Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola... siempre consulto este forum para solucionar ciertos problemas que se me presentan, pero el de ahorita he buscado pero no consigo nada... Actualmente tengo el Antivirus BitDefender instalado en mi maquina hoy decidi scanear y me detecto varios virus los cuales no pudo eliminar sino que los movio, quisiera saber como podria hacer para eliminarlos...
Si me podrian ayudar en algo se los agradeceria... gracias
Este fue el reporte que me genero el antivirus:

//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 30/03/2008 15:38:52
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
Folders : 11383
Files : 330507
Memory processes scanned : 62
Archives : 10130
Runtime packers : 20931
Identified viruses : 9
Infected files : 40
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 18
Moved files : 22
I/O errors : 44
Scan time : 01:27:37
Scan speed (files/sec) : 62

Spyware Statistics

Registry keys scanned : 382
Registry keys infected : 1
Cookies scanned : 8
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 1


Virus definitions : 1055766
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1 206905932.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

<System>=>HKEY_USERS\S-1-5-21-4142408590-2589593040-100632226-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN \amva=>C:\WINDOWS\SYSTEM32\AMVO.EXE Detected: Packer.Malware.NSAnti.W
<System>=>HKEY_USERS\S-1-5-21-4142408590-2589593040-100632226-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN \amva=>C:\WINDOWS\SYSTEM32\AMVO.EXE Disinfection failed
<System>=>HKEY_USERS\S-1-5-21-4142408590-2589593040-100632226-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN \amva=>C:\WINDOWS\SYSTEM32\AMVO.EXE Move failed
C:\1weicxa.com Infected: Packer.Malware.NSAnti.V
C:\1weicxa.com Disinfection failed
C:\1weicxa.com Moved
C:\Documents and Settings\Angela Longa\Local Settings\Temp\5o.dll Infected: Packer.Malware.NSAnti.W
C:\Documents and Settings\Angela Longa\Local Settings\Temp\5o.dll Disinfection failed
C:\Documents and Settings\Angela Longa\Local Settings\Temp\5o.dll Moved
C:\Documents and Settings\Angela Longa\Local Settings\Temp\5qno.dll Infected: Packer.Malware.NSAnti.W
C:\Documents and Settings\Angela Longa\Local Settings\Temp\5qno.dll Disinfection failed
C:\Documents and Settings\Angela Longa\Local Settings\Temp\5qno.dll Moved
C:\Documents and Settings\Angela Longa\Local Settings\Temp\aajc.dll Infected: Packer.Malware.NSAnti.V
C:\Documents and Settings\Angela Longa\Local Settings\Temp\aajc.dll Disinfection failed
C:\Documents and Settings\Angela Longa\Local Settings\Temp\aajc.dll Moved
C:\Documents and Settings\Angela Longa\Local Settings\Temp\f28.dll Infected: Packer.Malware.NSAnti.V
C:\Documents and Settings\Angela Longa\Local Settings\Temp\f28.dll Disinfection failed
C:\Documents and Settings\Angela Longa\Local Settings\Temp\f28.dll Moved
C:\Documents and Settings\Angela Longa\Local Settings\Temp\njpavm.dll Infected: Packer.Malware.NSAnti.V
C:\Documents and Settings\Angela Longa\Local Settings\Temp\njpavm.dll Disinfection failed
C:\Documents and Settings\Angela Longa\Local Settings\Temp\njpavm.dll Moved
C:\f.exe Infected: Trojan.PWS.OnlineGames.SSU
C:\f.exe Deleted
C:\ino6.com Infected: Trojan.PWS.OnlineGames.SST
C:\ino6.com Deleted
C:\jiwsxh39.exe Infected: Packer.Malware.NSAnti.W
C:\jiwsxh39.exe Disinfection failed
C:\jiwsxh39.exe Moved
C:\rthrw.com Infected: Packer.Malware.NSAnti.W
C:\rthrw.com Disinfection failed
C:\rthrw.com Moved
C:\WINDOWS\system32\amvo.exe Infected: Packer.Malware.NSAnti.W
C:\WINDOWS\system32\amvo.exe Disinfection failed
C:\WINDOWS\system32\amvo.exe Moved
C:\WINDOWS\system32\amvo0.dll Infected: Packer.Malware.NSAnti.W
C:\WINDOWS\system32\amvo0.dll Disinfection failed
C:\WINDOWS\system32\amvo0.dll Moved
C:\WINDOWS\system32\amvo1.dll Infected: Packer.Malware.NSAnti.V
C:\WINDOWS\system32\amvo1.dll Disinfection failed
C:\WINDOWS\system32\amvo1.dll Moved
D:\ino6.com Infected: Trojan.PWS.OnlineGames.SST
D:\ino6.com Deleted
D:\f.exe Infected: Trojan.PWS.OnlineGames.SSU
D:\f.exe Deleted
D:\1weicxa.com Infected: Packer.Malware.NSAnti.V
D:\1weicxa.com Disinfection failed
D:\1weicxa.com Moved
D:\jiwsxh39.exe Infected: Packer.Malware.NSAnti.W
D:\jiwsxh39.exe Disinfection failed
D:\jiwsxh39.exe Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066170.com Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066170.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066171.inf Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066171.inf Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066184.com Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066184.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066185.inf Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066185.inf Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066216.com Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066216.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066217.inf Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066217.inf Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066263.com Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066263.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066264.inf Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066264.inf Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066289.exe Infected: Trojan.PWS.OnlineGames.SSU
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP90\A0066289.exe Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066354.com Infected: Trojan.PWS.OnLineGames.SQN
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066354.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066384.com Infected: Trojan.PWS.OnLineGames.SQN
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066384.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066431.com Infected: Trojan.PWS.OnLineGames.SQN
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066431.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066455.com Infected: Packer.Malware.NSAnti.V
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066455.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP91\A0066455.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066471.com Infected: Packer.Malware.NSAnti.V
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066471.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066471.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066496.com Infected: Packer.Malware.NSAnti.V
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066496.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066496.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066542.exe Infected: Packer.Malware.NSAnti.W
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066542.exe Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0066542.exe Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0067543.com Infected: Packer.Malware.NSAnti.W
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0067543.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP92\A0067543.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067578.com Infected: Packer.Malware.NSAnti.W
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067578.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067578.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067621.com Infected: Packer.Malware.NSAnti.W
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067621.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067621.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067648.com Infected: Trojan.PWS.OnlineGames.SST
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067648.com Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067649.exe Infected: Trojan.PWS.OnlineGames.SSU
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067649.exe Deleted
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067650.com Infected: Packer.Malware.NSAnti.V
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067650.com Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067650.com Moved
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067651.exe Infected: Packer.Malware.NSAnti.W
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067651.exe Disinfection failed
D:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP93\A0067651.exe Moved

Hola , te doy la bienvenida al Foro de InfoSpyware.
Desactiva Restaurar Sistema como primer medida.

Aunque BitDefender hizo gran parte, haz lo siguiente:

Descarga las siguientes herramientas:

• MalwareBytes’ Anti-Malware
• CCleaner.

1. Reinicia en Modo Seguro
2. Ejecuta CCleaner, usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
3. Ejecuta Malwarebytes' Anti-Malware (Es importante que selecciones escaneo completo y la opción de quitar lo encontrado)

Ahora, reinicia en Modo Normal, y haz lo siguiente

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje, junto con el de Malwarebytes' Anti-Malware.

o.k voy a proceder y luego le comento gracias...

O.k ya realice todo lo que me dijeron y estos fueron los resultados.

REPORTES:

Malwarebytes' Anti-Malware 1.09
Versión de la Base de Datos: 574

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 148917
Tiempo transcurrido: 5 hour(s), 21 minute(s), 22 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP55\A0034290.sys (Adware.WhenUSave) -> No action taken.


---------------------------------------------------

ComboFix 08-04-01.2 - Angela Longa 2008-04-02 10:57:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.436 [GMT -4:00]
Running from: C:\Documents and Settings\Angela Longa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-03-31 17:59 . 2008-03-31 17:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-31 17:59 . 2008-03-31 17:59 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Malwarebytes
2008-03-31 17:59 . 2008-03-31 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-16 11:14 . 2008-03-16 15:12 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-16 11:13 . 2008-03-16 11:30 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\ICQ
2008-03-16 11:12 . 2008-03-16 11:26 <DIR> d-------- C:\Program Files\ICQ6
2008-03-12 20:37 . 2008-03-12 20:37 42 --a------ C:\WINDOWS\Best MP3.pls
2008-03-11 08:11 . 2008-03-11 08:11 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Ansys
2008-03-10 21:13 . 2008-03-10 21:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-10 20:54 . 2008-03-10 20:54 <DIR> d-------- C:\Program Files\MEDIAactive
2008-03-10 11:06 . 2008-03-10 21:25 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-10 11:04 . 2008-03-10 11:04 <DIR> d-------- C:\Program Files\Common Files\Autodesk
2008-03-10 10:28 . 2008-03-10 10:28 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-03-10 10:28 . 2008-03-10 10:29 <DIR> d-------- C:\Program Files\AOEMView 2008
2008-03-10 10:26 . 2008-03-11 08:12 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Autodesk
2008-03-10 10:25 . 2008-03-10 10:25 <DIR> d-------- C:\Program Files\DWG TrueView 2007
2008-03-10 10:25 . 2008-03-10 10:48 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-10 10:25 . 2008-03-10 11:11 <DIR> d-------- C:\Program Files\Autodesk
2008-03-10 10:25 . 2008-03-11 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-10 10:24 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-10 10:24 . 2005-07-27 13:43 150,224 --a------ C:\WINDOWS\system32\RGB9Rast_1.dll
2008-03-09 20:56 . 2008-03-09 20:56 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\ICQ Toolbar
2008-03-03 21:11 . 2008-03-03 21:11 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Bitdefender
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Softwin
2008-03-03 20:40 . 2008-03-03 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-03 20:39 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-03 20:29 . 2008-03-03 20:31 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 20:27 . 2008-03-03 20:27 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-03 20:09 . 2008-04-02 10:57 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-03 20:06 . 2008-03-03 20:28 <DIR> d-------- C:\Program Files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-25 00:06 --------- d-----w C:\Documents and Settings\Angela Longa\Application Data\Skype
2008-03-16 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 15:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-27 10:38 --------- d-----w C:\Program Files\Windows Live
2008-02-01 15:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2005-09-24 08:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01 392832]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-28 19:24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 01:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 17:03 36975]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 16:50 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 14:56 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 18:26 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 14:23 1187840]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]
"SNPMI03"="C:\WINDOWS\vsnpmi03.exe" [2003-08-08 14:58 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Angela Longa^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Angela Longa\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 15:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
--a------ 2004-02-27 13:29 61440 C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-28 19:24 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 2004-05-20 12:40 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\palmOne\\Hotsync.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFH WATI.sys [2005-08-22 05:06]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
S3 snpmi03;VideoCAM NB 300;C:\WINDOWS\system32\DRIVERS\snpmi03.sys [2004-01-12 18:06]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{14e9238c-ca81-11dc-945c-0014a57b53ef}]
\Shell\Auto\command - MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2056b87f-80fe-11dc-933a-101111111111}]
\Shell\Auto\command - F:\adp.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8944b705-7867-11dc-9320-0014a57b53ef}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Instalar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9e3599bc-ef80-11dc-94cb-0014a57b53ef}]
\Shell\AutoRun\command - d.com
\Shell\explore\Command - d.com
\Shell\open\Command - d.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{aa752890-f9f9-11dc-94f0-0014a57b53ef}]
\Shell\AutoRun\command - F:\ino6.com
\Shell\explore\Command - F:\ino6.com
\Shell\open\Command - F:\ino6.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ba624cc2-e6dd-11dc-94b0-0014a57b53ef}]
\Shell\AutoRun\command - xn1i9x.com
\Shell\explore\Command - xn1i9x.com
\Shell\open\Command - xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ba624cc3-e6dd-11dc-94b0-0014a57b53ef}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c5692cea-937f-11dc-937b-101111111111}]
\Shell\AutoRun\command - 1weicxa.com
\Shell\explore\Command - 1weicxa.com
\Shell\open\Command - 1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da06fea4-eac2-11dc-94c1-0014a57b53ef}]
\Shell\AutoRun\command - F:\fooool.exe
\Shell\explore\Command - F:\fooool.exe
\Shell\open\Command - F:\fooool.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-23 02:29:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 11:01:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-02 11:04:41
ComboFix-quarantined-files.txt 2008-04-02 15:04:38
Pre-Run: 29,703,499,776 bytes free
Post-Run: 29,690,077,184 bytes free
.
2008-03-12 00:09:32 --- E O F ---

Descarga Flash_Disinfector

1. Conecta tu dispositivo USB (Pen Drive, Móvil, MP3/4), y ejecutas Fash_Disinfector.
2. Desconecta los dispositivos USB, y vuelve a ejecutar Flash_Disinfector

Luego:


1.-Abrir el Notepad (Bloc de Notas)

• Ir a INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.-Ahora copia y pega estos archivos dentro del Notepad

3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

• Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente

Saludos

Listo!!! la maquina la veo que esta mas rapida... pero cuando termino el combofix y se reinicio la maquina siguio su proceso arrojo el reporte y google me dio una alerta de que estaba bloqueando algo y en ese momento me recorde que no deshabilite el firewall, habra algun problema con eso???

Bueno aqui esta el reporte que me genero el ComboFix.

ComboFix 08-04-01.2 - Angela Longa 2008-04-02 18:36:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.641 [GMT -4:00]
Running from: C:\Documents and Settings\Angela Longa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angela Longa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\vsnpmi03.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\vsnpmi03.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-03-31 17:59 . 2008-03-31 17:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-31 17:59 . 2008-03-31 17:59 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Malwarebytes
2008-03-31 17:59 . 2008-03-31 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-16 11:14 . 2008-03-16 15:12 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-16 11:13 . 2008-03-16 11:30 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\ICQ
2008-03-16 11:12 . 2008-03-16 11:26 <DIR> d-------- C:\Program Files\ICQ6
2008-03-12 20:37 . 2008-03-12 20:37 42 --a------ C:\WINDOWS\Best MP3.pls
2008-03-11 08:11 . 2008-03-11 08:11 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Ansys
2008-03-10 21:14 . 2008-03-10 21:14 <DIR> d-------- C:\b591da9cfc8dc1621edea36d3547
2008-03-10 21:13 . 2008-03-10 21:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-10 20:54 . 2008-03-10 20:54 <DIR> d-------- C:\Program Files\MEDIAactive
2008-03-10 11:06 . 2008-03-10 21:25 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-10 11:04 . 2008-03-10 11:04 <DIR> d-------- C:\Program Files\Common Files\Autodesk
2008-03-10 10:28 . 2008-03-10 10:28 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-03-10 10:28 . 2008-03-10 10:29 <DIR> d-------- C:\Program Files\AOEMView 2008
2008-03-10 10:26 . 2008-03-11 08:12 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Autodesk
2008-03-10 10:25 . 2008-03-10 10:25 <DIR> d-------- C:\Program Files\DWG TrueView 2007
2008-03-10 10:25 . 2008-03-10 10:48 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-03-10 10:25 . 2008-03-10 11:11 <DIR> d-------- C:\Program Files\Autodesk
2008-03-10 10:25 . 2008-03-11 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-10 10:24 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-10 10:24 . 2005-07-27 13:43 150,224 --a------ C:\WINDOWS\system32\RGB9Rast_1.dll
2008-03-09 20:56 . 2008-03-09 20:56 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\ICQ Toolbar
2008-03-03 21:11 . 2008-03-03 21:11 <DIR> d-------- C:\Documents and Settings\Angela Longa\Application Data\Bitdefender
2008-03-03 20:40 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Softwin
2008-03-03 20:40 . 2008-03-03 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-03 20:39 . 2008-03-03 20:40 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-03 20:29 . 2008-03-03 20:31 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 20:27 . 2008-03-03 20:27 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-03 20:06 . 2008-03-03 20:28 <DIR> d-------- C:\Program Files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-25 00:06 --------- d-----w C:\Documents and Settings\Angela Longa\Application Data\Skype
2008-03-16 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 15:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-27 10:38 --------- d-----w C:\Program Files\Windows Live
2008-02-01 15:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01 392832]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-28 19:24 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Angela Longa^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Angela Longa\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-08-16 16:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 15:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
--a------ 2004-02-27 13:29 61440 C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-28 19:24 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
--a------ 2004-05-20 12:40 188416 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\palmOne\\Hotsync.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFH WATI.sys [2005-08-22 05:06]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
S3 snpmi03;VideoCAM NB 300;C:\WINDOWS\system32\DRIVERS\snpmi03.sys [2004-01-12 18:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-23 02:29:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 18:42:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.J obDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.ex e
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
************************************************** ************************
.
Completion time: 2008-04-02 18:48:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 22:48:45
ComboFix2.txt 2008-04-02 15:04:42
Pre-Run: 31,415,083,008 bytes free
Post-Run: 31,404,118,016 bytes free
.
2008-03-12 00:09:32 --- E O F ---

Hola, Para terminar solo quedaría desinstalar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  • 
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Gracias!!!!! ... Todo bien por ahora, bueno voy a tratar de instalar el navegar que me dicen.
Muchisimas gracias de nuevo.

hola, que tal??? estaba por preguntarles algo, despues que hice lo que me dijeron con respecto a los virus, note que el indicador de volumen de mi laptop ya no aparece en pantalla, es decir, cundo subia y baja el volumen aparecia una barra indicandome el nivel de volumen, despues que hice todo para eliminar los virus ahora no me aparece la barra... que podria hacer al respecto?

Puede que alguna infección haya afectado la opciones, que se pueden solucionar desde el panel de control.

Damos este por solucionado, y abre un nuevo tema en Windows donde te ayudarán al respecto.

Saludos