Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

hola antes que nada desearles un feliz año nuevo
despues de esto quisiera que de favor me pudieran ayudar con mi pc me manda ventanas no deseadas
realize un scan con spybot y me detecto virtumonde,asi tambien realize un scan con SUPERantispyware y me detecto una tracking cookie despues ejecute el CCLEANER
primero como cleaner y despues como registry y al final ejecute el COMBOFIX reinicie y a continuacion les dejo el log de COMBOFIX asi como el de HIJACKTHIS no sin antes agradecerles de antemano su ayuda
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:06 PM, on 1/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\bcd2kcpan.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\jose a\Documents\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diario21.com.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion &pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion &pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\jose a\Documents\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOSEA~1\AppData\Local\Temp\pmkii.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvtonic.com/install/3.0/install.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11271 bytes

ComboFix 08-01-03.3 - jose a 2008-01-02 16:45:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.163 [GMT -6:00]
Running from: C:\Users\jose a\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\efcbayv.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-02 16:43 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2007-12-30 21:50 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-30 21:49 . 2007-12-30 21:50 <DIR> d-------- C:\Program Files\Java
2007-12-30 21:48 . 2007-12-30 21:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-30 07:49 . 2007-12-30 07:58 <DIR> d-------- C:\Program Files\FTA-MirC
2007-12-28 19:41 . 2007-12-28 19:42 <DIR> d-------- C:\Program Files\Waves
2007-12-19 22:17 . 2007-12-19 22:17 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2007-12-17 17:20 . 2007-12-17 18:49 <DIR> d-------- C:\Users\jose a\Duranguangos
2007-12-13 20:36 . 2007-12-13 20:36 <DIR> d-------- C:\Users\jose a\AppData\Roaming\SUPERAntiSpyware.com
2007-12-13 20:36 . 2007-12-13 20:36 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-13 20:36 . 2007-12-13 20:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-13 20:36 . 2008-01-02 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-13 20:35 . 2007-12-13 20:36 <DIR> d-------- C:\Program Files\CCleaner
2007-12-13 20:34 . 2007-12-13 20:34 <DIR> d-------- C:\Program Files\FileASSASSIN
2007-12-13 20:34 . 2007-12-21 17:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 21:49 . 2007-12-11 21:49 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-11 21:49 . 2007-12-11 21:49 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-11 21:49 . 2007-12-11 21:49 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-11 21:49 . 2007-12-11 21:49 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-11 21:47 . 2007-12-11 21:47 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-11 21:47 . 2007-12-11 21:47 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-11 21:47 . 2007-12-11 21:47 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-11 21:47 . 2007-12-11 21:47 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-11 21:46 . 2007-12-11 21:46 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-11 21:46 . 2007-12-11 21:46 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-11 21:45 . 2007-12-11 21:45 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-11 20:55 . 2007-12-11 20:55 <DIR> d-------- C:\Users\All Users\sentinel
2007-12-11 20:55 . 2007-12-11 20:55 <DIR> d-------- C:\ProgramData\sentinel
2007-12-11 20:54 . 2007-06-06 11:43 46,904 --a------ C:\Windows\System32\drivers\amm8660.sys
2007-12-11 20:54 . 2007-12-11 20:54 248 --a------ C:\Windows\System32\PavCPL.dat
2007-12-11 20:53 . 2007-12-31 07:59 <DIR> d-------- C:\Windows\System32\PAV
2007-12-11 20:53 . 2007-03-15 18:38 54,832 --a------ C:\Windows\System32\pavcpl.cpl
2007-12-11 20:52 . 2007-12-19 22:28 <DIR> d-------- C:\Program Files\Panda Security
2007-12-11 20:52 . 2007-02-15 20:02 50,736 --a------ C:\Windows\System32\avldr.dll
2007-12-11 20:13 . 2007-12-09 00:18 1,217,292 --a------ C:\Windows\_detmp.1
2007-12-11 20:13 . 2001-12-06 15:24 61,440 --a------ C:\Windows\_detmp.2
2007-12-11 16:55 . 2007-12-11 16:55 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2007-12-11 16:55 . 2007-12-11 16:55 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2007-12-08 14:32 . 2007-12-08 14:32 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-03 17:15 . 2007-12-03 17:15 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-02 22:45 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-01-02 20:08 --------- d-----w C:\ProgramData\Google Updater
2007-12-31 00:45 --------- d-----w C:\Users\jose a\AppData\Roaming\Vso
2007-12-29 01:52 --------- d-----w C:\Program Files\Vstplugins
2007-12-27 22:50 --------- d-----w C:\ProgramData\Roxio
2007-12-12 03:49 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-12 03:48 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 03:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 02:02 --------- d-----w C:\ProgramData\Kaspersky Lab
2007-12-11 22:57 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-09 03:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-08 21:18 --------- d-----w C:\Program Files\JLC's Software
2007-11-21 00:01 --------- d-----w C:\Program Files\Sony
2007-11-20 23:30 --------- d-----w C:\ProgramData\Sony
2007-11-18 09:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 23:07 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-15 23:06 --------- d-----w C:\Program Files\Common Files\Real
2007-11-14 09:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 09:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 09:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 09:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 09:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 09:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 09:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 09:03 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 09:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 09:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 09:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 09:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 09:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 09:02 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 09:02 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 09:02 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 09:02 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-14 09:02 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 09:02 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 09:01 --------- d-----w C:\Program Files\Windows Mail
2007-11-08 21:49 --------- d-----w C:\Program Files\iPod
2007-11-08 21:47 --------- d-----w C:\Program Files\QuickTime
2007-10-25 11:52 4,702,208 ----a-w C:\Windows\RtHDVCpl.exe
2007-10-24 17:50 2,101,248 ----a-w C:\Windows\System32\RtkAPO.dll
2007-10-18 12:54 26,112 ----a-w C:\Windows\System32\RtkCoInst.dll
2007-10-17 13:27 582,656 ----a-w C:\Windows\System32\RtkPgExt.dll
2007-10-10 08:03 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 08:03 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 08:03 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 08:03 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 08:01 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 08:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-10 08:01 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-08-30 10:18 174 --sha-w C:\Program Files\desktop.ini
2007-03-28 01:44 87,608 ----a-w C:\Users\jose a\AppData\Roaming\ezpinst.exe
2007-03-28 01:44 47,360 ----a-w C:\Users\jose a\AppData\Roaming\pcouffin.sys
2007-02-26 02:08 0 ----a-w C:\Users\jose a\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-10-30 15:27 715888]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-27 14:43 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-10 18:04 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 07:42 65536]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 09:44 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 17:11 151552]
"BCD2000"="C:\Windows\system32\bcd2kcpan.exe" [2005-06-15 03:34 536576]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-04 10:40 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-04 10:39 154136]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2007-09-04 10:40 129560]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Users\jose a\Documents\iTunesHelper.exe" [2007-11-02 18:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 17:06 185896]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-27 14:43:54]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"

R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sy s [2007-06-06 11:43]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe" [2006-09-03 12:32]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe" [2007-03-21 19:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2007-08-07 06:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 11:39]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\Windows\system32\DRIVERS\Ma730Pt.sys [2007-03-05 09:42]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;C:\Windows\system32\DRIVERS\Ma730VaA.sys [2007-01-26 16:32]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\Windows\system32\DRIVERS\Ma730Vad.sys [2007-01-26 17:48]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 11:13]
S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\Windows\system32\Drivers\BCD2000.SYS [2005-06-15 03:34]
S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\Windows\system32\Drivers\BCD2000WDM.SY S [2005-06-15 03:35]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-09-18 16:49]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-18 14:19]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRI VERS\motccgpfl.sys [2007-01-22 18:33]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 14:11]
S3 motmodem;Motorola USB CDC ACM Driver;C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 14:18]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 01:41]
S3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 01:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - PROCEXP90
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 16:49:59
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-03 16:51:26
ComboFix-quarantined-files.txt 2008-01-03 22:51:23
.
2007-12-27 22:18:49 --- E O F ---

Hola djjoses, descarga y ejecuta esta otra versión de CF en tu sistema en modo normal y luego nos dejar su nuevo reporte con los síntomas actuales luego de reiniciar.

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo combofix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
• Pega el reporte de ComboFix.txt en este mismo mensaje.

Reinicia y nos dejas los reportes.

Salu2

una vez mas gracias por contestar aqui dejo el reporte de CF hasta el momento no ha salido ninguna ventana despues de reiniciar




ComboFix 08-01-04.1 - jose a 2008-01-03 17:34:57.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.333 [GMT -6:00]
Running from: C:\Users\jose a\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-02 16:43 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2007-12-30 21:50 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-30 21:49 . 2007-12-30 21:50 <DIR> d-------- C:\Program Files\Java
2007-12-30 21:48 . 2007-12-30 21:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-30 07:49 . 2007-12-30 07:58 <DIR> d-------- C:\Program Files\FTA-MirC
2007-12-28 19:41 . 2007-12-28 19:42 <DIR> d-------- C:\Program Files\Waves
2007-12-19 22:17 . 2007-12-19 22:17 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2007-12-17 17:20 . 2007-12-17 18:49 <DIR> d-------- C:\Users\jose a\Duranguangos
2007-12-13 20:36 . 2007-12-13 20:36 <DIR> d-------- C:\Users\jose a\AppData\Roaming\SUPERAntiSpyware.com
2007-12-13 20:36 . 2007-12-13 20:36 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-13 20:36 . 2007-12-13 20:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-13 20:36 . 2008-01-02 15:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-13 20:35 . 2007-12-13 20:36 <DIR> d-------- C:\Program Files\CCleaner
2007-12-13 20:34 . 2007-12-13 20:34 <DIR> d-------- C:\Program Files\FileASSASSIN
2007-12-13 20:34 . 2007-12-21 17:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 21:49 . 2007-12-11 21:49 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-11 21:49 . 2007-12-11 21:49 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-11 21:49 . 2007-12-11 21:49 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-11 21:49 . 2007-12-11 21:49 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-11 21:47 . 2007-12-11 21:47 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-11 21:47 . 2007-12-11 21:47 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-11 21:47 . 2007-12-11 21:47 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-11 21:47 . 2007-12-11 21:47 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-11 21:46 . 2007-12-11 21:46 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-11 21:46 . 2007-12-11 21:46 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-11 21:45 . 2007-12-11 21:45 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-11 20:55 . 2007-12-11 20:55 <DIR> d-------- C:\Users\All Users\sentinel
2007-12-11 20:55 . 2007-12-11 20:55 <DIR> d-------- C:\ProgramData\sentinel
2007-12-11 20:54 . 2007-06-06 11:43 46,904 --a------ C:\Windows\System32\drivers\amm8660.sys
2007-12-11 20:54 . 2007-12-11 20:54 248 --a------ C:\Windows\System32\PavCPL.dat
2007-12-11 20:53 . 2007-12-31 07:59 <DIR> d-------- C:\Windows\System32\PAV
2007-12-11 20:53 . 2007-03-15 18:38 54,832 --a------ C:\Windows\System32\pavcpl.cpl
2007-12-11 20:52 . 2007-12-19 22:28 <DIR> d-------- C:\Program Files\Panda Security
2007-12-11 20:52 . 2007-02-15 20:02 50,736 --a------ C:\Windows\System32\avldr.dll
2007-12-11 20:13 . 2007-12-09 00:18 1,217,292 --a------ C:\Windows\_detmp.1
2007-12-11 20:13 . 2001-12-06 15:24 61,440 --a------ C:\Windows\_detmp.2
2007-12-11 16:55 . 2007-12-11 16:55 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2007-12-11 16:55 . 2007-12-11 16:55 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2007-12-08 14:32 . 2007-12-08 14:32 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-03 23:34 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-01-03 23:08 --------- d-----w C:\ProgramData\Google Updater
2007-12-31 00:45 --------- d-----w C:\Users\jose a\AppData\Roaming\Vso
2007-12-29 01:52 --------- d-----w C:\Program Files\Vstplugins
2007-12-27 22:50 --------- d-----w C:\ProgramData\Roxio
2007-12-12 03:49 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-12 03:48 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 03:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 02:02 --------- d-----w C:\ProgramData\Kaspersky Lab
2007-12-11 22:57 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-09 03:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-08 21:18 --------- d-----w C:\Program Files\JLC's Software
2007-12-03 23:15 --------- d-----w C:\Program Files\Trend Micro
2007-11-21 00:01 --------- d-----w C:\Program Files\Sony
2007-11-20 23:30 --------- d-----w C:\ProgramData\Sony
2007-11-18 09:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 23:07 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-15 23:06 --------- d-----w C:\Program Files\Common Files\Real
2007-11-14 09:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 09:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 09:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 09:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 09:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 09:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 09:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 09:03 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 09:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 09:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 09:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 09:02 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 09:02 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 09:02 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 09:02 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 09:02 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 09:02 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-14 09:02 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 09:02 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 09:01 --------- d-----w C:\Program Files\Windows Mail
2007-11-08 21:49 --------- d-----w C:\Program Files\iPod
2007-11-08 21:47 --------- d-----w C:\Program Files\QuickTime
2007-10-25 11:52 4,702,208 ----a-w C:\Windows\RtHDVCpl.exe
2007-10-24 17:50 2,101,248 ----a-w C:\Windows\System32\RtkAPO.dll
2007-10-18 12:54 26,112 ----a-w C:\Windows\System32\RtkCoInst.dll
2007-10-17 13:27 582,656 ----a-w C:\Windows\System32\RtkPgExt.dll
2007-10-10 08:03 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 08:03 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 08:03 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 08:03 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 08:01 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 08:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-10 08:01 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-08-30 10:18 174 --sha-w C:\Program Files\desktop.ini
2007-03-28 01:44 87,608 ----a-w C:\Users\jose a\AppData\Roaming\ezpinst.exe
2007-03-28 01:44 47,360 ----a-w C:\Users\jose a\AppData\Roaming\pcouffin.sys
2007-02-26 02:08 0 ----a-w C:\Users\jose a\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-03_16.50.53.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-02 19:54:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-03 17:36:37 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-02 08:27:17 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\UsrClass.dat
+ 2008-01-03 19:28:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\UsrClass.dat
- 2008-01-02 16:06:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 11:09:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 11:09:47 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2008-01-02 2208 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\UsrClass.dat
+ 2008-01-03 23:26:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\UsrClass.dat
- 2008-01-02 11:32:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-01-03 11:58:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-01-03 11:58:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2008-01-02 21:58:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-01-03 23:15:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-01-02 21:58:16 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-03 23:15:04 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-02 21:58:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-03 23:15:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-02 22:45:21 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
+ 2008-01-03 23:34:53 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
- 2008-01-01 22:29:01 7,168 ----a-w C:\Windows\System32\queue.dat
+ 2008-01-03 22:56:13 7,168 ----a-w C:\Windows\System32\queue.dat
- 2008-01-01 22:30:36 13,958 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-681669345-2965885629-2413356416-1001_UserData.bin
+ 2008-01-03 22:57:42 13,958 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-681669345-2965885629-2413356416-1001_UserData.bin
- 2008-01-01 22:30:36 62,500 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-01-03 22:57:42 62,500 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-01-01 01:50:05 60,206 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-01-03 22:57:39 60,214 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-10-30 15:27 715888]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-27 14:43 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-10 18:04 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 07:42 65536]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 09:44 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 17:11 151552]
"BCD2000"="C:\Windows\system32\bcd2kcpan.exe" [2005-06-15 03:34 536576]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-04 10:40 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-04 10:39 154136]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2007-09-04 10:40 129560]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Users\jose a\Documents\iTunesHelper.exe" [2007-11-02 18:36 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 17:06 185896]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-27 14:43:54]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"

R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sy s [2007-06-06 11:43]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe" [2006-09-03 12:32]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe" [2007-03-21 19:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2007-08-07 06:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 11:39]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\Windows\system32\DRIVERS\Ma730Pt.sys [2007-03-05 09:42]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;C:\Windows\system32\DRIVERS\Ma730VaA.sys [2007-01-26 16:32]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\Windows\system32\DRIVERS\Ma730Vad.sys [2007-01-26 17:48]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 11:13]
S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\Windows\system32\Drivers\BCD2000.SYS [2005-06-15 03:34]
S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\Windows\system32\Drivers\BCD2000WDM.SY S [2005-06-15 03:35]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-09-18 16:49]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-18 14:19]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRI VERS\motccgpfl.sys [2007-01-22 18:33]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 14:11]
S3 motmodem;Motorola USB CDC ACM Driver;C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 14:18]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 01:41]
S3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 01:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 17:37:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-04 17:38:41
ComboFix-quarantined-files.txt 2008-01-04 23:38:37
ComboFix2.txt 2008-01-03 22:51:27
.
2007-12-27 22:18:49 --- E O F ---

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Salu2

muchas gracias por la ayuda ahora se siente la diferencia de mi cpu
no cabe duda que en este foro en verdad se ayuda ala raza de una manera especial


salu2