Buenos dias a todos,

Actualmente trabajo con una laptop HP DV6000 con windows vista home premium. De alguna forma alguien en la oficina abrió un archivo maligno y la pc fue infectada con un troyano llamado win32.bagle.SUM@mm.

Aunque la he limpiado de muchas formas,

El windows defender no funciona, el windows firewall tampoco y en fin, la seguridad del equipo está bastante comprometida.

Trabajo con un ESET Nod32 3.0.566.0 y spyware doctor.
Además use las herramientas Elibagla, Combofix, superantispyware, pero suigue molestando.

Aparentemente la maquina está limpia, pero es extremadamente lenta.

No me queda otra salida que pedir ayuda y po lo tanto aquó pongo el hjt log y esperar que alguien experimentado me pueda ayudar, pues quiero evitar a toda costa un formateo del equipo.

de antemano muchas gracias,

Andres.


Logfile of HijackThis v1.99.1
Scan saved at 10:49:01 a.m., on 05/03/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA532928-F427-457B-9BA2-0DD462277B31}: NameServer = 200.13.249.101,200.75.78.78
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcGIS License Manager - Macrovision Corporation - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ION Java Daemon 2.0 - Unknown owner - D:\RSI\IDL60\products\ion20\ion_java\bin\ion_srv.e xe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Hola, te doy la bienvenida al foro, sigue estos pasos:

• - Descarga ComboFix.exe
  
  • Dada tu infecciones, debes de cambiar el nombre antes de guardarlo en tu escritorio por Combo-Fix

--------------------------------------------------------------------

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo Combo-Fix.exe y sigue las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
• Pega el reporte de ComboFix.txt en este mismo mensaje.

Saludos

Muchas gracias Gpastor.

Ya realicé las acciones que me has dicho.

Aqui pego el reporte de combofix,

PD: La pc sigue muy muy lenta.

Andres.


ComboFix 08-03-06.2 - PERSONAL 2008-03-06 21:43:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.3082.18.1305 [GMT -5:00]
Se ejecuta desde: C:\Users\PERSONAL\Desktop\Combo-Fix.exe
.

(((((((((((((((((( Archivos creados desde 2008-02-07 - 2008-03-07 )))))))))))))))))))))))))))))))))
.

Ningún archivo ha sido creado durante este intervalo de tiempo

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-03-07 02:41 --------- d---a-w C:\ProgramData\TEMP
2008-03-07 02:24 --------- d-----w C:\Program Files\GlobalMapper9
2008-03-06 19:16 --------- d-----w C:\Program Files\MapInfo
2008-03-06 12:52 --------- d-----w C:\Program Files\The Cleaner Free
2008-03-06 02:35 --------- d-----w C:\Program Files\ESRI
2008-03-04 22:16 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\ESRI
2008-03-03 22:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 19:26 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-03 18:36 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\PC Tools
2008-03-03 17:30 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-03 17:15 --------- d-----w C:\Program Files\ESET
2008-02-29 21:48 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\uTorrent
2008-02-29 20:22 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\SUPERAntiSpyware .com
2008-02-29 20:22 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-02-29 15:28 262,144 ----a-w C:\ntuser.dat
2008-02-29 14:21 --------- d-----w C:\Program Files\Zone Labs
2008-02-29 13:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-28 16:36 --------- d-----w C:\Program Files\Mapdekode
2008-02-25 21:08 --------- d-----w C:\Program Files\ElcomSoft
2008-02-24 21:24 --------- d-----w C:\ProgramData\ESET
2008-02-22 20:16 --------- d-----w C:\Program Files\McAfee
2008-02-22 18:36 --------- d-----w C:\ProgramData\McAfee
2008-02-22 18:36 --------- d-----w C:\Program Files\McAfee.com
2008-02-22 18:36 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-13 22:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 22:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 22:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 22:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:12 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-13 22:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 22:12 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 22:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 22:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 22:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 22:11 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 22:11 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 22:11 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 22:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 22:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 22:11 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 22:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 22:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:11 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 22:08 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 22:08 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 22:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 22:08 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-04 20:24 --------- d-----w C:\Program Files\MobileMapper Office
2008-02-04 15:28 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\GPS Utility
2008-02-04 15:09 --------- d-----w C:\Program Files\dnrgarmin
2008-02-01 17:55 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
2008-01-30 13:20 --------- d-----w C:\Program Files\PDF 2 DXF 2
2008-01-30 13:20 --------- d-----w C:\Program Files\DXF 2 PDF 1
2008-01-29 18:31 74,752 ----a-w C:\Windows\cadkasdeinst01e.exe
2008-01-24 19:51 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\MapInfo
2008-01-24 13:12 --------- d-----w C:\Program Files\Common Files\THALES Navigation
2008-01-23 19:33 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\Safe Software
2008-01-23 17:47 --------- d-----w C:\ProgramData\ESRI
2008-01-23 17:47 --------- d-----w C:\Program Files\Common Files\ESRI
2008-01-23 17:46 --------- d-----w C:\Program Files\ArcGIS
2008-01-23 17:44 --------- d-----w C:\Program Files\Leica Geosystems
2008-01-23 17:42 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-23 17:34 --------- d-----w C:\ProgramData\Macrovision
2008-01-23 15:44 --------- d-----w C:\Program Files\Rainbow Technologies
2008-01-23 15:00 --------- d-----w C:\Program Files\Intuwave Ltd
2008-01-23 14:41 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\Sony Ericsson
2008-01-22 14:39 --------- d-----w C:\Program Files\Img2gps
2008-01-22 13:33 958,464 ------w C:\Windows\Setup1.exe
2008-01-22 13:33 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-01-21 21:46 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\GARMIN
2008-01-18 13:49 --------- d-----w C:\Program Files\LimeWire
2008-01-18 13:48 --------- d-----w C:\ProgramData\Skype
2008-01-18 13:40 --------- d-----w C:\Program Files\Google
2008-01-18 13:02 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\skypePM
2008-01-14 14:05 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\Autodesk
2008-01-14 14:05 --------- d-----w C:\ProgramData\Autodesk
2008-01-10 19:51 --------- d-----w C:\ProgramData\FLEXnet
2008-01-10 19:51 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-10 19:50 --------- d-----w C:\ProgramData\MapInfo
2008-01-10 19:50 --------- d-----w C:\Program Files\Seagate Software
2008-01-10 19:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-10 19:05 --------- d-----w C:\Program Files\AutoCAD 2008
2008-01-10 18:52 --------- d-----w C:\Program Files\Autodesk
2008-01-10 17:49 --------- d-----w C:\Program Files\Microsoft Student
2008-01-10 17:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 13:16 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\Sony Corporation
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 21:50 --------- d-----w C:\Program Files\Sony
2008-01-09 21:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-09 21:08 --------- d-----w C:\Program Files\uTorrent
2008-01-09 20:56 --------- d-----w C:\Users\PERSONAL\AppData\Roaming\LimeWire
2008-01-09 16:23 --------- d-----w C:\Program Files\Incomplete
2008-01-09 13:55 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 13:43 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 13:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 13:43 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 13:43 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-17 17:33 32 ----a-w C:\Users\All Users\ezsid.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 08:43 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 18:54 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 18:54 151552]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2007-02-26 18:54 126976]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

C:\Users\PERSONAL\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-01-09 16:50:29 344064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Inicio r*pido de Adobe Acrobat.lnk - C:\Windows\Installer\{AC76BA86-1034-4700-7760-100000000002}\SC_Acrobat.exe [2007-11-30 11:48:59 25214]
Inicio r*pido de Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3209358751-4143032929-3564460681-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{3A8802F7-FE48-4F30-893A-529391908B68}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{486B639D-B3E7-4E6C-833C-20E108248841}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{46E67201-3397-426C-B0A3-3AC036E5B641}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DDE26DA6-2937-4910-81DB-F250104CDB46}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{62F1B89B-C5D0-4CA0-9626-25672BD59463}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{73B872D3-22C3-4AE9-8148-AFA3599A97C8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD62C53D-F4C8-4693-81B4-AC02E281BE72}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7A0CFF02-FFBF-418F-83ED-24099E49957F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{7D42A900-9B84-44F9-9099-05DA7ED3392F}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire|Desc=LimeWire
"UDP Query User{2921FC78-9068-4B07-8775-8B0F6DB00618}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire|Desc=LimeWire
"TCP Query User{1794CCE6-3BD2-4DFF-B57B-BBD55C4B6533}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"UDP Query User{86CBA890-B767-4B50-8C22-A92EFA1125C0}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{5C13E3FF-7BB9-4F62-BBCE-A3ED713317C9}"= UDP:990:LocalSubnet:LocalSubnet|IF={729E8AC8-61DE-47C0-B8B5-BE8A64A20A2F}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001|Desc=@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{EF3470B1-FF42-49EF-B011-8CE5CBF4B4A4}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{6B53F416-05DA-41ED-821F-C8E60B366683}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"{2CD476DE-9D86-4271-9CF3-1F5D973E91A3}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3B551905-2E80-468E-B50D-D4A267E8136C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1BAE8706-2F14-4A51-9F31-E13C11A3F34F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{F5065290-A513-411D-8CD0-6C82C38A809C}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{0C2EF70D-28A3-4F31-A78D-81C89BE5D80F}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1C824325-A4DA-4EDA-933A-2975C934D98C}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe"= UDP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRout erRuntime|Desc=mRouterRuntime
"UDP Query User{EC173814-A594-4FB2-ABBC-6A16B21A0C49}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe"= TCP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRout erRuntime|Desc=mRouterRuntime
"{F7D3F574-08D8-4B36-9BBC-AD94572A01DF}"= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{29C8A6FD-727C-44CF-8B95-A025D0E87093}"= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfw tdir.sys [2007-11-14 15:06]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.ex e [2007-10-20 09:11]
R2 RapiMgr;Conectividad de dispositivos basada en Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 WcesComm;Conectividad de dispositivos basados en Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 18:54]
R3 NETw4v32;Controlador del adaptador Intel(R) Wireless WiFi Link para Windows Vista de 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-05-04 14:11]
S3 FTLUND;Lundinova Filter Driver;C:\Windows\system32\drivers\ftlund.sys [2003-02-24 09:36]
S3 NETw3v32;Controlador de adaptador Intel(R) PRO/Wireless 3945ABG para Windows Vista de 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b42df849-99b2-11dc-8688-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 21:46:48
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-03-06 21:47:32
ComboFix-quarantined-files.txt 2008-03-07 02:47:30
.
2008-02-29 13:25:08 --- E O F ---

El reporte está limpio, si el problema persiste sigue los pasos para Optimizar Windows así como también descarga y ejecuta la utilidad Advanced WindowsCare, para reparar y optimizar a fondo tu PC.

Saludos