Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

HOLA a todos nuevamente atacado por vundo en fin e seguido algunos pasos,
ahi les dejo log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:38, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.latam.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.latam.msn.com/0SEESXL/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,SKEYS /I,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LGPCSuiteLanucher] "C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anacaramelli.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anacaramelli.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 13467 bytes

ya e pasado el cclenear y borrado los cookies..que hago ahora??

Hola leon7.

Antes de comenzar te cuento que ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso. Si luego de dejarnos los nuevos reporten pasaran mas de 48hrs y no obtengas otra respuesta de mi parte, me puedes enviar un MP (Mensaje Privado) de recordatorio.

Vamos a comenzar por estos pasos:

• Paso 1- Descarga, instala y actualiza las siguientes herramientas:
  • CCleaner // Manual de uso.
  • Malwarebytes' Anti-Malware // Manual de uso.
  
  
• Paso 2- Ejecuta CCleaner para hacerle una limpieza de cookies, archivos temporales eh innecesarios para mejorar el rendimiento de tu equipo y generar reportes mas limpios. (no necesitamos este reporte)
  
  
• Paso 3- Ejecuta Malwarebytes' Anti-Malware (MBAM) y selecciona todo lo que este encuentre para luego presionar el botón de "Quitar lo Seleccionado" y así mandarlo a cuarentena.
  
  
• Paso 4- Reinicia tu PC, y vuelve a generar un nuevo reporte de HijackThis 2.0.2 para pegarlo junto con el reporte de MBAM en este mismo mensaje contándonos si hubiera habido alguna mejora en el problema o rendimiento del equipo.

Por ultimo te recomiendo suscribirte al feed de nuestro Blog de InfoSpyware para estar al tanto de las nuevas amenazas que circulan por la red y así en un futuro puedas prevenirlas.



No te olvides de volver a dejarnos los reportes para continuar con el tema....

Salu2

Hola gracias por responderme, y te doy las gracias de ante mano, y no fue mi intencion ,unicamnete es que me desespero un poco por el tema que se me rompa
el pc.....
ahi te dejo los informes a ver que me dices..
le he pasado el norton y no dectecto nada, le he pasado el biodefender y detecto el troyano generic,,, ahora que hago???

Malwarebytes' Anti-Malware 1.31
Versión de la Base de Datos: 1500
Windows 5.1.2600 Service Pack 2

16/12/2008 19:48:04
mbam-log-2008-12-16 (19-48-04).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 141548
Tiempo transcurrido: 3 hour(s), 12 minute(s), 20 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:36, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.latam.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.latam.msn.com/0SEESXL/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,SKEYS /I,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LGPCSuiteLanucher] "C:\Program Files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anacaramelli.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://anacaramelli.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 10723 bytes

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Salu2

gracias por tu tiempo


ComboFix 08-12-16.03 - leo 2008-12-17 19:48:14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.449 [GMT 1:00]
Se ejecuta desde: c:\documents and settings\leo\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\leo\Application Data\FunWebProducts
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\fnfpbdhs.ini
c:\windows\system32\grosssnq.ini
c:\windows\system32\ixgdfyyu.ini
c:\windows\system32\jqsrdwmu.ini
c:\windows\system32\lgeybotl.ini
c:\windows\system32\mgupuvcb.ini
c:\windows\system32\qeytpgcv.ini
c:\windows\system32\rfrjyrpx.ini
c:\windows\system32\unmbafau.ini
c:\windows\system32\vvktjglf.ini
c:\windows\system32\xspwrxhb.ini
c:\windows\system32\xuooafsh.ini
c:\windows\system32\ysuxspbs.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Servicios )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P
-------\Legacy_IPRIP
-------\Service_Iprip


(((((((((((((((((( Archivos creados desde 2008-11-17 - 2008-12-17 )))))))))))))))))))))))))))))))))
.

2008-12-17 19:58 . <DIR> c:\program files\temp
2008-12-17 19:30 . <DIR> c:\windows\LastGood.Tmp
2008-12-17 11:05 . 2008-12-17 17:27 16 --a------ c:\windows\system32\coh.cache
2008-12-17 01:53 . 2008-12-17 01:53 <DIR> d-------- c:\program files\Norton Internet Security
2008-12-17 01:51 . 2008-12-17 14:31 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-17 01:51 . 2008-12-17 14:31 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-17 01:51 . 2008-12-17 14:31 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-17 01:51 . 2008-12-17 14:31 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-17 00:21 . 2008-12-17 00:21 <DIR> d-------- c:\documents and settings\ana\Application Data\BitDefender
2008-12-16 23:53 . 2008-12-16 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-15 13:25 . 2008-12-15 13:26 <DIR> d-------- C:\VundoFix Backups
2008-12-14 20:11 . 2008-12-14 20:11 121 --a------ c:\windows\bdagent.INI
2008-12-14 19:43 . 2008-12-14 19:43 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 01:32 . 2008-12-14 01:32 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-14 01:32 . 2008-12-14 01:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 01:31 . 2008-12-14 01:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 01:31 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 01:31 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 01:30 . 2008-12-14 01:30 <DIR> d-------- c:\program files\CCleaner
2008-12-13 17:17 . 2008-12-13 17:15 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-13 17:14 . 2008-12-13 17:14 <DIR> d-------- c:\documents and settings\leo\.housecall6.6
2008-12-13 17:01 . 2008-12-13 17:01 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-13 17:01 . 2008-12-14 20:10 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-13 16:36 . 2008-12-13 16:36 <DIR> d-------- c:\program files\BitDefender
2008-12-13 16:36 . 2008-12-13 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2008-12-13 16:34 . 2008-12-13 16:34 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-12-13 00:48 . 2008-12-13 00:48 <DIR> d-------- c:\windows\Sun
2008-12-13 00:31 . 2008-12-13 00:31 <DIR> d-------- c:\program files\Java
2008-12-13 00:31 . 2008-12-13 00:31 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-13 00:31 . 2008-12-13 00:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-12 18:12 . 2008-12-12 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-12 17:13 . 2008-12-12 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2008-12-12 14:04 . 2008-12-12 14:04 <DIR> d-------- c:\program files\Panda Security
2008-12-01 23:59 . 2008-12-01 23:59 <DIR> d--h----- C:\LG3G
2008-11-27 23:56 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-27 23:56 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-27 23:55 . 2008-11-27 23:55 <DIR> d-------- c:\program files\iTunes
2008-11-27 23:55 . 2008-11-27 23:55 <DIR> d-------- c:\program files\iPod
2008-11-27 23:55 . 2008-11-27 23:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 23:54 . 2008-11-27 23:54 <DIR> d-------- c:\program files\QuickTime
2008-11-27 23:51 . 2008-11-27 23:51 <DIR> d-------- c:\documents and settings\leo\Application Data\Macrovision
2008-11-27 17:14 . 2007-10-15 16:27 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys
2008-11-27 17:14 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-27 17:13 . 2008-11-27 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-11-21 16:52 . 2008-11-21 16:52 <DIR> d-------- c:\program files\MP3Gain

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-11-13 18:22 --------- d-----w c:\documents and settings\leo\Application Data\ImTOO Software Studio
2008-11-13 18:20 --------- d-----w c:\program files\ImTOO
2008-11-10 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-10 15:56 --------- d-----w c:\program files\Apple Software Update
2008-11-10 15:54 --------- d-----w c:\program files\Common Files\Apple
2008-11-07 23:59 --------- d-----w c:\documents and settings\leo\Application Data\LG Electronics
2008-11-07 23:48 --------- d-----w c:\program files\LG Electronics
2008-11-07 23:44 --------- d-----w c:\program files\LG PC Suite 2
2008-11-07 17:14 --------- d-----w c:\program files\Sony Ericsson
2008-11-07 17:14 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-11-07 17:13 --------- d-----w c:\documents and settings\leo\Application Data\InstallShield
2008-11-07 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-27 16:50 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-27 16:48 --------- d-----w c:\program files\Common Files\Adobe
2008-10-27 16:42 --------- d-----w c:\program files\NOS
2008-10-27 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-18 17:15 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-17 01:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-09-14 09:48 753,152 --sha-w c:\program files\ehthumbs.db
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"LGPCSuiteLanucher"="c:\program files\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" [2007-08-31 2637824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\leo\Start Menu\Programs\Startup\
Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-21 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-19 45056]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\\WINDOWS\\system32\\userinit.exe,,S KEYS /I"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-06-11 05:51 53248 c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonBar]
--a------ 2006-09-08 11:49 245760 c:\windows\BUtilityBar\BisonBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 22:59 115816 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-10 04:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-08-08 14:15 634880 c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-10 04:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2006-05-15 11:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-20 20:58 7581696 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--------- 2006-07-20 05:58 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-01-14 00:11 771704 c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-10 04:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-10 04:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\preload]
--a------ 2005-05-19 17:09 32768 c:\windows\RUNXMLPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-01-07 02:36 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 23:33 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 04:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 20:58 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-21 02:56 16261632 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 04:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBAMSvc"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"Arrakis3"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"17031:TCP"= 17031:TCP:eMule Plus
"17038:UDP"= 17038:UDP:eMule Plus

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\ c:\windows\system32\eLock2BurnerLockDriver.sys [2006-12-19 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows \system32\eLock2FSCTLDriver.sys [2006-12-19 90112]
R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p []
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-11-30 554352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\pro gram files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-17 99376]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-27 33752]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2007-04-13 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2007-04-13 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2007-04-13 97184]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2007-04-13 86560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{21dfdadb-bc9e-11dd-bd32-0016d34b3bfe}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

*Newly Created Service* - COMHOST
.
Contenido de carpeta 'Tareas Programadas'

2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-17 c:\windows\Tasks\Norton Internet Security - Análisis de todo el sistema - leo.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 02:09]
.
- - - - HUÉRFANOS ELIMINADOS - - - -

MSConfigStartUp-CtrlMod15 - c:\docume~1\leo\LOCALS~1\TEMP\ctrlAT15.exe
MSConfigStartUp-hcenter - c:\program files\Support.com\bin\tgcmd.exe
MSConfigStartUp-kgsystray - c:\program files\Kuma Games\kgsystray\Kuma_tray.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-tcactive - c:\program files\The Cleaner\tca.exe
MSConfigStartUp-tcmonitor - c:\program files\The Cleaner\tcm.exe


.
------- Análisis Suplementario -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
IE: &Search
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
FF - ProfilePath - c:\documents and settings\leo\Application Data\Mozilla\Firefox\Profiles\uiogj8ms.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - plugin: c:\documents and settings\leo\Application Data\Mozilla\Firefox\Profiles\uiogj8ms.default\ext ensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 19:56:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Empowering Technology\eLock\LockServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\skeys.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\ehome\mcrdsvc.exe
c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Tiempo completado: 2008-12-17 20:00:30 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-12-17 19:00:24

Pre-Run: 2.454.880.256 bytes free
Post-Run: 2,837,446,656 bytes libres

349 --- E O F --- 2008-12-15 21:47:21

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ?

Salu2