Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Buenas tardes.

Como a muchos otros usuarios, tengo desde hace días un virus que provoca las ventanas emergentes en el navegador, el aviso del aparene Centro de Seguridad, etc.... He probado con todas las indicaciones que he estado leyendo en estos foros y el problema sigue.

He realizado un "HijakThis" y el Logfile es el siguiente:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:49, on 31/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Felix\AppData\Local\wfodnfnngn.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\WINDOWS\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Users\Felix\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elmundo.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Felix\AppData\Local\Octoshape\Octosh ape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [wfodnfnngn] c:\users\felix\appdata\local\wfodnfnngn.exe wfodnfnngn
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Archivos de programa\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1032C83-E9CC-4B89-BACF-26CD56B8CB46}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 13032 bytes


¿Puede alguién ayudarme? ¿Donde está el problema? Ningún antivirus de los que he probado resuelve la situación.

Gracias.

Hola 9499cmf, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga estas herramientas pero no las ejecutes aun:

• ComboFix.exe
• SUPERAntiSpyware

Paso 2- Con todos los programas cerrados ejecuta el HijackThis y dale "FIX Cheked" a esta entrada:


O4 - HKCU\..\Run: [wfodnfnngn] c:\users\felix\appdata\local\wfodnfnngn.exe wfodnfnngn



Paso 3- Ejecuta estas herramientas, de a una:

• SUPERAntiSpyware

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de CF.

Salu2

Hola

He hecho todo lo que me has indicado y parece ser que el "bicho" ya es historia , pero era tan dañino que ha querido morir matando, hasta hoy no he podido contestar porque tras haber pasado la herramienta ComboFix, se desconfiguró mi conexión a internet y hoy he podido resolverlo.

Gracias por la inestimable ayuda que prestáis en este foro a todos los usuarios

Para terminar te paso el reporte del ComboFix.

ComboFix 08-01-04.1 - Felix 2008-01-04 20:19:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.34.3082.18.395 [GMT 1:00]
Se ejecuta desde: C:\Users\Felix\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Felix\AppData\Local\wfodnfnngn.dat
C:\Users\Felix\AppData\Local\wfodnfnngn.exe
C:\Users\Felix\AppData\Local\wfodnfnngn_nav.dat
C:\Users\Felix\AppData\Local\wfodnfnngn_navps.dat
C:\Windows\system32\nvs2.inf
C:\Windows\WINDOWS
C:\Windows\WINDOWS\WINDOWS.BMP
C:\Windows\WINDOWS\WINDOWS.JPG

.
(((((((((((((((((( Archivos creados desde 2007-12-04 - 2008-01-04 )))))))))))))))))))))))))))))))))
.

2008-01-04 20:18 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-01 19:05 . 2008-01-01 19:05 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-01-01 19:05 . 2008-01-01 19:05 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2007-12-31 19:34 . 2007-12-31 19:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 16:02 . 2007-12-31 16:02 <DIR> d-------- C:\Program Files\CCleaner
2007-12-31 14:57 . 2008-01-04 20:17 <DIR> d-------- C:\Users\Felix\AppData\Roaming\SUPERAntiSpyware.co m
2007-12-31 14:57 . 2007-12-31 14:57 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-12-31 14:57 . 2007-12-31 14:57 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2007-12-31 14:57 . 2008-01-04 20:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-30 19:28 . 2008-01-03 18:13 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2007-12-30 19:28 . 2008-01-03 18:13 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2007-12-30 19:26 . 2007-12-30 19:26 <DIR> d-------- C:\KAV
2007-12-29 18:36 . 2008-01-04 19:23 <DIR> d-------- C:\Users\Felix\AppData\Roaming\StarOffice8
2007-12-29 18:29 . 2007-12-29 18:29 <DIR> d-------- C:\Program Files\Sun
2007-12-29 18:29 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2007-12-29 18:17 . 2007-12-29 18:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-29 18:16 . 2007-12-29 18:16 <DIR> d-------- C:\Program Files\Real
2007-12-29 18:16 . 2007-12-29 18:16 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-29 18:14 . 2008-01-03 19:18 <DIR> d-a------ C:\Users\All Users\TEMP
2007-12-29 18:14 . 2008-01-03 19:18 <DIR> d-a------ C:\ProgramData\TEMP
2007-12-29 18:14 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2007-12-29 18:13 . 2008-01-03 19:58 <DIR> d-------- C:\Users\All Users\Google Updater
2007-12-29 18:13 . 2008-01-03 19:58 <DIR> d-------- C:\ProgramData\Google Updater
2007-12-28 19:30 . 2007-12-28 19:30 <DIR> d-------- C:\Users\Felix\AppData\Roaming\AntiSpyware
2007-12-12 19:49 . 2007-12-12 19:49 <DIR> d-------- C:\Program Files\Vaughan
2007-12-12 19:49 . 1999-12-17 10:13 86,016 --a------ C:\Windows\unvise32.exe
2007-12-11 20:07 . 2007-12-11 20:07 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-11 20:07 . 2007-12-11 20:07 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-11 20:07 . 2007-12-11 20:07 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-11 20:07 . 2007-12-11 20:07 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-11 20:05 . 2007-12-11 20:05 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-11 20:05 . 2007-12-11 20:05 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-11 20:05 . 2007-12-11 20:05 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-11 20:05 . 2007-12-11 20:05 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-11 20:02 . 2007-12-11 20:02 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-11 20:02 . 2007-12-11 20:02 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-11 20:01 . 2007-12-11 20:01 2,048 --a------ C:\Windows\System32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-01-04 19:01 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-01-04 18:22 --------- d-----w C:\Users\Felix\AppData\Roaming\OpenOffice.org2
2008-01-04 18:22 --------- d-----w C:\Program Files\WinTV
2007-12-31 18:53 --------- d-----w C:\Program Files\Yahoo!
2007-12-30 11:05 --------- d-----w C:\Program Files\Java
2007-12-30 10:55 --------- d-----w C:\Program Files\Google
2007-12-11 19:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-11 19:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-11 19:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-01 18:24 --------- d-----w C:\Users\Felix\AppData\Roaming\Yahoo!
2007-11-25 17:36 558,080 ----a-w C:\Windows\System32\MSMPEG2VDEC.DLL
2007-11-25 17:36 505,856 ----a-w C:\Windows\System32\MSMPEG2ENC.DLL
2007-11-25 17:36 386,560 ----a-w C:\Windows\System32\MSMPEG2ADEC.DLL
2007-11-25 17:36 --------- d-----w C:\Program Files\Roxio
2007-11-24 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-24 19:12 --------- d-----w C:\Program Files\Common Files\IviSDK
2007-11-24 18:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2007-11-24 18:25 --------- d-----w C:\Users\Felix\AppData\Roaming\Logitech
2007-11-24 18:24 --------- d-----w C:\Program Files\Logitech
2007-11-24 18:23 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2007-11-24 18:23 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2007-11-24 18:22 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-24 18:21 --------- d-----w C:\Users\Felix\AppData\Roaming\InstallShield
2007-11-24 18:21 --------- d-----w C:\ProgramData\Logitech
2007-11-24 18:20 --------- d-----w C:\ProgramData\LogiShrd
2007-11-14 15:49 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 15:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 15:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 15:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 15:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 15:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 15:49 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 15:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 15:48 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 15:48 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 15:48 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 15:46 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 15:46 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 15:46 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-14 15:46 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-14 15:46 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-14 15:46 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-14 15:46 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-14 15:46 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-14 15:46 --------- d-----w C:\Program Files\Windows Mail
2007-11-12 19:11 --------- d-----w C:\Program Files\iTunes
2007-11-12 19:11 --------- d-----w C:\Program Files\iPod
2007-11-12 19:09 --------- d-----w C:\Program Files\QuickTime
2007-10-10 15:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 15:15 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 15:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 15:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 15:13 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 15:13 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-10 15:11 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-08-30 10:20 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-12-29 18:13 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34 1196032]
"Octoshape Streaming Services"="C:\Users\Felix\AppData\Local\Octoshape\ Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-15 17:57 1006264]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 08:53 66600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"EPGServiceTool"="C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe" [2007-08-01 04:26 675840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 18:16 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]

C:\Users\Felix\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-09-23 12:36:42]
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-08-17 22:58:18]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2007-11-24 20:12:33]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-29 18:13:16]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-24 19:25:10]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-24 19:21:53]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2006-02-21 21:45:53]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2007-09-05 17:46]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-06-04 18:00]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-06-04 18:02]
R3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 08:41]
R3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 08:41]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-05-16 18:49]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\Wi nTV\HCWTVS~1.EXE [2007-02-20 15:11]
S4 viamraid;viamraid;C:\Windows\system32\drivers\viam raid.sys [2005-04-26 11:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{53df60d3-64f3-11dc-8ae1-00142ad44d44}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'
"2007-12-28 18:35:51 C:\Windows\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2007-02-08 20:21:04 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 19:23:24 C:\Windows\Tasks\User_Feed_Synchronization-{C76DB69B-227C-4B9B-A81D-75DDF4CD1C18}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 20:23:36
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-01-04 20:24:39
ComboFix-quarantined-files.txt 2008-01-04 19:24:36
.
2007-12-11 19:08:26 --- E O F ---

Saludos cordiales.

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Salu2