Necesito orientacion porque no se mucho del tema, por lo tanto no entiendo tambien las clasificaciones que ustedes manejan, mi pc tien un archivo que se llama Not harmful blue screenserver, es decir pone la pantalla azu y deshabilita el firewall, ( eso es lo que he podido ver hasta ahora), tengo windows Ue y he tratado con antispyware nod32 yCcleaner, ha borrado rogue pero, el harmful permanece. Baje el Hickjacks This e hice un analisis, pero me dicen que debo enviar un reporte, en eso es que necesito su ayuda, como no se mucho no quiero enviar algo que sea dañino sin saber
Gracias

Hola Ana Luisa Basco bienvenida al foro
Consejos para antes de publicar un nuevo mensaje
Políticas del Foro de InfoSpyware
NO Poner Logs De HijackThis Y/O ComboFIX En Este Sector Del Foro O Seran Eliminados.

en este sector no se puden poner log de hijackthis

Realiza lo siguiente:

Descarga y actualiza pero no ejecutes aun:

• SUPERAntiSpyware Free + Manual
• MalwareBytes + (Manual)
• Ccleaner + Manual

Apaga restaurar sistema
Reinicia a Modo Prueba de Fallos (Modo Seguro)

Ejecuta en este orden
SuperAntispyware -----------> Previamente actualizado.
MalwareBytes -----> Previamente actualizado.
Reinicia en modo normal.

Ejecuta El Ccleaner para limpiar Cookies y Temporales, Luego el Limpia el Registro haciendo copia de seguridad
Haz un escaneo online con:

• Manual ewido online (lee el Manual ) Ewido online escaner Luego del Escaneo le das a Remove Infections
• Kaspersky (lee el Manual) Y nos Pegas ese nuevo Reporte de Karpersky Aquí junto con el reporte de MalwareBytes.



PD:para que sea mas facil imprimi los pasos

Aqui vaMalwarebytes' Anti-Malware 1.24
Versión de la Base de Datos: 1054
Windows 5.1.2600 Service Pack 2

4:19:18 16-08-2008
mbam-log-8-16-2008 (04-19-18).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 104405
Tiempo transcurrido: 1 hour(s), 44 minute(s), 1 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 2
Valores del Registro Infectados: 14
Elementos de Datos del Registro Infectados: 4
Carpetas Infectadas: 12
Ficheros Infectados: 7

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\rhcrv6j0epe9 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\c:\archivos de programa\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\c:\archivos de programa\adwarealert\addons\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\c:\documents and settings\all users\menú inicio\programas\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\Archivos de programa\rhcrv6j0epe9 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun\HKCU\RunO nce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun\HKLM\RunO nce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun\StartMenu AllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Autorun\StartMenu CurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\rhcrv6j0epe9\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\Installer\{AE0A40BA-A528-4BFF-BEFF-17FE3FD435C0}\Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Archivos de programa\rhcrv6j0epe9\rhcrv6j0epe9.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrador\Datos de programa\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
n los reportes que me pidieron

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\GnabServ.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\wiadebug.log Object is locked saltado

C:\WINDOWS\wiaservc.log Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.

Bien por el MalwareBytes

Ahora lo que pegaste del kaspersky es cualquier cosa

Tenes que pegar el encabezado y todo el log completo en lo posible, podes envolverlo con code