Hola.

Realiza lo siguiente.................

• Descarga Ccleaner.
  
• Descarga SDFix@AndyManchesta.

• Apaga el Restaurar Sistema (solo en Win Me/XP y Vista).
  
• Reinicia en Modo Seguro (a prueba de fallos).
  
  
  1. Ejecuta SDFix;
     1. Entra en la carpeta C:\SDFix ubicada en el escritorio y haz doble clic sobre el archivo "Runthis.bat"
     2. Luego, presiona la tecla "Y" para que comience el chequeo,
     3. Al terminar, se creará un archivo dentro de la carpeta C:\SDFix llamado Report.txt,
     4. Copia y pega lo que indique ese reporte acá.
  
  
• Reinicia en modo normal;
  1. Usa el CCleaner para limpiar el sistema.
     • Primero utiliza la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
     • Luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
  2. Realiza un analisis completo del PC con Kaspersky Online Scanner.

*Nota*
- Al terminar reactiva el "restaurar sistema".
- Pega los reportes generados por Kaspersky y SDFix en este mismo tema.
- Para mayor comodidad imprime los pasos.

Saludos.

Después de esto hice un ccleaner malwarebytes superantispy y msn cleaner en modo seguro. Después hice un nuevo scan con kaspersky online y este es el reporte. A lo mejor ahora va con el OT. Podrías darme lo qeu tengo qeu poner. Muchas gracias.



Tuesday, September 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 23, 2008 10:57:01
Records in database: 1251052


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
E:\
F:\
G:\
H:\

Scan statistics
Files scanned 78176
Threat name 10
Infected objects 12
Suspicious objects 0
Duration of the scan 01:51:07

File name Threat name Threats count
C:\Archivos de programa\eMule\Incoming\CodecPackElisoft140\CodecP ackElisoft140.exe Infected: not-a-virus:AdWare.Win32.Gator.4104 1

C:\Archivos de programa\ESET\cache\FND0.NFI Infected: Trojan-Downloader.Win32.Delf.mly 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Archivos de programa\eMule\Incoming\CodecPackElisoft140.zip Infected: not-a-virus:AdWare.Win32.Gator.4104 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Archivos de programa\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: P2P-Worm.Win32.Insta.a 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: Trojan.Win32.EliteBar.a 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: Trojan.Win32.Pakes.aey 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: not-a-virus:AdWare.Win32.EZula.bg 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: Trojan.Win32.Pakes.amv 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\My Completed Downloads\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

The selected area was scanned.

Realiza lo siguiente:

• Ejecuta OTmoveIT2 como se explica en su manual colocando el siguiente script en la casilla "Paste Standard List of Files / Folders to be Moved".
  
  Código HTML:

  C:\Archivos de programa\eMule\Incoming\CodecPackElisoft140\CodecP ackElisoft140.exe 
  C:\Archivos de programa\ESET\cache\FND0.NFI 
  EmptyTemp
  

  Nota: Asegúrate que este marcado "Unregister Dll's and Ocx's"

*Nota*
- Pega el reporte de OTMoveIt2.
- Recuerda regresar y comentar los resultados.

Salu2!.

M@co

. Hola! Muchas gracias por tu ayuda y atención M@co.
Ahi va el reporte del OTmoveIT2:

Después haré lo del SDfix y ya lo posteo.



File/Folder C:\Archivos de programa\eMule\Incoming\CodecPackElisoft140\CodecP ackElisoft140.exe not found.
C:\Archivos de programa\ESET\cache\FND0.NFI moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\etilqs_wVpPpN3Vai gFkFp3jPxx scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\~DF50FD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\hsperfdata_Manuel \2296 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09232008_180316

Files moved on Reboot...
File C:\DOCUME~1\Manuel\CONFIG~1\Temp\etilqs_wVpPpN3Vai gFkFp3jPxx not found!
C:\DOCUME~1\Manuel\CONFIG~1\Temp\~DF50FD.tmp moved successfully.
File C:\DOCUME~1\Manuel\CONFIG~1\Temp\hsperfdata_Manuel \2296 not found!
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\FSSync.dll
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kave.dll
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\lha.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prLoader.dll
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\rar.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\Manuel\CONFIG~1\Temp\jkos-Manuel\binaries\WDiskIO.ppl moved successfully.

El reporte del SDfix, aparece al final la maldita florsita.
Acto seguido voya realizar com me has dicho otro scan con el Kaspersky y lo pego ahora.

Ahi va el reporte del SDfix:

SDFix: Version 1.228
Run by Manuel on 23/09/2008 at 18:28

Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 18:46:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\d346prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,4b,87,6a,9a,e4,5a,ef,ce,b7 ,5d,b4,dd,0d,2f,16,e0,73,..
"hj34z0"=hex:e1,0c,c3,3c,18,00,a2,a9,36,62,01,94,e 7,1c,a6,c2,45,c6,9f,9a,6c,..
"hj34z1"=hex:59,0c,c3,3c,60,00,a2,a9,37,62,00,94,e 6,1c,a6,c2,45,c6,9f,9a,dc,..
"hj34z2"=hex:59,0c,c3,3c,60,00,a2,a9,37,62,00,94,e 6,1c,a6,c2,45,c6,9f,9a,dc,..
"hj34z3"=hex:59,0c,c3,3c,60,00,a2,a9,37,62,00,94,e 6,1c,a6,c2,45,c6,9f,9a,dc,..
"hj34z4"=hex:59,0c,c3,3c,60,00,a2,a9,37,62,00,94,e 6,1c,a6,c2,45,c6,9f,9a,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Vax347s\Config\jdgg40]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
"DisplayName"="DAEMON Tools"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Manuel\\Configuraci¢n local\\Temp\\ST_NG_SetupWizard\\stInstall.exe"="C: \\Documents and Settings\\Manuel\\Configuraci¢n local\\Temp\\ST_NG_SetupWizard\\stInstall.exe:*:En abled:SpeedTouch Setup Wizard"
"E:\\NAT Manager\\natmgr.exe"="E:\\NAT Manager\\natmgr.exe:*:Enabled:SpeedTouch NAT manager"
"C:\\Archivos de programa\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Archivos de programa\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Archivos de programa\\eMule\\emule.exe"="C:\\Archivos de programa\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Archivos de programa\\BitTorrent\\bittorrent.exe"="C:\\Archivo s de programa\\BitTorrent\\bittorrent.exe:*:Enabled:Bit Torrent"
"C:\\Archivos de programa\\Azureus\\Azureus.exe"="C:\\Archivos de programa\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Archivos de programa\\Xfire\\xfire.exe"="C:\\Archivos de programa\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Archivos de programa\\Messenger\\msmsgs.exe"="C:\\Archivos de programa\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Archivos de programa\\Sierra Entertainment\\TimeShift\\bin\\TimeShift.Exe"="C:\ \Archivos de programa\\Sierra Entertainment\\TimeShift\\bin\\TimeShift.Exe:*:Ena bled:TimeShift"
"C:\\Archivos de programa\\Cyanide\\GameCenter\\GameCenter.exe"="C: \\Archivos de programa\\Cyanide\\GameCenter\\GameCenter.exe:*:En abled:GameCenter"
"C:\\Archivos de programa\\Cyanide\\Loki\\Loki.exe"="C:\\Archivos de programa\\Cyanide\\Loki\\Loki.exe:*:Enabled:Loki"
"C:\\Archivos de programa\\Cyanide\\Loki\\Autorun\\AutoRun.exe"="C: \\Archivos de programa\\Cyanide\\Loki\\Autorun\\AutoRun.exe:*:En abled:Loki - AutoRun"
"C:\\Archivos de programa\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.EXE"="C:\\Archivos de programa\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.EXE:*:Enabled:Warhammer©: Mark of ChaosT"
"C:\\Archivos de programa\\DAP\\DAP.exe"="C:\\Archivos de programa\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Archivos de programa\\Fury\\Binaries\\Fury.exe"="C:\\Archivos de programa\\Fury\\Binaries\\Fury.exe:*:Enabled:Fury"
"C:\\Archivos de programa\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"= "C:\\Archivos de programa\\Fury\\Binaries\\DiamondWare\\dwTVC.exe:* :Enabled:Fury VOIP"
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"="C:\\Archivo s de programa\\Bonjour\\mDNSResponder.exe:*:Enabled:Bon jour"
"C:\\Archivos de programa\\iTunes\\iTunes.exe"="C:\\Archivos de programa\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Archivos de programa\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Archivos de programa\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:UT3"
"C:\\Archivos de programa\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="C:\\Archivos de programa\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Archivos de programa\\FactuSol 2000\\Revisiones.exe"="C:\\Archivos de programa\\FactuSol 2000\\Revisiones.exe:*:Enabled:Revisiones"
"C:\\Archivos de programa\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Archivos de programa\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Archivos de programa\\mIRC\\mirc.exe"="C:\\Archivos de programa\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Archivos de programa\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Archivos de programa\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Archivos de programa\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Archivos de programa\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin' s Creed Dx10"
"C:\\Archivos de programa\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Archivos de programa\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assas sin's Creed Update"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Sat 20 Sep 2008 53,248 ...H. --- "C:\WINDOWS\Florsita.exe"
Sat 20 Sep 2008 53,248 ...H. --- "C:\WINDOWS\system32\drivers\Florsita.exe"
Mon 3 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 30 Mar 2008 8,024,064 A..H. --- "C:\Documents and Settings\Manuel\Mis documentos\prl\~WRL0599.tmp"
Tue 5 Dec 2006 32,768 A..H. --- "C:\Documents and Settings\Manuel\Escritorio\mai\Practicas Integradas\PRµCTICAS INTEGRADAS\~WRL0874.tmp"

Finished!

El reporte del kaspersky. MUchas gracias por todo.

Tuesday, September 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 23, 2008 16:29:18
Records in database: 1251510


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
E:\
F:\
G:\
H:\

Scan statistics
Files scanned 78210
Threat name 10
Infected objects 12
Suspicious objects 0
Duration of the scan 01:52:39

File name Threat name Threats count
C:\Archivos de programa\eMule\Incoming\CodecPackElisoft140\CodecP ackElisoft140.exe Infected: not-a-virus:AdWare.Win32.Gator.4104 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Archivos de programa\eMule\Incoming\CodecPackElisoft140.zip Infected: not-a-virus:AdWare.Win32.Gator.4104 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Archivos de programa\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: P2P-Worm.Win32.Insta.a 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: Trojan.Win32.EliteBar.a 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: Trojan.Win32.Pakes.aey 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: not-a-virus:AdWare.Win32.EZula.bg 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\Mis documentos\install.exe Infected: Trojan.Win32.Pakes.amv 1

C:\_OTMoveIt\MovedFiles\09232008_122819\Documents and Settings\Manuel\Mis documentos\My Completed Downloads\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

C:\_OTMoveIt\MovedFiles\09232008_180316\Archivos de programa\ESET\cache\FND0.NFI Infected: Trojan-Downloader.Win32.Delf.mly 1

The selected area was scanned.

Hola.

Haz lo siguiente:

• Descarga OTMoveIt2 by OldTimer en el escritorio.
  • Haz un doble clic sobre OTMoveIt.exe para ejecutarlo.
  • Asegúrate que este marcado "Unregister Dll's and Ocx's".
  • Copia el texto que se encuentra en el cuadrado más abajo, y pega el texto en el marco de izquierdo de OTMoveIt nombrado Paste List of Files / Folders to be moved.
  Código HTML:

  C:\Archivos de programa\eMule\Incoming\CodecPackElisoft140\CodecPackElisoft140.exe
  C:\WINDOWS\Florsita.exe
  C:\WINDOWS\system32\drivers\Florsita.exe
  EmptyTemp  
  

  • Haz clic en el botón rojo MoveIt! para lanzar la supresión.
  • Cuando el resultado aparezca en el marco Results, haz clic en Exit.
  • Reinicia el PC (Este paso es muy importante)
  • Envía el informe (reporte) de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles.

Salu2!.

The_M@co

Arreglado!!!!! Eres un genio tio!!!! Te lo agradezco en el alma. De verdad muchas muchas gracias. Un abrazo!





C:\Archivos de programa\eMule\Incoming\CodecPackElisoft140\CodecP ackElisoft140.exe moved successfully.
C:\WINDOWS\Florsita.exe moved successfully.
C:\WINDOWS\system32\drivers\Florsita.exe moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\etilqs_hxwO2ecadW 3YvQTbi2Qu scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Manuel\CONFIG~1\Temp\~DF47D8.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09232008_213849

Files moved on Reboot...
File C:\DOCUME~1\Manuel\CONFIG~1\Temp\etilqs_hxwO2ecadW 3YvQTbi2Qu not found!
C:\DOCUME~1\Manuel\CONFIG~1\Temp\~DF47D8.tmp moved successfully.

Hola.

Me alegra que se haya resuelto el problema.

Realiza lo siguiente:

• Haz doble clic en OTMoveIt2.exe para ejecutarlo.
  • Asegúrate de tener una conexión a Internet.
    
  • Haz clic en el botón verde CleanUp!.
    • Se descargará una lista de los componentes utilizados en la limpieza de malware.
      
    • Si el cortafuegos o protección en tiempo real intenta bloquear el acceso a Internet a OtMoveit2, por favor, permítele a la aplicación hacerlo.
      
    • Haz clic en "Yes" para iniciar el proceso de limpieza y eliminar estos componentes, entre ellos esta aplicación.
  • Se pedirá que reinicie la máquina para terminar el proceso de limpieza. Si se pide que reinicie la máquina elegir "Yes".

Si quieres agregar algo o reabrir el tema indicaselo a algún moderador del subforo, pulsando en el icono de la esquina superior derecha () y enviando el reporte respectivo.

Recuerda utilizar un navegador mas seguro como u


Saludos.

hola mira mi compu tenia lo mismo y solo le instale karperski y se le kito todo ......ya habia batallado mucho y al fin gracias y todos los comentarios de aki..suerte..