Saludos, estaba revisando la información que aqui hay y or cierto muy buena, y me tope con este problema y desearia que me ayudaran el log de hi es

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:07, on 29/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\ProgramData\filobyhk\tmpuninc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rmlmlwxk.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\EasyPHP 2.0b1\EasyPHP.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0B59B0F4-EBA6-4C31-9052-96CD3CF3AEB5} - C:\Windows\system32\awtUNhii.dll
O2 - BHO: (no name) - {5FDB2199-3EA8-4419-9B9C-4DC01EAE08C1} - C:\Windows\system32\fCrrrSIB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\Windows\system32\pmnmlLcA.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnmlLcA.dll,#1
O4 - HKLM\..\Run: [6fe6f900] rundll32.exe "C:\Windows\system32\ecmgogha.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [L08EXLRD_29521005] "C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [okzvhsgz] C:\Windows\system32\rmlmlwxk.exe
O4 - HKLM\..\Policies\Explorer\Run: [Xy9thEQcE4] C:\ProgramData\filobyhk\tmpuninc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/link.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20 PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C7ACAC2-D5B9-4E79-8B0F-6A7E8915237C}: NameServer = 200.55.224.68 200.55.224.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C7ACAC2-D5B9-4E79-8B0F-6A7E8915237C}: NameServer = 200.55.224.68 200.55.224.67
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Administrador de Google Desktop 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11242 bytes

desearia saber a cual de los logs debo hacerle un fix checked y de ahi creo que hay como usar la info de este post http://www.forospyware.com/t160842.html

Gracias de antemano

Hola patolinec, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

• ComboFix.exe
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O2 - BHO: (no name) - {0B59B0F4-EBA6-4C31-9052-96CD3CF3AEB5} - C:\Windows\system32\awtUNhii.dll

O2 - BHO: (no name) - {5FDB2199-3EA8-4419-9B9C-4DC01EAE08C1} - C:\Windows\system32\fCrrrSIB.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\Windows\system32\pmnmlLcA.dll

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnmlLcA.dll,#1

O4 - HKLM\..\Run: [6fe6f900] rundll32.exe "C:\Windows\system32\ecmgogha.dll",b

O4 - HKCU\..\Run: [okzvhsgz] C:\Windows\system32\rmlmlwxk.exe

O4 - HKLM\..\Policies\Explorer\Run: [Xy9thEQcE4] C:\ProgramData\filobyhk\tmpuninc.exe





Paso 3- Ejecuta estas herramientas, de a una:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• Malwarebytes' Anti-Malware
• C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

Pues gracias parece haberse solucionado, u y ha tenido como un millon de archivos malos, pero tengo un problema no puedo colocar ninguna imagen de Fondo, de ningun lado le he intentado desde el panel de control, desde las propiedades de pantalla pero siempre se mantiene el fondo del escritorio negro, a qué puede deberse??

LOGS

Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 599

Tipo de examen : Examen Rápido
Objetos examinados: 29140
Tiempo transcurrido: 4 minute(s), 46 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


==========================================

ComboFix 08-04-28.2 - setecompu 2008-04-30 16:41:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.3082.18.421 [GMT -5:00]
Se ejecuta desde: C:\Users\setecompu\Downloads\ComboFix.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\FVProtect.exe
C:\Windows\System32\ahgogmce.ini
C:\Windows\System32\BISrrrCf.ini
C:\Windows\System32\BISrrrCf.ini2
C:\Windows\system32\hgcinblm.ini
C:\Windows\System32\iihNUtwa.ini
C:\Windows\System32\iihNUtwa.ini2
C:\Windows\system32\iwtutqro.ini
C:\Windows\system32\jgjvqddq.ini
C:\Windows\system32\mepxlfkh.ini
C:\Windows\System32\qfivodci.ini
C:\Windows\system32\smp
C:\Windows\system32\smp\msrc.exe
C:\Windows\system32\ssqPhGww.dll
C:\Windows\system32\wphjslqx.ini
C:\Windows\system32\xrkesqew.ini
C:\Windows\userconfig9x.dll
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp

.
(((((((((((((((((( Archivos creados desde 2008-03-28 - 2008-04-30 )))))))))))))))))))))))))))))))))
.

Ning£n archivo ha sido creado durante este intervalo de tiempo

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-30 21:58 2,383,904 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-30 21:51 28,388 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-30 21:39 --------- d-----w C:\Program Files\CCleaner
2008-04-30 21:38 --------- d-----w C:\Program Files\Yahoo!
2008-04-30 21:36 49,791 ----a-w C:\Users\setecompu\AppData\Roaming\nvModes.dat
2008-04-30 21:02 --------- d-----w C:\Users\setecompu\AppData\Roaming\Malwarebytes
2008-04-30 16:57 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-30 15:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-30 02:58 --------- d-----w C:\Users\setecompu\AppData\Roaming\Skype
2008-04-29 22:15 --------- d-----w C:\Users\setecompu\AppData\Roaming\skypePM
2008-04-29 15:29 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-29 15:29 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 22:54 --------- d-----w C:\Program Files\Trafficware
2008-04-24 18:04 --------- d-----w C:\ProgramData\Roxio
2008-04-23 22:59 --------- d-----w C:\Program Files\Panda Security
2008-04-23 22:22 20,281 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat
2008-04-23 18:47 --------- d-----w C:\Users\setecompu\AppData\Roaming\Winamp
2008-04-23 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 15:02 --------- d-----w C:\Program Files\Microsoft Games
2008-04-23 13:58 177 ----a-w C:\DelUS.bat
2008-04-23 13:58 --------- d-----w C:\Program Files\Goldshell
2008-04-23 13:55 --------- d-----w C:\ProgramData\filobyhk
2008-04-21 19:53 --------- d-----w C:\Users\setecompu\AppData\Roaming\Notepad++
2008-04-21 19:13 --------- d-----w C:\Program Files\Notepad++
2008-04-16 14:21 --------- d-----w C:\Program Files\ExcelMySQlConverterDemo
2008-04-16 14:21 --------- d-----w C:\Program Files\Excel MySQL Import, Export & Convert Software
2008-04-16 08:07 98,304 ----a-w C:\Windows\npqtsrak.exe
2008-04-16 08:07 290,816 ----a-w C:\Windows\pmsoarbf.dll
2008-04-14 16:12 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-14 16:12 --------- d-----w C:\Program Files\Common Files\Real
2008-04-14 16:11 --------- d-----w C:\Program Files\Real
2008-04-12 18:21 --------- d-----w C:\Program Files\coolpro2
2008-04-11 19:39 --------- d-----w C:\Program Files\Winamp
2008-04-07 04:41 --------- d-----w C:\Program Files\Wondershare
2008-04-06 20:02 --------- d-----w C:\Program Files\SecondLife
2008-04-06 20:01 --------- d-----w C:\Users\setecompu\AppData\Roaming\SecondLife
2008-03-31 17:29 --------- d-----w C:\Program Files\Kayako
2008-03-29 16:26 --------- d-----w C:\Program Files\TOSHIBA Games
2008-03-29 16:26 --------- d-----w C:\Program Files\HP Games
2008-03-19 20:28 --------- d-----w C:\ProgramData\WildTangent
2008-03-19 17:30 --------- d-----w C:\Users\setecompu\AppData\Roaming\PlayFirst
2008-03-19 16:00 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-03-17 21:08 --------- d-----w C:\Program Files\Research In Motion
2008-03-10 14:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-07 19:57 --------- d-----w C:\Users\setecompu\AppData\Roaming\WildTangent
2008-03-06 16:59 --------- d-----w C:\Users\setecompu\AppData\Roaming\JOSM
2008-03-05 19:34 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-08 23:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-01-21 23:43 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-21 23:43 32 ----a-w C:\ProgramData\ezsid.dat
2007-12-01 19:02 3,430 ----a-w C:\Windows\inf\.NET Data Provider for MySQL\000A\tmp1F83.tmp
2007-12-01 19:02 3,430 ----a-w C:\Windows\inf\.NET Data Provider for MySQL\0009\tmp1F83.tmp
2007-12-01 19:02 3,430 ----a-w C:\Windows\inf\.NET Data Provider for MySQL\0000\tmp1F83.tmp
2006-11-02 12:48 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"L08EXLRD_29521005"="C:\Program Files\Microsoft Student\Microsoft Student con Encarta Premium 2008 DVD\EDICT.exe" [2007-05-23 13:00 351000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-22 08:48 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-26 14:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-26 14:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-02-26 14:26 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 22:36 827392]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 16:11 49152]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 10:45 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 04:28 180224]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 04:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 06:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 09:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-30 18:47 77824]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 13:49 36352]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-11 09:08 29744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48 479232]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 09:17:50 113664]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-20 10:39:40 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{20A31806-0987-4FE1-9F63-54FB0DC2707B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1826F11A-C351-469A-A53D-784959CD14BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C20CE4A2-AAC0-4E4D-88DC-24A7D3EEAB26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4475FA8B-EE83-4D7E-83A6-D9D207B7EB9F}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{3AA39E47-8EB8-42BB-B237-E711621917CB}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{4329D511-1721-44FE-919C-4D7D37C8C611}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{74176B2A-CF71-4C40-B7D2-9731B6A97F42}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{40A8B83C-6EB1-4509-8CF3-31D45AF38AE7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{CDE05261-07F2-408C-A5FC-AE2C378741BE}C:\\users\\setecompu\\desktop\\nico_f tp.exe"= UDP:C:\users\setecompu\desktop\nico_ftp.exe:nico_f tp.exe
"UDP Query User{A284D121-8C1E-4927-B53E-EB227E007A35}C:\\users\\setecompu\\desktop\\nico_f tp.exe"= TCP:C:\users\setecompu\desktop\nico_ftp.exe:nico_f tp.exe
"TCP Query User{2C3F4992-967A-4FDC-982C-EF162DD0575D}C:\\xampp\\apache\\bin\\apache.exe"= UDP:C:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{2BA0CDC6-B89C-4833-A4B5-C4E40A366F4C}C:\\xampp\\apache\\bin\\apache.exe"= TCP:C:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{E0E0053A-24E9-4B5B-9F26-ABEBDCA0A261}C:\\program files\\globalscape\\cuteftp professional\\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp professional\ftpte.exe:FTP Transfer Engine
"UDP Query User{E80FD45B-810C-4F31-9B28-A5CEF532F36F}C:\\program files\\globalscape\\cuteftp professional\\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp professional\ftpte.exe:FTP Transfer Engine
"TCP Query User{E548D37A-EF74-430C-AD50-8AD7EE5EECB0}C:\\users\\setecompu\\desktop\\nueva carpeta\\nico_ftp.exe"= UDP:C:\users\setecompu\desktop\nueva carpeta\nico_ftp.exe:nico_ftp.exe
"UDP Query User{0F30D0EB-2B50-4AC2-9799-CF20EB363021}C:\\users\\setecompu\\desktop\\nueva carpeta\\nico_ftp.exe"= TCP:C:\users\setecompu\desktop\nueva carpeta\nico_ftp.exe:nico_ftp.exe
"TCP Query User{374A04AF-A800-4945-BE52-9E2D463299C1}C:\\program files\\kayako\\liveresponse\\liveresponse.exe"= UDP:C:\program files\kayako\liveresponse\liveresponse.exe:LiveRes ponse
"UDP Query User{07C7AEA9-EB3D-4E72-AC15-03BDB93DD76C}C:\\program files\\kayako\\liveresponse\\liveresponse.exe"= TCP:C:\program files\kayako\liveresponse\liveresponse.exe:LiveRes ponse
"TCP Query User{659458FF-91C8-4B3A-8B3B-89D3DF42814E}C:\\program files\\kayako\\liveresponse\\liveresponse.exe"= UDP:C:\program files\kayako\liveresponse\liveresponse.exe:LiveRes ponse
"UDP Query User{3761A79B-FEA4-4078-BFCB-ED771EC60DEC}C:\\program files\\kayako\\liveresponse\\liveresponse.exe"= TCP:C:\program files\kayako\liveresponse\liveresponse.exe:LiveRes ponse
"{D71B83E1-8B35-4990-A079-E84A26D4C6A4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2AA0EA69-7E01-44AD-BCA3-2CC5B6AB07A9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{62C5DCC2-92B1-47D2-8D33-AD579796BFF9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{70599CBA-9223-48CF-BA09-58BE43D8473B}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-08-04 12:39]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 11:50]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe []
S3 BCM43XV;Controlador de adaptador de red 802.11 extensible Broadcom;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 10:43]
S3 GoogleDesktopManager-010108-205858;Administrador de Google Desktop 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-11 09:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1f3af61c-a4e2-11dc-a227-001b248c6ceb}]
\shell\AutoRun\command - H:\nideiect.com
\shell\explore\Command - H:\nideiect.com
\shell\open\Command - H:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2a3bfb68-bcb5-11dc-88dc-001b248c6ceb}]
\shell\AutoRun\command - G:\xn1i9x.com
\shell\explore\Command - G:\xn1i9x.com
\shell\open\Command - G:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4902f371-9d41-11dc-9996-001b248c6ceb}]
\shell\AutoRun\command - G:\nideiect.com
\shell\explore\Command - G:\nideiect.com
\shell\open\Command - G:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{528d4b75-beab-11dc-84dd-001b248c6ceb}]
\shell\AutoRun\command - F:\nideiect.com
\shell\explore\Command - F:\nideiect.com
\shell\open\Command - F:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5fa2ff99-b5ac-11dc-83a5-001b248c6ceb}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{729c8a4c-eeae-11dc-ad4d-001b248c6ceb}]
\shell\AutoRun\command - G:\vt6e.cmd
\shell\explore\Command - G:\vt6e.cmd
\shell\open\Command - G:\vt6e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7388f2b2-9718-11dc-a3e0-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7388f38f-9718-11dc-a3e0-001b248c6ceb}]
\shell\Auto\command - F:\adp.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7388f393-9718-11dc-a3e0-001b248c6ceb}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a6a8ca52-a35d-11dc-a66e-001b248c6ceb}]
\shell\AutoRun\command - G:\dp.cmd
\shell\explore\Command - G:\dp.cmd
\shell\open\Command - G:\dp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b623ed34-9763-11dc-b3d0-001b248c6ceb}]
\shell\AutoRun\command - G:\Index_Guzman.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c5960f02-e0a2-11dc-9b25-001b248c6ceb}]
\shell\AutoRun\command - G:\xn1i9x.com
\shell\explore\Command - G:\xn1i9x.com
\shell\open\Command - G:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ce5830a5-a1ab-11dc-a0bb-001b248c6ceb}]
\shell\AutoRun\command - G:\t.exe
\shell\explore\Command - G:\t.exe
\shell\open\Command - G:\t.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db8e37f0-adcf-11dc-a1d9-001b248c6ceb}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e0d63b42-f5cc-11dc-9abc-001b248c6ceb}]
\shell\Auto\command - G:\auto.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe
\shell\explore\Command - G:\p3r1ud.exe
\shell\open\Command - G:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ef5246cc-b5c4-11dc-bf7e-001b248c6ceb}]
\shell\AutoRun\command - F:\copetttt.com
\shell\explore\Command - F:\copetttt.com
\shell\open\Command - F:\copetttt.com

.
Contenido de carpeta 'Tareas Programadas'
"2008-04-30 15:08:46 C:\Windows\Tasks\User_Feed_Synchronization-{E7294C69-0F70-4233-A0DF-10A92ABD4BBF}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 16:59:17
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 35

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\PROGRA~1\EASYPH~1.0B1\apache\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\EASYPH~1.0B1\apache\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Tiempo completado: 2008-04-30 17:08:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 22:08:17
ComboFix2.txt 2008-04-30 21:39:27

El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
El sistema no puede encontrar el texto del mensaje para el mensaje n£mero 0x2379 en el archivo de mensajes para Application.

273 --- E O F --- 2007-11-24 14:22:47

Hola, descarga y ejecuta nuestra herramienta llamada DelPSGuard, reinicia y nos contas...

Salu2