• Registrarse
  • Iniciar sesión

  • Adquiere Malwarebytes Anti-Malware Premium con un 10% de descuento

    Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 18

    Ventanas emergentes(Solucionado)

    Hola a todos,mi problema es referente a las dichosas ventanas he seguido todos los pasos eliminando algunas,pero todabia siguen apareciendo,os pido de nuevo vuestra ayuda para solucionar este problema,os dejo el log: Logfile of Trend ...

          
    1. #1
      Usuario Avatar de vasc
      Registrado
      nov 2007
      Ubicación
      palma de mallorca
      Mensajes
      181

      Ventanas emergentes(Solucionado)

      Hola a todos,mi problema es referente a las dichosas ventanas he seguido todos los pasos eliminando algunas,pero todabia siguen apareciendo,os pido de nuevo vuestra ayuda para solucionar este problema,os dejo el log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:34:11, on 11/11/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16915)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
      C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
      C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
      C:\WINDOWS\System32\svchost.exe
      c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE
      C:\WINDOWS\vsnpstd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\System32\regsvr32.exe
      C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\psimreal.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*http://es.yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwgoogle.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SmartAds browser enhancer cwinmlrg - {1DA73A2E-EE69-42E7-B359-CA49A93CCB45} - C:\WINDOWS\system32\cwinmlrg.dll
      O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\MsgUpdate.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: gooochi browser enhancer - {97CFD463-B7BB-DCA0-B316-A6E769FE15CD} - C:\WINDOWS\system32\wnpvceubvlozafisb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKLM\..\Run: [drdhoolylyrmuqfxh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\wnpvceubvlozafisb.dll"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Selección inteligente de HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
      O20 - AppInit_DLLs: C:\WINDOWS\System32\hnetcfg32.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
      O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
      O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
      O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
      O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
      O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

      --
      End of file - 10919 bytes


      como siempre muy agradecido

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.209

      Re: Ventanas emergentes

      Hola vasc


      Descarga lo siguiente:

      º Ccleaner. Lo instalas según Su Manual

      º Malwarebytes. Lo instalas y actualizas según su manual, PERO NO LO EJECUTES AUN

      º ComboFix.exe y guárdalo en el escritorio.


      Cierra todos los programas, ejecutas HijackThis , tildas las casillas de estas entradas y presionas "FIX Cheked"


      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*http://es.yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwgoogle.com/

      R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

      O2 - BHO: SmartAds browser enhancer cwinmlrg - {1DA73A2E-EE69-42E7-B359-CA49A93CCB45} - C:\WINDOWS\system32\cwinmlrg.dll

      O2 - BHO: gooochi browser enhancer - {97CFD463-B7BB-DCA0-B316-A6E769FE15CD} - C:\WINDOWS\system32\wnpvceubvlozafisb.dll

      O4 - HKLM\..\Run: [drdhoolylyrmuqfxh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\wnpvceubvlozafisb.dll"

      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
      O20 - AppInit_DLLs: C:\WINDOWS\System32\hnetcfg32.dll




      Ejecuta Ccleaner usando sus opciones "Limpiador" y "Registro".

      Ejecuta Malwarebytes.
      Hacé un "escaneo completo". Una vez finalizado, si te detecta algo eliges " quitar lo seleccionado ".
      Si te pide reiniciar, lo haces.
      Ejecuta ComboFix.exe
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



      PD: No vuelvas a ejecutar ComboFix ni ningun otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.


      En tu próxima respuesta, debes poner lo siguiente:

      º El reporte de malwarebyte´s, que se encuentra en su pestaña REGISTROS
      º El reporte de ComboFix
      º Un nuevo log de Hijackthis
      º Como funciona tu pc ahora


      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de vasc
      Registrado
      nov 2007
      Ubicación
      palma de mallorca
      Mensajes
      181

      Re: Ventanas emergentes

      Hola,estos son los resultados:

      Malwarebytes' Anti-Malware 1.41
      Versión de la Base de Datos: 3086
      Windows 5.1.2600 Service Pack 3

      11/11/2009 22:13:16
      mbam-log-2009-11-11 (22-13-16).txt

      Tipo de examen : Examen Completo (C:\|D:\|)
      Objetos examinados: 195496
      Tiempo transcurrido: 26 minute(s), 31 second(s)

      Procesos en Memoria Infectados: 0
      Módulos en Memoria Infectados: 4
      Claves del Registro Infectadas: 10
      Valores del Registro Infectados: 1
      Elementos de Datos del Registro Infectados: 0
      Carpetas Infectadas: 4
      Ficheros Infectados: 30

      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Módulos en Memoria Infectados:
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32\msgasst841.dll (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Delete on reboot.

      Claves del Registro Infectadas:
      HKEY_CLASSES_ROOT\TypeLib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Backdoor.Bot) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Backdoor.Bot) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sgbzvktsftog (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.

      Valores del Registro Infectados:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.Agent) -> Quarantined and deleted successfully.

      Elementos de Datos del Registro Infectados:
      (No se han detectado elementos maliciosos)

      Carpetas Infectadas:
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32 (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

      Ficheros Infectados:
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32\go28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Sys\mu.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{0E4A5C45-3CA3-4005-A1B6-9AD938B99CBD}\RP111\A0049833.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sgbzvktsftog.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\conf.sys (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\phuninst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\serial.sys (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32\msgasst84.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32\msgasst841.dll (Trojan.Agent) -> Delete on reboot.
      C:\Documents and Settings\JOSE\Application Data\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\LocalService\313.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\314.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\315.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\316.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
      C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:22:41, on 11/11/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16915)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
      C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
      C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
      C:\WINDOWS\System32\svchost.exe
      c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE
      C:\WINDOWS\vsnpstd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Panda Security\Panda Internet Security 2010\psimreal.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Selección inteligente de HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
      O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
      O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe
      O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
      O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
      O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

      --
      End of file - 9493 bytes


      Respecto a combofix me puso que tenia que reiniciar por encontrar rootkits,reinicie y empezo a escanear pantallas,hasta 50,despues ponia que estaba eliminando algo,pero parecia bloqueado,despues de una hora seguia igual y decidi finalizarlo,puedes decirme algo mas.

      Gracias

    4. #4
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.209

      Re: Ventanas emergentes

      Hola de nuevo

      Desinstala CF de esta manera:

      • Ve a Inicio > Ejecutar
      • Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:
        o
      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Reinicia el ordenador y volvemos a realizar lo siguiente:

      Actualiza malwarebytes y Hacé un "escaneo completo". Una vez finalizado, si te detecta algo eliges " quitar lo seleccionado ".
      Si te pide reiniciar, lo haces.


      Despuès de ello.... - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



      PD: No vuelvas a ejecutar ComboFix ni ningun otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.

      Volves con los reportes de malwarebytes y ComboFix.


      saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    5. #5
      Usuario Avatar de vasc
      Registrado
      nov 2007
      Ubicación
      palma de mallorca
      Mensajes
      181

      Re: Ventanas emergentes

      Hola,el resultado de antimalware es cero infecciones,y combofix se ha vuelto a bloquear,me pidio reiniciar por rookits,y despues no hizo nada mas durante una hora,recuerdo haber utilizado combofix antes,y su comportamiento no era el mismo,y el escaneo duraba bastante poco.

    6. #6
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.209

      Re: Ventanas emergentes

      Hola de nuevo

      Desinstala CF de esta manera:

      • Ve a Inicio > Ejecutar
      • Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:
        o
      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")




      Utiliza GMER ANTIROOTKIT siguiendo atentamente el manual que escribió GUILLERMO TELL.

      Luego pones su reporte en tu próxima respuesta....

      Te dejo saludos....
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    7. #7
      Usuario Avatar de vasc
      Registrado
      nov 2007
      Ubicación
      palma de mallorca
      Mensajes
      181

      Re: Ventanas emergentes

      Siento darte tantos problemas,pero no ha funcionado ninguno de los dos programas,al ejecutar me sale una ventana de que dichos programas han encontrado un problema y que deben cerrarse.

    8. #8
      Usuario Avatar de vasc
      Registrado
      nov 2007
      Ubicación
      palma de mallorca
      Mensajes
      181

      Re: Ventanas emergentes

      Hola,he escaneado con sophos y me dice lo siguente:


      Area: Local hard drives
      Description: Unknown hidden file
      Location: C:\Documents and Settings\GLORIA\Local Settings\Temporary Internet Files\Content.IE5\0LY5A1GD\Type=click&FlightID=33450&AdID=41212&TargetID=19594&ASeg=&AMod=&Segments=93,203,1826,1829,1838,2551,3388,3508,3682,3683,3699,4535,4719,5612,7209,7268,7758,7[1].htm
      Removable: Yes (but clean up not recommended for this file)
      Notes: (no more detail available)



      Area: Local hard drives
      Description: Unknown hidden file
      Location: C:\WINDOWS\system32\drivers\atapi.sys
      Removable: Yes (but clean up not recommended for this file)
      Notes: (no more detail available)



      Area: Local hard drives
      Description: Unknown hidden file
      Location: C:\WINDOWS\system32\drivers\sptd.sys
      Removable: Yes (but clean up not recommended for this file)
      Notes: (no more detail available)




      Area: Local hard drives
      Description: Unknown hidden file
      Location: C:\Documents and Settings\GLORIA\Local Settings\Temporary Internet Files\Content.IE5\WT67WD4V\id=1254589247&ga_hid=1210192577&ga_fc=0&u_tz=120&u_his=4&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=1007&bih=519&fu=0&ifi=1&dtd=16
      Removable: Yes (but clean up not recommended for this file)
      Notes: (no more detail available)


      puedes decirme que debo hacer?

    9. #9
      Usuario Avatar de vasc
      Registrado
      nov 2007
      Ubicación
      palma de mallorca
      Mensajes
      181

      Re: Ventanas emergentes

      Hola de nuevo,he conseguido pasar combo fix,te djo el log:


      ComboFix 09-11-16.05 - JOSE 16/11/2009 12:29:37.3.2 - FAT32x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.1023.598 [GMT 1:00]
      Running from: C:\Documents and Settings\JOSE\Desktop\ComboFix.exe
      AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\JOSE\Application Data\020000002b13952d687C.manifest
      C:\Documents and Settings\JOSE\Application Data\020000002b13952d687O.manifest
      C:\Documents and Settings\JOSE\Application Data\020000002b13952d687P.manifest
      C:\Documents and Settings\JOSE\Application Data\020000002b13952d687S.manifest
      C:\Documents and Settings\JOSE\Application Data\Desktopicon
      C:\Documents and Settings\JOSE\Application Data\Desktopicon\eBay.ico
      C:\Documents and Settings\JOSE\Application Data\Desktopicon\uninst.exe
      C:\WINDOWS\kb913800.exe
      C:\WINDOWS\system32\autorun.ini

      Infected copy of C:\WINDOWS\system32\drivers\atapi.sys was found and disinfected
      Restored copy from - Kitty ate it :p
      .
      ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
      .

      2009-12-31 21:07:28 . 2009-12-31 21:07:52 0 d-----w- C:\ERDNT
      2009-12-31 19:08:45 . 2009-10-02 20:21:17 0 d-----w- C:\Program Files\SimpleAgenda
      2009-12-31 19:07:43 . 2009-12-31 19:08:33 253952 ------w- C:\WINDOWS\Setup1.exe
      2009-12-31 19:07:41 . 2009-12-31 19:08:33 74240 ----a-w- C:\WINDOWS\ST6UNST.EXE
      2009-12-31 14:37:47 . 2009-12-31 14:37:47 0 d-----w- C:\Documents and Settings\JOSE\Local Settings\Application Data\Help
      2009-12-31 14:26:12 . 1999-01-20 04:01:00 210032 ----a-w- C:\WINDOWS\system32\DBCLIENT.DLL
      2009-12-31 14:26:11 . 2009-12-31 14:26:11 0 d-----w- C:\Program Files\Common Files\Borland Shared
      2009-12-31 14:26:06 . 2009-10-08 19:26:25 0 d-----w- C:\Program Files\Arcadina
      2009-12-31 13:38:19 . 2009-12-31 13:38:19 0 d-----w- C:\Documents and Settings\JOSE\Application Data\MSD_Soft
      2009-12-30 20:51:20 . 2009-12-30 20:51:20 26 ----a-w- C:\WINDOWS\WINSTART.BAT
      2009-12-30 20:51:20 . 2009-12-30 20:51:20 123 ----a-w- C:\WINDOWS\TMPCPYIS.BAT
      2009-12-30 20:51:20 . 2009-12-30 20:51:20 122 ----a-w- C:\WINDOWS\TMPDELIS.BAT
      2009-12-30 20:50:51 . 2009-12-30 20:50:51 0 d-----w- C:\~QTWTMP.TMP
      2009-12-30 20:49:49 . 1997-01-10 17:37:38 252928 ----a-w- C:\WINDOWS\UN16040A.EXE
      2009-12-30 20:49:49 . 1996-02-08 17:07:48 247296 ----a-w- C:\WINDOWS\UN160410.EXE
      2009-12-30 20:49:49 . 1995-07-13 18:43:40 26768 ----a-w- C:\WINDOWS\system\CTL3D.DLL
      2009-12-30 20:49:46 . 2009-12-30 20:49:46 0 d-----w- C:\Documents and Settings\GLORIA\WINDOWS
      2009-11-14 19:36:45 . 2009-11-15 09:02:38 0 d-----w- C:\Program Files\Unlocker
      2009-11-14 17:43:26 . 2009-11-14 17:43:26 0 d-----w- C:\Documents and Settings\GLORIA\Local Settings\Application Data\Ashampoo
      2009-11-14 16:06:18 . 2009-11-14 16:12:46 0 d-----w- C:\Program Files\Cracklock
      2009-11-14 16:06:18 . 2005-11-06 23:36:00 118784 ----a-w- C:\WINDOWS\system32\CLKERN.DLL
      2009-11-13 15:04:11 . 2009-11-13 19:56:33 0 d-----w- C:\Documents and Settings\JOSE\Local Settings\Application Data\Ashampoo
      2009-11-13 13:03:12 . 2009-11-13 13:03:12 932368 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
      2009-11-13 13:03:12 . 2009-11-13 13:03:12 678416 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
      2009-11-13 13:03:12 . 2009-11-13 13:03:12 604688 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
      2009-11-13 13:03:12 . 2009-11-13 13:03:12 1096208 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
      2009-11-13 13:03:11 . 2009-11-13 13:03:11 522768 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
      2009-11-13 12:58:33 . 2009-11-13 12:58:33 95259 ----a-w- C:\WINDOWS\system32\drivers\klick.dat
      2009-11-13 12:58:33 . 2009-11-13 12:58:33 108059 ----a-w- C:\WINDOWS\system32\drivers\klin.dat
      2009-11-13 12:57:50 . 2009-11-16 11:39:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2009-11-13 12:57:50 . 2009-11-13 12:57:50 0 d-----w- C:\Program Files\Kaspersky Lab
      2009-11-13 12:52:24 . 2009-11-13 12:52:24 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2009-11-09 20:51:58 . 2009-11-09 20:51:58 0 d-----w- C:\Documents and Settings\GLORIA\Application Data\Smart-Ads-Solutions
      2009-11-09 20:50:40 . 2009-11-09 20:50:40 0 d-----w- C:\Documents and Settings\GLORIA\Application Data\Malwarebytes
      2009-11-09 16:52:19 . 2009-11-09 16:52:19 0 d-----w- C:\Documents and Settings\JOSE\Application Data\Smart-Ads-Solutions
      2009-11-09 16:52:14 . 2009-11-11 21:17:49 0 d-----w- C:\Documents and Settings\JOSE\Application Data\Messenger
      2009-11-09 16:52:13 . 2009-11-09 16:52:13 0 d-----w- C:\Program Files\Smart-Ads-Solutions
      2009-11-09 14:43:27 . 2009-11-09 14:43:27 0 d-----w- C:\Program Files\Elaborate Bytes
      2009-11-09 14:36:14 . 2009-11-09 14:36:24 0 d-----w- C:\Nueva carpeta
      2009-11-09 14:33:36 . 2009-11-09 14:33:36 0 d-----w- C:\Program Files\Smart Projects
      2009-11-08 23:11:10 . 2009-11-16 11:17:55 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2009-11-08 23:11:10 . 2009-11-08 23:12:25 0 d-----w- C:\Program Files\Spybot - Search & Destroy
      2009-11-07 15:29:11 . 2009-11-07 15:29:11 0 d-----w- C:\Program Files\Softonic_Espana_PCM
      2009-11-07 15:29:08 . 2009-05-12 12:07:14 51200 ----a-w- C:\Documents and Settings\GLORIA\Application Data\Mozilla\Firefox\Profiles\927lcvy6.default\extensions\{500064de-0129-4e91-bbf0-0fc2da9660fb}\components\FFExternalAlert.dll
      2009-11-07 15:29:08 . 2009-05-12 12:07:14 114688 ----a-w- C:\Documents and Settings\GLORIA\Application Data\Mozilla\Firefox\Profiles\927lcvy6.default\extensions\{500064de-0129-4e91-bbf0-0fc2da9660fb}\components\npmozax.dll
      2009-11-07 15:29:04 . 2009-11-07 15:29:04 0 d-----w- C:\Program Files\Common Files\Bcgsoft
      2009-11-07 15:28:42 . 2009-11-07 15:28:42 0 d-----w- C:\Program Files\PearlMountain Soft
      2009-11-07 09:31:36 . 2009-11-10 17:11:34 0 d-----w- C:\Documents and Settings\GLORIA\Tracing
      2009-11-06 18:53:53 . 2009-11-06 18:53:53 0 d-----w- C:\Documents and Settings\JOSE\Local Settings\Application Data\RcIncidents
      2009-11-06 12:51:20 . 2009-11-16 11:40:01 0 d-----w- C:\Documents and Settings\JOSE\Tracing
      2009-11-06 12:46:04 . 2009-11-06 12:46:04 0 d-----w- C:\Program Files\Microsoft
      2009-11-06 12:45:50 . 2009-11-06 12:45:50 0 d-----w- C:\Program Files\Windows Live SkyDrive
      2009-11-06 12:43:57 . 2009-11-06 12:43:57 0 d-----w- C:\Program Files\Common Files\Windows Live
      2009-11-05 19:49:50 . 2009-11-05 19:49:50 0 d-----w- C:\Documents and Settings\GLORIA\Application Data\TuneUp Software
      2009-11-05 14:14:34 . 2009-11-05 14:14:34 0 d-----w- C:\Documents and Settings\JOSE\DoctorWeb
      2009-11-02 16:11:38 . 2009-11-02 16:11:38 0 d-----w- C:\Program Files\Sophos
      2009-11-02 15:54:11 . 2009-11-02 15:54:11 0 d-----w- C:\Documents and Settings\JOSE\Application Data\Malwarebytes
      2009-11-02 15:54:05 . 2009-09-10 13:54:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2009-11-02 15:54:04 . 2009-11-02 15:54:10 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
      2009-11-02 15:54:04 . 2009-11-02 15:54:04 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2009-11-02 15:54:04 . 2009-09-10 13:53:50 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
      2009-11-01 18:57:19 . 2009-11-09 18:29:09 0 d-----w- C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2009-11-01 18:57:15 . 2009-11-01 18:57:15 0 d-----w- C:\Program Files\DVD Shrink
      2009-10-31 11:54:32 . 2009-10-31 11:54:32 0 d-----w- C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2009-10-26 14:02:33 . 2009-11-10 16:22:22 0 d-----w- C:\WINDOWS\SoftR
      2009-10-26 09:42:50 . 2009-10-26 09:42:51 0 d-----w- C:\Program Files\CCleaner
      2009-10-25 20:26:38 . 2009-11-03 19:11:39 0 d-----w- C:\Documents and Settings\JOSE\Local Settings\Application Data\photoOptimizeHistoryDataBase
      2009-10-25 20:26:37 . 2009-11-16 08:33:01 0 d-----w- C:\Documents and Settings\JOSE\Local Settings\Application Data\Ashampoo Photo Optimizer 3
      2009-10-25 20:26:28 . 2009-11-13 14:41:01 0 d-----w- C:\Program Files\Ashampoo
      2009-10-21 13:00:21 . 2009-10-21 13:00:21 0 d-----w- C:\Program Files\Common Files\VCAMEye
      2009-10-21 13:00:21 . 2005-06-20 19:27:02 390912 ----a-w- C:\WINDOWS\system32\drivers\snpstd.sys
      2009-10-21 13:00:21 . 2005-04-15 04:20:40 98304 ----a-w- C:\WINDOWS\system32\rsnpstd.dll
      2009-10-21 13:00:21 . 2004-09-24 08:58:56 36864 ----a-w- C:\WINDOWS\system32\vsnpstd.dll
      2009-10-21 13:00:21 . 2004-06-10 11:48:04 286720 ----a-w- C:\WINDOWS\vsnpstd.exe
      2009-10-21 13:00:21 . 2004-05-06 09:22:02 53248 ----a-w- C:\WINDOWS\system32\dsnpstd.dll
      2009-10-21 13:00:21 . 2004-02-16 11:59:50 61440 ----a-w- C:\WINDOWS\system32\csnpstd.dll
      2009-10-20 19:34:56 . 2009-10-20 19:34:56 219664 ----a-w- C:\WINDOWS\system32\klogon.dll
      2009-10-20 16:54:20 . 2009-10-20 16:54:20 59992 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
      2009-10-19 12:14:38 . 2009-10-19 12:14:38 1123594 ----a-w- C:\ersave.dat

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .


      Tambien dejo este:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:56:05, on 16/11/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16915)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\TUProgSt.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwgoogle.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
      O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: Selección inteligente de HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

      --
      End of file - 8200 bytes



      Saludos

    10. #10
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.209

      Re: Ventanas emergentes

      Realiza lo siguiente :

      • Clic en INICIO > EJECUTAR >
        • Y ahí pones notepad.exe y ACEPTAR
        • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad


      Código:
      KillAll::
      
      File::
      C:\WINDOWS\Setup1.exe
      C:\WINDOWS\ST6UNST.EXE
      C:\WINDOWS\WINSTART.BAT
      C:\WINDOWS\TMPCPYIS.BAT
      C:\WINDOWS\TMPDELIS.BAT
      C:\~QTWTMP.TMP
      C:\WINDOWS\UN16040A.EXE
      C:\WINDOWS\UN160410.EXE


      • Guarda este archivo con el nombre CFScript.txt
      • Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.



      • ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.



      PD: Asegurate de copiar y pegar el reporte completo de ComboFix en esta ocaciòn...porque en tu anterior respuesta, solo pusiste una parte del mismo.




      saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    Página 1 de 2 12 ÚltimoÚltimo