\66281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\66328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\66500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\68968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\70750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\72000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\72484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\72656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\73937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\75859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\76406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\77859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\78687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\79953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\80500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\81656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\81687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\83234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\84046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\84453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\84531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\85390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\85500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\85640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\85953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\86468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\86859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\87234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\87843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\89765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\89968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\91296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\91328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\91828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\921562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\92234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\93140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\93453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\94093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\94234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\downld\99109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\Fonts\kelmscott.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
I:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
I:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.


DR. WEb
0C4XA3CA.NQF;I:\Archivos de programa\ESET\infected;Trojan.MulDrop.3700;Elimina do.;
ALSEX0DA.NQF;I:\Archivos de programa\ESET\infected;Win32.HLLM.Beagle.226;Elimi nado.;
J0XVGUCA.NQF\crack.exe;I:\Archivos de programa\ESET\infected\J0XVGUCA.NQF;Trojan.Virtumo d.240;;
J0XVGUCA.NQF\keygen.exe;I:\Archivos de programa\ESET\infected\J0XVGUCA.NQF;Trojan.DownLoa der.55602;;
J0XVGUCA.NQF\serial.exe;I:\Archivos de programa\ESET\infected\J0XVGUCA.NQF;Trojan.DownLoa der.54163;;
J0XVGUCA.NQF;I:\Archivos de programa\ESET\infected;Archivo comprimido contiene objetos infectados;Movido.;
KMPRHNDA.NQF;I:\Archivos de programa\ESET\infected;Win32.HLLW.Rovags;Eliminado .;
WHK30FAA.NQF\crack.exe;I:\Archivos de programa\ESET\infected\WHK30FAA.NQF;Trojan.Virtumo d.240;;
WHK30FAA.NQF\keygen.exe;I:\Archivos de programa\ESET\infected\WHK30FAA.NQF;Trojan.DownLoa der.55602;;
WHK30FAA.NQF\serial.exe;I:\Archivos de programa\ESET\infected\WHK30FAA.NQF;Trojan.DownLoa der.54163;;
WHK30FAA.NQF;I:\Archivos de programa\ESET\infected;Archivo comprimido contiene objetos infectados;Movido.;
mirc.chm\ctcp_events.htm;I:\Archivos de programa\mIRC\mirc.chm;IRC.Generic.32;;
mirc.chm;I:\Archivos de programa\mIRC;Archivo comprimido contiene objetos infectados;Movido.;
mirc.exe;I:\Archivos de programa\mIRC;Program.mIRC.621;Incurable.Eliminado .;
STEPUP.SPA\INSTALAR.BAT;I:\Documents and Settings\Al-Azif\STEPUP.SPA;probablemente BATCH.Virus;;
STEPUP.SPA;I:\Documents and Settings\Al-Azif;Archivo comprimido contiene objetos infectados;Movido.;
b64_3[1].jpg;I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\GPIF0DER;Win32.HLLM.Beagle;El iminado.;
b64_1[1].jpg;I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\GPIR4DYR;Trojan.PWS.Kone.3;El iminado.;
b64_1[1].jpg;I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\O1AV8XEJ;Trojan.PWS.Kone.3;El iminado.;
b64_2[1].jpg;I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\O1AV8XEJ;Win32.HLLM.Beagle;El iminado.;
b64_3[1].jpg;I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\O1AV8XEJ;Win32.HLLM.Beagle;El iminado.;
b64_3[1].jpg;I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\WH2RW1Q3;Win32.HLLM.Beagle;El iminado.;
mdelk.exe;I:\WINDOWS\system32\drivers;Win32.HLLM.B eagle.228;Eliminado.;


;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-07-31 18:04:23
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 1
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Eset NOD32 antivirus system 2.51 2.51 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
00292017 Trj/Multidropper.BLD Virus/Trojan No 0 No No I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\Emule\Passport Photo 1.5.1 Crack.rar[crack.exe]
00365006 Application/007SpySoftware HackTools No 0 Yes No I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\007 Spy Software(Keylogger) Plus Serial By Deeohgee.zip[007 Spy SoftWare(KeyLogger+) Plus Serial By DeeOhGee/007 Spy SoftWare SetUp.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No I:\Archivos de programa\ESET\infected\XIEAISCA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No I:\Archivos de programa\ESET\infected\1Q2MRACA.NQF
03074964 Trj/CI.A Virus/Trojan No 0 No No I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\Proteus_v7.2_SP2_Fu ll.rar[Proteus_v7.2_SP2_Full\proteus.7.x.professional-patch.exe]
03266590 Generic Trojan Virus/Trojan No 0 Yes No I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\patch.exe
03310195 W32/Bagle.KV.worm Virus No 1 Yes No I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip[ChessGenius_for_Smartphone_1.3.exe]
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location 
;================================================= ================================================== ================================================== ==============================
No I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\SpyNoMore 2.83.080502.zip[SpyNoMore 2.83.080502.exe]
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description 
;================================================= ================================================== ================================================== ==============================
184380 MEDIUM MS08-002 
184379 MEDIUM MS08-001 
182048 HIGH MS07-069 
182046 HIGH MS07-067 
182043 HIGH MS07-064 
179553 HIGH MS07-061 
176382 HIGH MS07-057 
176383 HIGH MS07-058 
170911 HIGH MS07-050 
170907 HIGH MS07-046 
170906 HIGH MS07-045 
170904 HIGH MS07-043 
164915 HIGH MS07-035 
164913 HIGH MS07-033 
164911 HIGH MS07-031 
160623 HIGH MS07-027 
157262 HIGH MS07-022 
157261 HIGH MS07-021 
157260 HIGH MS07-020 
157259 HIGH MS07-019 
156477 HIGH MS07-017 
150253 HIGH MS07-016 
150249 HIGH MS07-013 
150248 HIGH MS07-012 
150247 HIGH MS07-011 
150243 HIGH MS07-008 
150242 HIGH MS07-007 
150241 MEDIUM MS07-006 
141034 HIGH MS06-076 
141033 MEDIUM MS06-075 
141030 HIGH MS06-072 
137571 HIGH MS06-070 
137568 HIGH MS06-067 
133387 MEDIUM MS06-065 
133386 MEDIUM MS06-064 
133385 MEDIUM MS06-063 
133379 HIGH MS06-057 
131654 HIGH MS06-055 
129977 MEDIUM MS06-053 
129976 MEDIUM MS06-052 
126093 HIGH MS06-051 
126092 MEDIUM MS06-050 
126087 HIGH MS06-046 
126086 MEDIUM MS06-045 
126083 HIGH MS06-042 
126082 HIGH MS06-041 
126081 HIGH MS06-040 
123421 HIGH MS06-036 
123420 HIGH MS06-035 
120825 MEDIUM MS06-032 
120823 MEDIUM MS06-030 
120818 HIGH MS06-025 
120815 HIGH MS06-022 
120814 HIGH MS06-021 
117384 MEDIUM MS06-018 
114666 HIGH MS06-015 
114664 HIGH MS06-013 
108744 MEDIUM MS06-008 
108743 MEDIUM MS06-007 
108742 MEDIUM MS06-006 
104567 HIGH MS06-002 
104237 HIGH MS06-001 
96574 HIGH MS05-053 
93395 HIGH MS05-051 
93394 HIGH MS05-050 
93454 MEDIUM MS05-049 
;================================================= ================================================== ================================================== ==============================

Hola

Haz esto:

• Ve a Inicio > Ejecutar --> escribe: regedit --> borra la clave del registro en rojo:
  
  Cita:

  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

• Descargate OTMoveIt2 by OldTimer lo guardas en el Escritorio.
  • Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
  • Asegurate que este marcado "Unregister Dll's and Ocx's".
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste Standar List of Files / Folders to be moved.
  Código HTML:

  I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\Emule\Passport Photo 1.5.1 Crack.rar
  I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\007 Spy Software(Keylogger) Plus Serial By Deeohgee.zip
  I:\Archivos de programa\ESET\infected\XIEAISCA.NQF
  I:\Archivos de programa\ESET\infected\1Q2MRACA.NQF
  I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\Proteus_v7.2_SP2_Fu ll.rar
  I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\patch.exe
  I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip
  I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\SpyNoMore 2.83.080502.zip
  

  • Haz clic en MoveIt! Para lanzar la supresión.
  • Cuando el resultado aparece en el marco Results, haz clic en Exit.
  • Reinicia el PC (Este paso es muy importante)
  • Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles.
  
  
• Visita windows Update para que descargues las actualizaciones de seguridad que le faltan al sistema.
  Nota: Si tu Sistema Operativo no es original usa WinUp O descargatelas desde Wilkinsonpc.

- Al terminar borra C:\_OtmoveIt y vacia la papelera de reciclaje.
- Realiza un analisis completo con Kaspersky online scanner y pega su reporte.

Saludos.

Que tal maco1128 hize lo que indicaste y te adjunto mis logs para ver que que sigue
Saludos.

PD sigo con el mismo problema del nody del arranque a modo a prueba de fallos

07312008_231649.log
I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\Emule\Passport Photo 1.5.1 Crack.rar moved successfully.
I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\007 Spy Software(Keylogger) Plus Serial By Deeohgee.zip moved successfully.
I:\Archivos de programa\ESET\infected\XIEAISCA.NQF moved successfully.
I:\Archivos de programa\ESET\infected\1Q2MRACA.NQF moved successfully.
File/Folder I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\Proteus_v7.2_SP2_Fu ll.rar not found.
I:\Documents and Settings\Al-Azif\Mis documentos\Paco\USB_Cuba_Libre\patch.exe moved successfully.
File/Folder I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip not found.
I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\SpyNoMore 2.83.080502.zip moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_231649


KASPERSKY ONLINE SCANNER INFORME
viernes, 01 de agosto de 2008 10:02:58
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 1/08/2008
Registros en la base antivirus: 923525
Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero
Objetivo a analizar Mi PC
A:\
D:\
E:\
G:\
I:\
Estadísticas
Número de objeros analizados 161778
Virus encontrados 4
Objetos infectados 12 / 0
Objetos sospechosos 0
Duración del análisis 02:15:29

Bombre del objeto infectado Nombre del virus Última acción
I:\Documents and Settings\Al-Azif\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
I:\Documents and Settings\Al-Azif\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
I:\Documents and Settings\Al-Azif\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
I:\Documents and Settings\Al-Azif\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
I:\Documents and Settings\Al-Azif\Configuración local\Historial\History.IE5\MSHist0120080801200808 02\index.dat Object is locked saltado
I:\Documents and Settings\Al-Azif\Cookies\index.dat Object is locked saltado
I:\Documents and Settings\Al-Azif\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-8-1-2008( 7-23-47 ).LOG Object is locked saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF/crack.exe Infectados: Trojan.Win32.Monder.gen saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF/keygen.exe Infectados: Trojan-Downloader.Win32.Small.ury saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF/serial.exe Infectados: Trojan-Downloader.Win32.Small.tnt saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF RAR: infectado - 3 saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF PE-Crypt.XorPE: infectado - 3 saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF/crack.exe Infectados: Trojan.Win32.Monder.gen saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF/keygen.exe Infectados: Trojan-Downloader.Win32.Small.ury saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF/serial.exe Infectados: Trojan-Downloader.Win32.Small.tnt saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF RAR: infectado - 3 saltado
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF PE-Crypt.XorPE: infectado - 3 saltado
I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip/ChessGenius_for_Smartphone_1.3.exe Infectados: Trojan-Downloader.Win32.Bagle.un saltado
I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip ZIP: infectado - 1 saltado
I:\Documents and Settings\Al-Azif\NTUSER.DAT Object is locked saltado
I:\Documents and Settings\Al-Azif\ntuser.dat.LOG Object is locked saltado
I:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
I:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
I:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
I:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
I:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
I:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
I:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
I:\Documents and Settings\NetworkService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
I:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
I:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
I:\Documents and Settings\NetworkService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
I:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked saltado
I:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
I:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
I:\Sun\SDK\domains\domain1\logs\access\server_acce ss_log.2008-08-01.txt Object is locked saltado
I:\Sun\SDK\domains\domain1\logs\access\__asadmin_a ccess_log.2008-08-01.txt Object is locked saltado
I:\Sun\SDK\domains\domain1\logs\server.log Object is locked saltado
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
I:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
I:\WINDOWS\SchedLgU.Txt Object is locked saltado
I:\WINDOWS\Sti_Trace.log Object is locked saltado
I:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
I:\WINDOWS\system32\config\default Object is locked saltado
I:\WINDOWS\system32\config\default.LOG Object is locked saltado
I:\WINDOWS\system32\config\ODiag.evt Object is locked saltado
I:\WINDOWS\system32\config\OSession.evt Object is locked saltado
I:\WINDOWS\system32\config\SAM Object is locked saltado
I:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
I:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
I:\WINDOWS\system32\config\SECURITY Object is locked saltado
I:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
I:\WINDOWS\system32\config\software Object is locked saltado
I:\WINDOWS\system32\config\software.LOG Object is locked saltado
I:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
I:\WINDOWS\system32\config\system Object is locked saltado
I:\WINDOWS\system32\config\system.LOG Object is locked saltado
I:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
I:\WINDOWS\system32\h323log.txt Object is locked saltado
I:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
I:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
I:\WINDOWS\Temp\hsperfdata_SYSTEM\540 Object is locked saltado
I:\WINDOWS\wiadebug.log Object is locked saltado
I:\WINDOWS\wiaservc.log Object is locked saltado
Análisis completado.

Hola.

Realiza lo siguiente:

• Descargate OTMoveIt2 by OldTimer lo guardas en el Escritorio.
  • Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
  • Asegurate que este marcado "Unregister Dll's and Ocx's".
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste Standar List of Files / Folders to be moved.
  Código HTML:

  I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF
  I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF
  I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip
  

  • Haz clic en MoveIt! Para lanzar la supresión.
  • Cuando el resultado aparece en el marco Results, haz clic en Exit.
  • Reinicia el PC (Este paso es muy importante)
  • Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles.

*Nota*
- Pega el reporte de OTMoveIt2, luego borra: C:\_OtMoveIt (vacía la papelera de reciclaje).

Para reparar el inicio en modo seguro:

Descarga y ejecuta: RegUnlocker.

• Pulsa en la pestaña "Reparadores" y señala las opciones:
  • Reparar el Modo Seguro (Modo a prueba de fallos)
    
• Dale clic en Aplicar para ejecutar la herramienta.
• Luego de su ejecución reinicias el Pc y compruebas.

Lamentablemente el Bagle daño algunos ejecutables del antivirus, por lo que vas a tener que desinstalarlo, ejecutar el Ccleaner (en sus dos opciones) y volver a instalarlo.

Salu2!.

Maco1128: este es mi ultimo log

I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\J0XVGUCA.NQF moved successfully.
I:\Documents and Settings\Al-Azif\DoctorWeb\Quarantine\WHK30FAA.NQF moved successfully.
I:\Documents and Settings\Al-Azif\Mis documentos\eMule0.48a\Incoming\ChessGenius_for_Sma rtphone_1.3.zip moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_140711

Lograste que se repara el error que tenia en el arranque en modo aprueba de fallos. Ya reinstale el NO32 como me indicaste y tambien ya esta funcionando de nuevo, reinstale el hijackthis y nuevamente se puede ejecutar.
Hize de nuevo los 11 pasos y elimine y algunas cosas que encontre.
Espero que me indiques para ya cerrar este tema.

Hola.

Solo borra C:\_OtMoveIt y vacia la papelera de reciclaje.

Si todo esta funcionando correctamente y consideras que se solucionó el problema indicale a algún moderador, pulsando en el icono de la esquina superior derecha (), que el tema se puede cerrar por estar solucionado o terminado.

Saludos.

Hola a todo el foro y en especial a ti maco fijate que despues que realize las instrucciones que me diste, reinstale el NOD32 pero al parecer no se podia actualizar y de pronto me volvi a infectar, realize lo mismo que me dijiste se limpio y ahora de nuevo estoy infectado no se que pudiera hacer, algo mas agresivo para que quitar este virus.

Saludos