Problemas con las tildes (Solucionado)

**marinick** · 03/11/09, 13:02:10

Hola!
Bueno, primero comentaros que he visto que ya hay un post sobre este tema, pero no me deja postear en el.
He seguido las instrucciones que indican en ese post, pero mi problema continua

Os dejo los logs del Hijackthis y del Malwarebytes

---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:56, on 03/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\mshcxm32.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.formaciondigital.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9749 bytes
---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3092
Windows 5.1.2600 Service Pack 3

03/11/2009 18:46:49
mbam-log-2009-11-03 (18-46-49).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 215901
Tiempo transcurrido: 51 minute(s), 38 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 6
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

---------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------

Tambien tengo un problema añadido: cuando intento acceder a la banca por internet del Santander (Supernet) me aparece una pagina que no es la del banco, donde me pide la Clave de Transferencias. Lo he probado en otro pc y ese campo no lo pide. La url es la correcta, se accede por https, aparece el candado amarillo, y si le doy me verifica que la web es del gruposantander.
Si debo abrir un nuevo tema, por favor, decidmelo y disculpad las molestias

Gracias!

**Leosolari** · 03/11/09, 13:22:40

Hola marinick

No debes postear un problema de tu pc en donde se esta tratando otro tema, aunque el problema sea el mismo. Tienes que abrir un tema nuevo, como lo hiciste ahora.
Entonces, ahora con tu problema planteado seguimos en este hilo, solo con el problema de tu pc...

Descarga CCLEANER. Lo instalas según Su Manual

Actualiza Malwarebytes

Cierra todos los programas, ejecutas HijackThis , tildas las casillas de estas entradas y presionas "FIX Cheked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=64&bd=PAVILION &pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILI ON&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILI ON&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILI ON&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILI ON&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=ES_ES&c=64&bd=PAVILI ON&pf=desktop

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\system32\mshcxm32.exe,

Ejecuta CCLEANER usando sus opciones "Limpiador" y "Registro".

Ejecuta MALWAREBYTE´S.
Hacé un "escaneo completo". Una vez finalizado, si te detecta algo eliges " quitar lo seleccionado ".
Si te pide reiniciar, lo haces.

Utiliza INIREM 2.0.4 para desboquear el explorer y restaurar el archivo host.

Reinicia el ordenador y sacas un nuevo log de Hijackthis

En tu próxima respuesta, debes poner lo siguiente:

º El reporte de malwarebyte´s, que se encuentra en su pestaña REGISTROS
º Un nuevo log de Hijackthis
º Como funciona tu pc ahora

Saludos

**marinick** · 03/11/09, 16:37:06

Hola!
He hecho todo lo que me has dicho, pero sigo igual...

--------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------

Escribo los logs:

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3092
Windows 5.1.2600 Service Pack 3

03/11/2009 21:21:35
mbam-log-2009-11-03 (21-21-35).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 215677
Tiempo transcurrido: 47 minute(s), 16 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 4
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)
--------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:35, on 03/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\mshcxm32.exe,
O1 - Hosts: 75.127.69.91 www.forospyware.com
O1 - Hosts: 75.127.69.91 forospyware.com
O1 - Hosts: 75.127.86.187 www.infospyware.com
O1 - Hosts: 75.127.86.187 infospyware.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.formaciondigital.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: winmm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8807 bytes
-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------

¿alguna otra idea?

GRACIAS!

**Leosolari** · 03/11/09, 17:18:40

Hola de nuevo.

Tildaste la casilla de esta entrada y le diste al botón "FIX Cheked" de Hijackthis ??

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDO WS\system32\mshcxm32.exe,

Si no lo hiciste, lo haces, luego, busca y elimina este fichero de tu pc:

C:\WINDOWS\system32\mshcxm32.exe,

Nos comentas.

**marinick** · 03/11/09, 17:51:56

Creo que ahi esta el problema.
Le doy a FiX, pero al momento se vuelve a generar. Me he ido al registro, a la rama:
HKLM\software\microsoft\windows nt\winlogon y he modificado la clave userinit, pero al momento se vuelve a modificar.
El fichero C:\WINDOWS\system32\mshcxm32.exe no aparece, lo he buscado como oculto y tampoco.

**Leosolari** · 03/11/09, 18:11:42

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

PD: No vuelvas a ejecutar ComboFix ni ningun otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.

**marinick** · 04/11/09, 09:59:06

Ya he hecho lo que pedias. Aqui tienes el reporte. gracias!!!

ComboFix 09-11-03.03 - HP_Administrator 04/11/2009 15:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.1022.545 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\kwtstcb.hpn
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 01:47 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-11-03 16:53 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 16:53 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 20:19 . 2009-11-01 20:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 20:12 . 2008-04-14 00:12 146432 ----a-w- c:\windows\regedit1.exe
2009-11-01 16:54 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 16:54 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 16:54 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 16:54 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 16:54 . 2009-11-01 16:54 -------- d-----w- c:\program files\Avira
2009-11-01 16:54 . 2009-11-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-31 16:21 . 2009-10-31 16:20 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-22 20:55 . 2009-10-22 20:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-22 20:55 . 2009-10-22 20:55 -------- d-----w- c:\program files\MSBuild
2009-10-22 20:54 . 2009-10-22 20:54 -------- d-----w- c:\program files\Reference Assemblies
2009-10-22 20:54 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-22 20:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-22 20:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-22 20:54 . 2009-10-22 20:54 -------- d-----w- C:\e15580ecbdc51b123766
2009-10-22 20:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-22 20:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-22 20:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-22 20:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-20 16:08 . 2009-10-20 16:08 -------- d-----w- C:\aa5194bc1619fa5ef1b107
2009-10-20 15:12 . 2009-10-20 15:13 -------- d-----w- c:\program files\CleanUp!
2009-10-20 14:59 . 2009-10-20 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-20 14:59 . 2009-10-20 14:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-20 14:59 . 2009-10-20 14:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-20 14:58 . 2009-10-20 14:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-20 14:44 . 2009-10-20 14:44 -------- d-----w- C:\VundoFix Backups
2009-10-20 14:36 . 2009-10-20 14:43 -------- d-----w- c:\program files\RegCleaner
2009-10-19 18:55 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-19 18:54 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-19 18:46 . 2009-11-03 22:49 -------- d-----w- c:\program files\CCleaner
2009-10-19 18:34 . 2009-11-01 19:42 -------- d-----w- c:\program files\EMCO Malware Destroyer
2009-10-19 18:32 . 2009-10-19 18:32 -------- d-sh--w- c:\windows\ftpcache
2009-10-18 19:20 . 2009-10-18 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-18 19:20 . 2009-10-18 19:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-18 18:15 . 2009-10-18 18:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-18 18:15 . 2009-10-18 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2009-10-18 16:39 . 2009-10-31 22:59 -------- d-----w- c:\documents and settings\HP_Administrator\Tracing
2009-10-18 16:38 . 2009-10-18 16:38 -------- d-----w- c:\program files\Microsoft
2009-10-18 16:37 . 2009-10-18 16:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-18 16:35 . 2009-10-18 16:35 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 18:21 . 2007-04-25 19:49 71400 -c--a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 15:16 . 2009-03-10 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-20 15:54 . 2006-08-12 09:40 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-10-18 19:54 . 2008-10-22 15:40 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-18 19:54 . 2008-10-22 15:40 -------- d-----w- c:\program files\Nokia
2009-10-18 19:54 . 2008-10-22 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-10-18 19:25 . 2006-08-12 17:55 -------- d-----w- c:\program files\Java
2009-10-18 18:14 . 2008-09-21 09:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-10-18 16:43 . 2008-09-21 09:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-10-18 16:37 . 2008-03-05 19:57 -------- d-----w- c:\program files\Windows Live
2009-09-21 18:51 . 2007-05-11 16:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Image Zone Express
2009-09-11 14:18 . 2004-08-09 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-09 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-09 21:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-09 21:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2004-08-09 21:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2004-08-09 21:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2004-08-09 21:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2004-08-09 21:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2004-08-09 21:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2004-08-09 21:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2007-06-02 15:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2004-08-09 21:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2007-11-03 15:02 . 2007-11-03 15:02 251 -c--a-w- c:\program files\wt3d.ini
2007-05-07 20:38 . 2007-05-07 20:38 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-12 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-6 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Inicio r*pido de Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\mshcxm32.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\winmm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 15:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 15:03 51440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/11/2009 17:54 108289]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/08/2006 19:18 2829696]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 15:51 4096]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [24/04/2007 16:55 162176]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [12/08/2006 19:18 468768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562878181-1604441590-3082518484-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 20:06]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562878181-1604441590-3082518484-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://www.forospyware.com
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: formaciondigital.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
AddRemove-HijackThis - k:\antivirus\HiJackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 15:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\mshcxm32.exe 241664 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwe.sys >>UNKNOWN [0x87188938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF73A3B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\Browser]
@DACL=(02 0000)
@SACL=
"IE"="0"
"Netscape"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\BWOPT]
@DACL=(02 0000)
@SACL=
"bwsupport"="1"
"bwoffers"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\HPGuide]
@DACL=(02 0000)
@SACL=
"HPGuideLaunch"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\HPSU]
@DACL=(02 0000)
@SACL=
"OptInPath"="c:\\hp\\bin\\cloaker.exe"
"OptInCmdLine"="c:\\hp\\drivers\\hpsu\\HPSU_optin.bat"
"OptOutPath"="c:\\hp\\bin\\cloaker.exe"
"OptOutCmdLine"="c:\\hp\\drivers\\hpsu\\HPSU_optout.bat"
"hpsulaunch"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\NIS]
@DACL=(02 0000)
@SACL=
"NISRun"="1"
"NISPath"="c:\\windows\\system32\\pcintro\\autorun.exe"
"NISCmdLine"="security.cmd"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\SP3\KB912067\Filelist]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\wininet.dll
.
Completion time: 2009-11-04 15:56
ComboFix-quarantined-files.txt 2009-11-04 14:55

Pre-Run: 69.958.402.048 bytes free
Post-Run: 69.973.450.752 bytes libres

**Leosolari** · 04/11/09, 12:55:15

Realiza lo siguiente :

Clic en INICIO > EJECUTAR >
- Y ahí pones notepad.exe y ACEPTAR
- Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad

Código:

KillAll::

File::
c:\windows\system32\mshcxm32.exe


Rootkit::
c:\windows\system32\mshcxm32.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-

Guarda este archivo con el nombre CFScript.txt
Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.
ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.

Despuès de reiniciar, nos comentas como funciona el ordenador ahora.

saludos

**marinick** · 04/11/09, 13:35:40

SOLUCIONADO!!!

Ya me funciona, tanto las tildes como la web de Supernet.
Muchisimas gracias, sois la caña!

Aqui teneis el report del ComboFix

ComboFix 09-11-03.03 - HP_Administrator 04/11/2009 19:14.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.1022.569 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\windows\system32\mshcxm32.exe"
.

((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 01:47 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-11-03 16:53 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 16:53 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 16:53 . 2009-11-03 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 20:19 . 2009-11-01 20:19 -------- d-----w- c:\program files\Trend Micro
2009-11-01 20:12 . 2008-04-14 00:12 146432 ----a-w- c:\windows\regedit1.exe
2009-11-01 16:54 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-01 16:54 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-01 16:54 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-01 16:54 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-01 16:54 . 2009-11-01 16:54 -------- d-----w- c:\program files\Avira
2009-11-01 16:54 . 2009-11-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-31 16:21 . 2009-10-31 16:20 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-22 20:55 . 2009-10-22 20:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-22 20:55 . 2009-10-22 20:55 -------- d-----w- c:\program files\MSBuild
2009-10-22 20:54 . 2009-10-22 20:54 -------- d-----w- c:\program files\Reference Assemblies
2009-10-22 20:54 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-22 20:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-22 20:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-22 20:54 . 2009-10-22 20:54 -------- d-----w- C:\e15580ecbdc51b123766
2009-10-22 20:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-22 20:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-22 20:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-22 20:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-20 16:08 . 2009-10-20 16:08 -------- d-----w- C:\aa5194bc1619fa5ef1b107
2009-10-20 15:12 . 2009-10-20 15:13 -------- d-----w- c:\program files\CleanUp!
2009-10-20 14:59 . 2009-10-20 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-20 14:59 . 2009-10-20 14:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-20 14:59 . 2009-10-20 14:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-20 14:58 . 2009-10-20 14:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-20 14:44 . 2009-10-20 14:44 -------- d-----w- C:\VundoFix Backups
2009-10-20 14:36 . 2009-10-20 14:43 -------- d-----w- c:\program files\RegCleaner
2009-10-19 18:55 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-19 18:54 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-19 18:46 . 2009-11-03 22:49 -------- d-----w- c:\program files\CCleaner
2009-10-19 18:34 . 2009-11-01 19:42 -------- d-----w- c:\program files\EMCO Malware Destroyer
2009-10-19 18:32 . 2009-10-19 18:32 -------- d-sh--w- c:\windows\ftpcache
2009-10-18 19:20 . 2009-10-18 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-18 19:20 . 2009-10-18 19:20 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-18 18:15 . 2009-10-18 18:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-18 18:15 . 2009-10-18 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2009-10-18 16:39 . 2009-10-31 22:59 -------- d-----w- c:\documents and settings\HP_Administrator\Tracing
2009-10-18 16:38 . 2009-10-18 16:38 -------- d-----w- c:\program files\Microsoft
2009-10-18 16:37 . 2009-10-18 16:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-18 16:35 . 2009-10-18 16:35 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 18:21 . 2007-04-25 19:49 71400 -c--a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 15:16 . 2009-03-10 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-20 15:54 . 2006-08-12 09:40 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-10-18 19:54 . 2008-10-22 15:40 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-18 19:54 . 2008-10-22 15:40 -------- d-----w- c:\program files\Nokia
2009-10-18 19:54 . 2008-10-22 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-10-18 19:25 . 2006-08-12 17:55 -------- d-----w- c:\program files\Java
2009-10-18 18:14 . 2008-09-21 09:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-10-18 16:43 . 2008-09-21 09:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-10-18 16:37 . 2008-03-05 19:57 -------- d-----w- c:\program files\Windows Live
2009-09-21 18:51 . 2007-05-11 16:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Image Zone Express
2009-09-11 14:18 . 2004-08-09 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-09 21:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-09 21:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-09 21:00 247326 ------w- c:\windows\system32\strmdll.dll
2007-11-03 15:02 . 2007-11-03 15:02 251 -c--a-w- c:\program files\wt3d.ini
2007-05-07 20:38 . 2007-05-07 20:38 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_14.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-04 18:22 . 2009-11-04 18:22 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat
- 2005-08-30 21:02 . 2009-11-03 20:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 21:02 . 2009-11-04 15:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 13:51 . 2009-11-04 15:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 13:51 . 2009-11-03 20:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 13:51 . 2009-11-04 15:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 13:51 . 2009-11-03 20:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-12 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-6 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Inicio r*pido de Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\winmm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29/02/2008 15:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 15:03 51440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/11/2009 17:54 108289]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/08/2006 19:18 2829696]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 15:51 4096]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [24/04/2007 16:55 162176]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [12/08/2006 19:18 468768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562878181-1604441590-3082518484-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 20:06]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3562878181-1604441590-3082518484-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://www.forospyware.com
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: formaciondigital.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spgj.sys >>UNKNOWN [0x87188938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF73A3B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF73A3B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\Browser]
@DACL=(02 0000)
@SACL=
"IE"="0"
"Netscape"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\BWOPT]
@DACL=(02 0000)
@SACL=
"bwsupport"="1"
"bwoffers"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\HPGuide]
@DACL=(02 0000)
@SACL=
"HPGuideLaunch"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\HPSU]
@DACL=(02 0000)
@SACL=
"OptInPath"="c:\\hp\\bin\\cloaker.exe"
"OptInCmdLine"="c:\\hp\\drivers\\hpsu\\HPSU_optin.bat"
"OptOutPath"="c:\\hp\\bin\\cloaker.exe"
"OptOutCmdLine"="c:\\hp\\drivers\\hpsu\\HPSU_optout.bat"
"hpsulaunch"="0"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\cpc\PCINTRO\NIS]
@DACL=(02 0000)
@SACL=
"NISRun"="1"
"NISPath"="c:\\windows\\system32\\pcintro\\autorun.exe"
"NISCmdLine"="security.cmd"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\SP3\KB912067\Filelist]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSES.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-11-04 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 18:28
ComboFix2.txt 2009-11-04 14:56

Pre-Run: 69.965.017.088 bytes free
Post-Run: 69.929.693.184 bytes libres

**Leosolari** · 04/11/09, 16:08:43

Hola de nuevo

Desinstala CF de esta manera:

Ve a Inicio > Ejecutar
Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:

o
Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Esto realizara las siguientes tareas:

Se borraran:
- ComboFix: sus archivos y carpetas.
- VundoFix: copias de seguridad (si está presente)
- La carpeta C:\Deckard (si está presente)
- La carpeta C: _OtMoveIt (si está presente)
Restablece la configuración del reloj.
Ocultar extensiones de archivo (si es necesario.)
Oculta los archivos que estaban ocultos
Reactiva el "Restaurar Sistema"

Nos comentas como va el ordenador ahora.

Saludos

Problemas con las tildes (Solucionado)

Herramientas

Problemas con las tildes (Solucionado)

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´

Re: Problemas con las tildes ´´