Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

ok...pfuuuu !!!
Lo primero !!!ahora, en modo normal, no me han salido ventanas de publicidad...eso esta bien , pero el pc esta muy muy lento... tambien me ha salido una ventanita de error : " Initdsk.exe ha detectado un problema y debe cerrarse"
la he apartado para no interumpir el proceso de virus total.

Tambien debes saber que he ejecutado el OTM en modo a prueba de fallos y ya que me dijiste despues de hacerlo en modo normal, lo hice de nuevo en modo normal ( eso explica porque en el segundo log empieza diciendo que: " exe not found etc...
Te paso los dos logs, primero el hecho en modo a prueba de fallos:

All processes killed
========== FILES ==========
c:\windows\sed.exe moved successfully.
c:\windows\PEV.exe moved successfully.
c:\windows\SWREG.exe moved successfully.
c:\windows\msfont.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: yanu
->Temp folder emptied: 30004 bytes
->Temporary Internet Files folder emptied: 34715974 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2114656 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
Windows Temp folder emptied: 3976775 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38,98 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11052009_185338

Files moved on Reboot...

Registry entries deleted on Reboot...

__________________________________________________ _____

Y tambien el hecho en modo normal:

All processes killed
========== FILES ==========
File/Folder c:\windows\sed.exe not found.
File/Folder c:\windows\PEV.exe not found.
File/Folder c:\windows\SWREG.exe not found.
c:\windows\msfont.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: yanu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1448525 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,41 mb


OTM by OldTimer - Version 3.0.0.6 log created on 11052009_190722

Files moved on Reboot...

Registry entries deleted on Reboot...
__________________________________________________ _______
Ahora , el resultado del virus total:


Motor antivirus Versión Última actualización Resultado
a-squared 4.5.0.41 2009.11.05 -
AhnLab-V3 5.0.0.2 2009.11.05 -
AntiVir 7.9.1.53 2009.11.05 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.05 -
Avast 4.8.1351.0 2009.11.05 -
AVG 8.5.0.423 2009.11.05 -
BitDefender 7.2 2009.11.05 -
CAT-QuickHeal 10.00 2009.11.05 -
ClamAV 0.94.1 2009.11.05 -
Comodo 2850 2009.11.05 -
DrWeb 5.0.0.12182 2009.11.05 -
eTrust-Vet 35.1.7105 2009.11.05 -
F-Prot 4.5.1.85 2009.11.05 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.05 -
GData 19 2009.11.05 -
Ikarus T3.1.1.74.0 2009.11.05 -
Jiangmin 11.0.800 2009.11.05 -
K7AntiVirus 7.10.889 2009.11.05 -
Kaspersky 7.0.0.125 2009.11.05 -
McAfee 5792 2009.11.04 -
McAfee+Artemis 5793 2009.11.05 -
McAfee-GW-Edition 6.8.5 2009.11.05 Heuristic.BehavesLike.Win32.Downloader.I
Microsoft 1.5202 2009.11.05 -
NOD32 4576 2009.11.05 -
Norman 6.03.02 2009.11.05 W32/Obfuscated.F!genr
nProtect 2009.1.8.0 2009.11.05 -
Panda 10.0.2.2 2009.11.04 -
PCTools 7.0.3.5 2009.11.05 -
Prevx 3.0 2009.11.05 High Risk Cloaked Malware
Rising 21.54.34.00 2009.11.05 -
Sophos 4.47.0 2009.11.05 -
Sunbelt 3.2.1858.2 2009.11.05 -
Symantec 1.4.4.12 2009.11.05 -
TheHacker 6.5.0.2.061 2009.11.05 -
TrendMicro 9.0.0.1003 2009.11.05 -
VBA32 3.12.10.11 2009.11.04 -
ViRobot 2009.11.5.2023 2009.11.05 -
VirusBuster 4.6.5.0 2009.11.05 -
Información adicional
Tamano archivo: 335360 bytes
MD5...: 9e4acdf154a2b512243e01330697e091
SHA1..: 54c52585161c99776c71a8c85c19a71faa532620
SHA256: e3a6bfba647d5da3c97cde15ee12d866ea130e05dec0012832 b4353eb499a1ba
ssdeep: 6144:1NO+8xvh6+W10AYtTEljn8zb0cEUryL/jNw7etW+N48T5zKfJt:Yh6IAYtU
uEUrybjNG0WY0xt

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1f051
timedatestamp.....: 0x4ae02820 (Thu Oct 22 09:38:40 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x31e39 0x32000 6.57 af212ceb8a4a3a3e091b0e53415eddad
.rdata 0x33000 0xcfa8 0xd000 4.92 9894b9a0eead4da17fefcffc3bdaff37
.data 0x40000 0x6818 0x2c00 4.13 d565f955f0719c287e79be919a2bb9b9
.rsrc 0x47000 0x7930 0x7a00 4.77 ebfbec94fe1d54fde0404bb51c3575a7
.reloc 0x4f000 0x82f6 0x8400 3.77 d95af4c3f3bc7d8d31ced4ddc3f7d7ea

( 11 imports )
> KERNEL32.dll: RtlUnwind, ExitProcess, RaiseException, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapSize, HeapReAlloc, SetUnhandledExceptionFilter, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, HeapFree, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetTimeZoneInformation, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEnvironmentVariableA, HeapAlloc, GetStartupInfoW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetTickCount, SetErrorMode, FileTimeToSystemTime, CreateFileW, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, FormatMessageW, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalFree, LocalAlloc, GlobalFlags, MulDiv, GetModuleHandleA, WritePrivateProfileStringW, lstrlenA, InterlockedDecrement, lstrlenW, GetThreadLocale, InterlockedIncrement, GetCurrentProcessId, CloseHandle, GlobalAddAtomW, GlobalFindAtomW, GetVersionExW, CompareStringW, LoadLibraryA, GetLastError, SetLastError, GetVersionExA, GlobalUnlock, FreeResource, GlobalFree, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesW, GetModuleFileNameW, lstrcmpA, GetLocaleInfoW, LoadLibraryW, CompareStringA, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, SizeofResource, WideCharToMultiByte, InterlockedExchange, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GetModuleHandleW, GetProcAddress, IsDebuggerPresent, Sleep
> USER32.dll: RegisterClipboardFormatW, PostThreadMessageW, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, InvalidateRect, CopyAcceleratorTableW, SetRect, IsRectEmpty, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, ReleaseCapture, LoadCursorW, SetCapture, ClientToScreen, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, CharNextW, GetWindowThreadProcessId, SetCursor, GetMessageW, TranslateMessage, GetCursorPos, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, ModifyMenuW, GetMenuState, EnableMenuItem, CheckMenuItem, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, SetWindowsHookExW, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetFocus, SetFocus, GetWindowTextW, GetForegroundWindow, GetLastActivePopup, DispatchMessageW, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageW, MapWindowPoints, GetKeyState, SetMenu, SetForegroundWindow, LoadIconW, SetLayeredWindowAttributes, SetTimer, SendMessageW, IsWindowVisible, UpdateWindow, GetClientRect, GetSubMenu, GetMenuItemID, GetMenuItemCount, MessageBoxW, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, UnregisterClassW, CharUpperW, AdjustWindowRectEx, GetSysColorBrush, DestroyMenu, ValidateRect, EnableWindow, PostMessageW, PostQuitMessage, SetWindowPos, MapDialogRect, GetParent, SetWindowContextHelpId, GetWindow, EndDialog, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, GetWindowLongW, IsWindow, DestroyWindow, CreateDialogIndirectParamW, SetActiveWindow, GetActiveWindow, GetDesktopWindow, GetSystemMetrics, GetWindowRect, GetWindowPlacement, IsIconic, SystemParametersInfoA, IntersectRect, OffsetRect, SetWindowLongW, GetMenu, PtInRect, CopyRect, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, EqualRect
> GDI32.dll: ExtSelectClipRgn, DeleteDC, CreateRectRgnIndirect, GetRgnBox, GetMapMode, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutW, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetTextColor, GetBkColor, GetDeviceCaps, GetStockObject, CreateBitmap, GetObjectW, SetBkColor, SetTextColor, GetClipBox, TextOutW
> COMDLG32.dll: GetFileTitleW
> WINSPOOL.DRV: DocumentPropertiesW, ClosePrinter, OpenPrinterW
> ADVAPI32.dll: RegQueryValueW, RegSetValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW
> COMCTL32.dll: InitCommonControlsEx
> SHLWAPI.dll: PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFindExtensionW
> oledlg.dll: OleUIBusyW
> ole32.dll: CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CoDisconnectObject, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, OleIsCurrentClipboard, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, CLSIDFromProgID, OleFlushClipboard, CoRegisterMessageFilter, CoGetClassObject
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=9B04EA86002AFF131E16055B8 AF6AF00BFF0778F' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=9B04EA86002AFF131E16055B8 AF6AF00BFF0778F</a>

__________________________________________________ __________


Espero ordenes ...
gracias

Upppsss...no habia visto lo de " compactar " el resultado de virus total...
Aqui lo tienes...

Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.05;-
AhnLab-V3;5.0.0.2;2009.11.05;-
AntiVir;7.9.1.53;2009.11.05;-
Antiy-AVL;2.0.3.7;2009.11.05;-
Authentium;5.2.0.5;2009.11.05;-
Avast;4.8.1351.0;2009.11.05;-
AVG;8.5.0.423;2009.11.05;-
BitDefender;7.2;2009.11.05;-
CAT-QuickHeal;10.00;2009.11.05;-
ClamAV;0.94.1;2009.11.05;-
Comodo;2850;2009.11.05;-
DrWeb;5.0.0.12182;2009.11.05;-
eTrust-Vet;35.1.7105;2009.11.05;-
F-Prot;4.5.1.85;2009.11.05;-
F-Secure;9.0.15370.0;2009.11.04;-
Fortinet;3.120.0.0;2009.11.05;-
GData;19;2009.11.05;-
Ikarus;T3.1.1.74.0;2009.11.05;-
Jiangmin;11.0.800;2009.11.05;-
K7AntiVirus;7.10.889;2009.11.05;-
Kaspersky;7.0.0.125;2009.11.05;-
McAfee;5793;2009.11.05;-
McAfee+Artemis;5793;2009.11.05;-
McAfee-GW-Edition;6.8.5;2009.11.05;Heuristic.BehavesLike.Win 32.Downloader.I
Microsoft;1.5202;2009.11.05;-
NOD32;4576;2009.11.05;-
Norman;6.03.02;2009.11.05;W32/Obfuscated.F!genr
nProtect;2009.1.8.0;2009.11.05;-
Panda;10.0.2.2;2009.11.04;-
PCTools;7.0.3.5;2009.11.05;-
Prevx;3.0;2009.11.05;High Risk Cloaked Malware
Rising;21.54.34.00;2009.11.05;-
Sophos;4.47.0;2009.11.05;-
Sunbelt;3.2.1858.2;2009.11.05;-
Symantec;1.4.4.12;2009.11.05;-
TheHacker;6.5.0.2.061;2009.11.05;-
TrendMicro;9.0.0.1003;2009.11.05;-
VBA32;3.12.10.11;2009.11.04;-
ViRobot;2009.11.5.2023;2009.11.05;-
VirusBuster;4.6.5.0;2009.11.05;-

Información adicional
Tamano archivo: 335360 bytes
MD5...: 9e4acdf154a2b512243e01330697e091
SHA1..: 54c52585161c99776c71a8c85c19a71faa532620
SHA256: e3a6bfba647d5da3c97cde15ee12d866ea130e05dec0012832 b4353eb499a1ba
ssdeep: 6144:1NO+8xvh6+W10AYtTEljn8zb0cEUryL/jNw7etW+N48T5zKfJt:Yh6IAYtU<BR>uEUrybjNG0WY0xt<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1f051<BR>timedatestamp.....: 0x4ae02820 (Thu Oct 22 09:38:40 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x31e39 0x32000 6.57 af212ceb8a4a3a3e091b0e53415eddad<BR>.rdata 0x33000 0xcfa8 0xd000 4.92 9894b9a0eead4da17fefcffc3bdaff37<BR>.data 0x40000 0x6818 0x2c00 4.13 d565f955f0719c287e79be919a2bb9b9<BR>.rsrc 0x47000 0x7930 0x7a00 4.77 ebfbec94fe1d54fde0404bb51c3575a7<BR>.reloc 0x4f000 0x82f6 0x8400 3.77 d95af4c3f3bc7d8d31ced4ddc3f7d7ea<BR><BR>( 11 imports ) <BR>&gt; KERNEL32.dll: RtlUnwind, ExitProcess, RaiseException, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, HeapSize, HeapReAlloc, SetUnhandledExceptionFilter, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, HeapFree, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetTimeZoneInformation, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEnvironmentVariableA, HeapAlloc, GetStartupInfoW, GetFileTime, GetFileSizeEx, GetFileAttributesW, FileTimeToLocalFileTime, GetTickCount, SetErrorMode, FileTimeToSystemTime, CreateFileW, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, FormatMessageW, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalFree, LocalAlloc, GlobalFlags, MulDiv, GetModuleHandleA, WritePrivateProfileStringW, lstrlenA, InterlockedDecrement, lstrlenW, GetThreadLocale, InterlockedIncrement, GetCurrentProcessId, CloseHandle, GlobalAddAtomW, GlobalFindAtomW, GetVersionExW, CompareStringW, LoadLibraryA, GetLastError, SetLastError, GetVersionExA, GlobalUnlock, FreeResource, GlobalFree, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesW, GetModuleFileNameW, lstrcmpA, GetLocaleInfoW, LoadLibraryW, CompareStringA, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, SizeofResource, WideCharToMultiByte, InterlockedExchange, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GetModuleHandleW, GetProcAddress, IsDebuggerPresent, Sleep<BR>&gt; USER32.dll: RegisterClipboardFormatW, PostThreadMessageW, MessageBeep, GetNextDlgGroupItem, InvalidateRgn, InvalidateRect, CopyAcceleratorTableW, SetRect, IsRectEmpty, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, ReleaseCapture, LoadCursorW, SetCapture, ClientToScreen, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, CharNextW, GetWindowThreadProcessId, SetCursor, GetMessageW, TranslateMessage, GetCursorPos, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, ModifyMenuW, GetMenuState, EnableMenuItem, CheckMenuItem, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, SetWindowsHookExW, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetFocus, SetFocus, GetWindowTextW, GetForegroundWindow, GetLastActivePopup, DispatchMessageW, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, PeekMessageW, MapWindowPoints, GetKeyState, SetMenu, SetForegroundWindow, LoadIconW, SetLayeredWindowAttributes, SetTimer, SendMessageW, IsWindowVisible, UpdateWindow, GetClientRect, GetSubMenu, GetMenuItemID, GetMenuItemCount, MessageBoxW, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, UnregisterClassW, CharUpperW, AdjustWindowRectEx, GetSysColorBrush, DestroyMenu, ValidateRect, EnableWindow, PostMessageW, PostQuitMessage, SetWindowPos, MapDialogRect, GetParent, SetWindowContextHelpId, GetWindow, EndDialog, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, GetWindowLongW, IsWindow, DestroyWindow, CreateDialogIndirectParamW, SetActiveWindow, GetActiveWindow, GetDesktopWindow, GetSystemMetrics, GetWindowRect, GetWindowPlacement, IsIconic, SystemParametersInfoA, IntersectRect, OffsetRect, SetWindowLongW, GetMenu, PtInRect, CopyRect, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, EqualRect<BR>&gt; GDI32.dll: ExtSelectClipRgn, DeleteDC, CreateRectRgnIndirect, GetRgnBox, GetMapMode, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutW, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetTextColor, GetBkColor, GetDeviceCaps, GetStockObject, CreateBitmap, GetObjectW, SetBkColor, SetTextColor, GetClipBox, TextOutW<BR>&gt; COMDLG32.dll: GetFileTitleW<BR>&gt; WINSPOOL.DRV: DocumentPropertiesW, ClosePrinter, OpenPrinterW<BR>&gt; ADVAPI32.dll: RegQueryValueW, RegSetValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW<BR>&gt; COMCTL32.dll: InitCommonControlsEx<BR>&gt; SHLWAPI.dll: PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFindExtensionW<BR>&gt; oledlg.dll: OleUIBusyW<BR>&gt; ole32.dll: CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CoDisconnectObject, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, OleIsCurrentClipboard, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, CLSIDFromProgID, OleFlushClipboard, CoRegisterMessageFilter, CoGetClassObject<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=9B04EA86002AFF131E16055B8 AF6AF00BFF0778F' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=9B04EA86002AFF131E16055B8 AF6AF00BFF0778F&lt;/a&gt;
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Espero....

Realiza esto:


Elimina OTM y su cuarentena así cuarentena:

• Ejecuta OTM.exe

1. Asegurate de estar conectado a internet.
2. Presiona el botón CleanUp!
3. Confirma el inicio del proceso de limpieza pulsando en "Yes".
4. Aparecerá un listado de las herramientas usadas durante la desinfección.
5. OTMoveIt3 pedira que reinicie el sistema, confirmelo pulsando en "Yes".

En modo normal:

• Realiza una limpieza a tu disco duro con:
• Disk Cleaner
• Lo instalas y ejecutas esta opción,
• Eliminar Archivos Innecesarios Con Disk Cleaner

Siguiendo sus manuales ejecuta:

Glary Utilities>> Manual.

Argente - Registry Cleaner

Reinicias y Luego nos comentas los resultados.

AAAyyyy.....parece que no va el link del manual de " Glary Utilities" en tu anterior post.
Y prefiero esperar que me lo des bien en vez de hacer las cosas mal...
( por cierto, llevo un tiempo en modo normal y solo se me ha abierto una ventana de publicidad)
Espero el manual del Glary Utilities para seguirlo
gracias

He seguido cada paso:
- OTM
- Disk cleaner
- Glary Utilities
- Argente.

acabo de reiniciar en modo normal y siguen saliendo las ventanas de publicidad ,

el taskmgr.exe no responde.... tampoco funciona el regedit...

y ahora mismo acabo de salir una ventanita de error: " Initdsk.exe ha detectado un problema y debe cerrarse" !!!

...........que se puede hacer ???

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

HOla Anoika,

Para tu informacion, en modo seguro, he scaneado con el spybot y ahi estaba el hupigon13, pero no lo he limpiado...lo he dejado tal cual. y pase el combofix con todas las ventanas cerradas etc...aqui tienes el log:

ComboFix 09-11-05.01 - yanu 06/11/2009 7:40.4.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1023.794 [GMT 1:00]
Running from: c:\documents and settings\yanu\Escritorio\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Muestras
c:\muestras\*IEXPLORE.EXE.Muestra EliStartPage v19.59
c:\windows\msfont.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-05 22:54 . 2009-11-05 22:54 -------- d-----w- c:\archivos de programa\Argente Software
2009-11-05 22:21 . 2009-11-05 22:21 -------- d-----w- c:\archivos de programa\Glary Utilities
2009-11-05 21:14 . 2009-11-05 21:54 -------- d-----w- c:\documents and settings\yanu\Datos de programa\GlarySoft
2009-11-05 20:36 . 2009-11-05 20:40 -------- d-----w- c:\archivos de programa\Disk Cleaner
2009-11-04 08:55 . 2009-11-04 08:57 -------- d-----w- c:\archivos de programa\Navilog1
2009-11-03 21:44 . 2009-11-05 22:06 -------- d-----w- c:\archivos de programa\Panda Security
2009-11-03 20:23 . 2009-11-03 20:23 -------- d-----w- c:\documents and settings\yanu\Datos de programa\Malwarebytes
2009-11-03 20:23 . 2009-11-03 20:23 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-11-03 18:20 . 2009-11-03 18:20 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2009-10-31 18:16 . 2009-11-04 01:01 117760 ----a-w- c:\documents and settings\yanu\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDD LLS\UIREPAIR.DLL
2009-10-31 18:16 . 2009-10-31 18:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
2009-10-31 18:16 . 2009-11-03 00:14 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2009-10-31 18:16 . 2009-10-31 18:16 -------- d-----w- c:\documents and settings\yanu\Datos de programa\SUPERAntiSpyware.com
2009-10-30 23:20 . 2009-10-30 23:20 -------- d-----w- c:\archivos de programa\Archivos comunes\Wise Installation Wizard
2009-10-29 23:32 . 2009-10-29 23:32 20480512 ----a-w- c:\windows\system32\Initdsk.exe
2009-10-23 19:07 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-17 23:41 . 2009-10-17 23:41 2861164 ----a-w- c:\documents and settings\yanu\Datos de programa\Research In Motion\BlackBerry\SR_MM_MultiLanguage.exe
2009-10-17 17:16 . 2009-10-17 17:17 -------- d-----w- c:\windows\ERUNT
2009-10-17 16:10 . 2009-10-17 16:10 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-12 16:09 . 2007-06-28 00:00 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2009-10-12 16:09 . 2007-06-28 00:00 5632 ----a-w- c:\windows\system32\write.exe
2009-10-12 15:50 . 2007-06-28 00:00 139264 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2009-10-12 15:50 . 2007-06-28 00:00 139264 ----a-w- c:\windows\system32\sndvol32.exe
2009-10-12 15:50 . 2007-06-28 00:00 44544 ----a-w- c:\windows\system32\hticons.dll
2009-10-12 15:49 . 2007-06-28 00:00 13312 -c--a-w- c:\windows\system32\dllcache\htrn_jis.dll
2009-10-12 15:49 . 2007-06-28 00:00 73216 -c--a-w- c:\windows\system32\dllcache\avwav.dll
2009-10-12 15:49 . 2007-06-28 00:00 73216 ----a-w- c:\windows\system32\avwav.dll
2009-10-12 15:49 . 2007-06-28 00:00 16384 -c--a-w- c:\windows\system32\dllcache\avmeter.dll
2009-10-12 15:49 . 2007-06-28 00:00 16384 ----a-w- c:\windows\system32\avmeter.dll
2009-10-12 15:49 . 2007-06-28 00:00 232448 -c--a-w- c:\windows\system32\dllcache\avtapi.dll
2009-10-12 15:49 . 2007-06-28 00:00 232448 ----a-w- c:\windows\system32\avtapi.dll
2009-10-12 15:49 . 2007-06-28 00:00 35328 -c--a-w- c:\windows\system32\dllcache\winchat.exe
2009-10-12 15:49 . 2007-06-28 00:00 35328 ----a-w- c:\windows\system32\winchat.exe
2009-10-12 15:41 . 2007-06-28 00:00 652800 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2009-10-12 15:41 . 2007-06-28 00:00 652800 ----a-w- c:\windows\system32\getuname.dll
2009-10-12 14:51 . 2009-10-12 15:03 -------- d-----w- C:\I386
2009-10-12 13:45 . 2007-06-28 00:00 57344 -c--a-w- c:\windows\system32\dllcache\sol.exe
2009-10-12 13:45 . 2007-06-28 00:00 57344 ----a-w- c:\windows\system32\sol.exe
2009-10-12 13:44 . 2007-06-28 00:00 120320 -c--a-w- c:\windows\system32\dllcache\winmine.exe
2009-10-12 13:44 . 2007-06-28 00:00 120320 ----a-w- c:\windows\system32\winmine.exe
2009-10-12 13:42 . 2007-06-28 00:00 128000 -c--a-w- c:\windows\system32\dllcache\mshearts.exe
2009-10-12 13:42 . 2007-06-28 00:00 128000 ----a-w- c:\windows\system32\mshearts.exe
2009-10-12 13:05 . 2007-06-28 00:00 80896 -c--a-w- c:\windows\system32\dllcache\charmap.exe
2009-10-12 13:05 . 2007-06-28 00:00 80896 ----a-w- c:\windows\system32\charmap.exe
2009-10-12 12:40 . 2007-06-28 00:00 55808 -c--a-w- c:\windows\system32\dllcache\freecell.exe
2009-10-12 12:40 . 2007-06-28 00:00 55808 ----a-w- c:\windows\system32\freecell.exe
2009-10-12 12:10 . 2009-10-30 00:25 -------- d-----w- c:\windows\system32\NtmsData
2009-10-12 11:46 . 2006-03-02 12:00 115200 -c--a-w- c:\windows\system32\dllcache\calc.exe
2009-10-12 11:46 . 2006-03-02 12:00 115200 ----a-w- c:\windows\system32\calc.exe
2009-10-12 11:22 . 2007-06-28 00:00 218112 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2009-10-12 11:11 . 2007-06-28 00:00 284160 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2009-10-12 11:10 . 2007-06-28 00:00 188416 -c--a-w- c:\windows\system32\dllcache\accwiz.exe
2009-10-12 11:10 . 2007-06-28 00:00 188416 ----a-w- c:\windows\system32\accwiz.exe
2009-10-12 11:00 . 2007-06-28 00:00 132608 -c--a-w- c:\windows\system32\dllcache\sndrec32.exe
2009-10-12 11:00 . 2007-06-28 00:00 132608 ----a-w- c:\windows\system32\sndrec32.exe
2009-10-12 10:55 . 2007-06-28 00:00 124928 -c--a-w- c:\windows\system32\dllcache\mplay32.exe
2009-10-12 10:55 . 2007-06-28 00:00 124928 ----a-w- c:\windows\system32\mplay32.exe
2009-10-12 10:55 . 2007-06-28 00:00 19456 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2009-10-12 10:55 . 2007-06-28 00:00 19456 ----a-w- c:\windows\system32\simptcp.dll
2009-10-12 10:54 . 2007-06-28 00:00 353280 ----a-w- c:\windows\system32\hypertrm.dll
2009-10-12 10:54 . 2007-06-28 00:00 546816 -c--a-w- c:\windows\system32\dllcache\dialer.exe
2009-10-12 10:54 . 2007-06-28 00:00 346624 -c--a-w- c:\windows\system32\dllcache\mspaint.exe
2009-10-12 10:54 . 2007-06-28 00:00 346624 ----a-w- c:\windows\system32\mspaint.exe
2009-10-12 10:54 . 2007-06-28 00:00 104448 -c--a-w- c:\windows\system32\dllcache\clipbrd.exe
2009-10-12 10:54 . 2007-06-28 00:00 104448 ----a-w- c:\windows\system32\clipbrd.exe
2009-10-12 10:53 . 2007-06-28 00:00 539136 -c--a-w- c:\windows\system32\dllcache\spider.exe
2009-10-12 10:53 . 2007-06-28 00:00 539136 ----a-w- c:\windows\system32\spider.exe
2009-10-12 10:49 . 2007-06-28 00:00 36352 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2009-10-12 10:49 . 2007-06-28 00:00 36352 ------w- c:\windows\system32\iprip.dll
2009-10-12 10:28 . 2009-10-12 10:28 -------- d-----w- c:\documents and settings\yanu\Datos de programa\Blackberry Desktop
2009-10-12 10:16 . 2009-10-24 20:52 256 ----a-w- c:\windows\system32\pool.bin
2009-10-12 10:16 . 2009-10-12 10:16 -------- d-----w- c:\documents and settings\yanu\Datos de programa\Research In Motion
2009-10-12 10:03 . 2009-01-09 14:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-10-10 20:58 . 2009-10-10 20:58 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-10-10 20:57 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-10 20:56 . 2009-10-10 20:56 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-10-10 20:55 . 2009-10-10 20:53 33866888 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_spa.exe
2009-10-10 20:54 . 2009-10-10 20:54 95232 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpc si.exe
2009-10-10 20:54 . 2009-10-10 20:54 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-10-10 20:54 . 2009-10-10 20:54 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCS.exe
2009-10-10 20:54 . 2009-10-10 20:54 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst CCD.exe
2009-10-08 07:27 . 2009-10-08 07:27 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-05 23:42 . 2008-07-02 06:03 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-11-05 22:10 . 2008-08-05 16:43 -------- d-----w- c:\archivos de programa\DVDVideoSoft
2009-11-05 22:10 . 2009-04-20 23:30 -------- d-----w- c:\documents and settings\yanu\Datos de programa\Movier
2009-11-05 22:09 . 2008-08-02 22:07 -------- d-----w- c:\archivos de programa\Google
2009-11-05 22:08 . 2008-06-30 23:34 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-11-05 22:07 . 2008-12-25 12:02 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-11-05 22:07 . 2008-12-25 12:02 -------- d-----w- c:\archivos de programa\Nokia
2009-11-05 21:36 . 2009-08-09 09:12 -------- d-----w- c:\documents and settings\yanu\Datos de programa\BitTorrent
2009-11-05 21:36 . 2008-08-30 00:00 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2009-11-04 21:06 . 2008-08-02 22:17 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2009-10-29 17:31 . 2008-12-07 00:52 -------- d-----w- c:\archivos de programa\Nueva carpeta
2009-10-26 15:30 . 2008-05-20 00:00 92592 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-26 15:30 . 2008-05-20 00:00 487148 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-22 23:00 . 2008-07-01 02:50 -------- d-----w- c:\archivos de programa\eMule
2009-10-10 20:53 . 2008-12-25 12:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-10-04 21:04 . 2009-01-28 00:56 -------- d-----w- c:\documents and settings\yanu\Datos de programa\Audacity
2009-10-03 20:52 . 2009-10-03 20:52 -------- d-----w- c:\archivos de programa\K-Lite Codec Pack
2009-09-27 11:17 . 2009-09-13 00:41 176 ----a-w- c:\windows\msocreg32.dat
2009-09-19 16:34 . 2009-09-19 16:34 -------- d-----w- c:\archivos de programa\NKProd
2009-09-13 00:37 . 2008-07-01 07:47 -------- d-----w- c:\archivos de programa\VSTplugins
2009-09-13 00:36 . 2008-07-08 18:31 -------- d-----w- c:\archivos de programa\IK Multimedia
2006-05-03 09:06 . 2009-07-05 13:41 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-05 13:42 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-05 13:42 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-05-20 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-20 . 56930E73D1F525F9882E40C90E131789 . 1548800 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Desktop Initialisation"="c:\windows\system32\Initdsk.exe" [2009-10-29 20480512]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^yanu^Menú Inicio^Programas^Inicio^Guitar Pro 5.lnk]
backup=c:\windows\pss\Guitar Pro 5.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oisyiuy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Spy Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymogsgs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)
"FileZilla Server"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumpr ep 0 -k
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" -atboottime
"MSConfig"=c:\windows\pchealth\helpctr\Binaries\MS CONFIG.EXE /auto
"Desktop Initialisation"=c:\windows\system32\Initdsk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Archivos de programa\\AudioTX\\Communicator\\AudioTX.exe"=
"c:\\Archivos de programa\\FileZilla Server\\FileZilla server.exe"=
"c:\\Archivos de programa\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\Initdsk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:FileZilla 21
"20:TCP"= 20:TCP:FileZilla 20
"55000:TCP"= 55000:TCP:filezilla passive mode 55000
"55001:TCP"= 55001:TCP:filezilla passive mode 55001
"55002:TCP"= 55002:TCP:filezilla passive mode 55002
"55003:TCP"= 55003:TCP:filezilla passive mode 55003
"55004:TCP"= 55004:TCP:filezilla passive mode 55004
"55005:TCP"= 55005:TCP:filezilla passive mode 55005
"55006:TCP"= 55006:TCP:filezilla passive mode 55006
"55007:TCP"= 55007:TCP:filezilla passive mode 55007
"55008:TCP"= 55008:TCP:filezilla passive mode 55008
"55009:TCP"= 55009:TCP:filezilla passive mode 55009
"55010:TCP"= 55010:TCP:filezilla passive mode 55010
"55011:TCP"= 55011:TCP:filezilla passive mode 55011
"55012:TCP"= 55012:TCP:filezilla passive mode 55012
"55013:TCP"= 55013:TCP:filezilla passive mode 55013
"55014:TCP"= 55014:TCP:filezilla passive mode 55014
"55015:TCP"= 55015:TCP:filezilla passive mode 55015
"55016:TCP"= 55016:TCP:filezilla passive mode 55016
"55017:TCP"= 55017:TCP:filezilla passive mode 55017
"55018:TCP"= 55018:TCP:filezilla passive mode 55018
"55019:TCP"= 55019:TCP:filezilla passive mode 55019
"55020:TCP"= 55020:TCP:filezilla passive mode 55020

S1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
S1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [24/01/2009 0:30 223232]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [01/07/2008 15:28 274567]
S3 SASENUM;SASENUM;c:\archivos de programa\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-05 c:\windows\Tasks\GlaryInitialize.job
- c:\archivos de programa\Glary Utilities\initialize.exe [2009-11-05 18:27]

2009-11-05 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-02 21:06]
.
.
------- Supplementary Scan -------
.
uStart Page = google.es
mStart Page = about:blank
IE: E&xportar a Microsoft Excel - c:\archiv~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {CB094909-3F28-4C8C-BD51-E97CBA54EDC3} = 80.58.61.250,80.58.61.254
Handler: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - c:\archiv~2\ARCHIV~1\MICROS~1\REFERE~1\MSELL.dll
.
.
------- File Associations -------
.
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 07:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys >>UNKNOWN [0x86F8CA40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86f8ca40
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-861567501-682003330-1003\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-11-06 7:53
ComboFix-quarantined-files.txt 2009-11-06 06:53

Pre-Run: 7.825.747.968 bytes libres
Post-Run: 7.789.363.200 bytes libres

- - End Of File - - 89EF789BD419563B2F8207A6AAB093A1

hasta pronto..
gracias

HOLA

Por favor te pido un poco de paciencia mientras reviso el reporte, no ejecutes niuna herramienta de desinfección

ok...tranquilo, estoy actualmente en mi trabajo y mi pc de casa esta por ahora apagado y esperando que lo curremos...
hasta pronto..
gracias por tu ayuda

Ya estoy de nuevo en casa, delante de mi pc enfermo...listo para ejecutar ordenes.
No te preocupes que no he hecho nada desde el combofix.
Espero instruciones