Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola! ya es la segunda vez que me pongo en contacto con vostros, esta vez es por el mismo probrela que ya me solucionasteis hace 2-3 meses,
me pasa lo siguiente cuando navego con firefox o IE se abren molestas ventanas de publicidad, simpre de temas relacionados de lo que veo, por ejemplo estoy en la pagina de ONO y se abre una de jazztel, temas asi o de politonos.
he exo una examen con malwaresbytes y me sigue pasando.

os dejo el log, muchas gracias

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:07, on 03/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Administrador\AppData\Local\Octoshape\Oct oshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Administrador\AppData\Local\cgomoyg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion &pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion &pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistrarUsrDNIeCertStoreDLL] C:\Windows\system32\udcs.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Administrador\AppData\Local\Octoshape\Oc toshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cgomoyg] "c:\users\administrador\appdata\local\cgomoyg. exe" cgomoyg
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Añadir a herramienta AMV Convert… - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cristypija90.spaces.live.com/PhotoUpload/VistaMsnPUpldes-es.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: McAfee Application Installer Cleanup (0230911233651439) (0230911233651439mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\023091~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13774 bytes

Hola, sigue estos pasos:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
• Cuando termine, generará un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

gracias x contestar tan rapido, ahi os paso el log de CF





ComboFix 09-03-15.01 - Administrador 2009-03-18 11:20:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.3082.18.2047.1148 [GMT 1:00]
Running from: c:\users\Administrador\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrador\AppData\Local\gcquemo.dat
c:\users\Administrador\AppData\Local\gcquemo.exe
c:\users\Administrador\AppData\Local\gcquemo_nav.d at
c:\users\Administrador\AppData\Local\gcquemo_navps .dat

.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 09:50 . 2009-03-18 10:34 7,413 --a------ c:\windows\System32\Config.MPF
2009-03-18 09:46 . 2009-03-18 09:46 <DIR> d-------- c:\program files\McAfee.com
2009-03-18 09:46 . 2009-03-18 10:33 <DIR> d-------- c:\program files\McAfee
2009-03-18 09:46 . 2009-03-18 09:46 <DIR> d-------- c:\program files\Common Files\McAfee
2009-03-18 09:46 . 2008-10-23 13:08 130,424 --a------ c:\windows\System32\drivers\Mpfp.sys
2009-03-18 09:46 . 2009-01-09 12:03 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys
2009-03-18 09:46 . 2009-01-09 12:03 40,552 --a------ c:\windows\System32\drivers\mfesmfk.sys
2009-03-18 09:46 . 2009-01-09 12:03 35,272 --a------ c:\windows\System32\drivers\mfebopk.sys
2009-03-18 09:41 . 2009-01-09 12:03 34,216 --a------ c:\windows\System32\drivers\mferkdk.sys
2009-03-17 20:23 . 2009-03-17 20:23 <DIR> d-------- C:\Temp
2009-03-17 13:48 . 2009-03-17 13:51 <DIR> d-------- c:\users\Administrador\Proyecto Estibaliz
2009-03-14 20:25 . 2009-03-14 20:25 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-03-14 20:15 . 2009-03-14 20:15 <DIR> d-------- c:\program files\ImTOO
2009-03-13 18:13 . 2009-03-13 18:13 <DIR> d-------- c:\program files\iPod
2009-03-13 18:13 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-13 18:13 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-13 18:12 . 2009-03-13 18:13 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 18:12 . 2009-03-13 18:13 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 18:12 . 2009-03-13 18:13 <DIR> d-------- c:\program files\iTunes
2009-03-13 18:10 . 2009-03-13 18:10 <DIR> d-------- c:\program files\Bonjour
2009-03-13 18:09 . 2009-03-13 18:10 <DIR> d-------- c:\program files\QuickTime
2009-03-13 10:22 . 2009-03-13 10:22 <DIR> d-------- c:\users\Administrador\AppData\Roaming\ESET
2009-03-13 10:20 . 2009-03-13 10:20 <DIR> d-------- c:\program files\ESET
2009-03-13 09:55 . 2009-03-13 09:55 <DIR> d-------- c:\program files\Avanquest update
2009-03-12 20:11 . 2009-03-13 10:20 <DIR> d-------- c:\users\All Users\ESET
2009-03-12 20:11 . 2009-03-13 10:20 <DIR> d-------- c:\programdata\ESET
2009-03-11 18:26 . 2009-03-11 18:26 <DIR> d-------- c:\users\Administrador\AppData\Roaming\Snapfish
2009-03-11 09:34 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 09:33 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 20:10 . 2009-03-10 20:10 <DIR> d-------- c:\program files\Orange
2009-03-09 13:38 . 2009-03-09 13:38 <DIR> d-------- c:\program files\Free Video Converter
2009-03-09 13:38 . 2009-01-22 14:28 290,816 --a------ c:\windows\System32\decdll.dll
2009-03-09 13:32 . 2009-03-09 13:32 <DIR> d-------- c:\users\Administrador\AppData\Roaming\ArcSoft
2009-03-02 19:56 . 2009-03-02 19:56 <DIR> d-------- c:\program files\Radialpoint
2009-03-02 19:55 . 2009-03-02 19:55 <DIR> d-------- c:\program files\Ono
2009-02-26 09:44 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-26 09:44 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-26 09:44 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-26 09:44 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-19 10:46 . 2009-02-19 10:46 421,888 --a------ c:\windows\System32\RealMediaSplitter.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-18 10:25 --------- d-----w c:\users\Administrador\AppData\Roaming\Skype
2009-03-18 10:15 --------- d-----w c:\users\Administrador\AppData\Roaming\uTorrent
2009-03-18 09:35 --------- d-----w c:\users\Administrador\AppData\Roaming\skypePM
2009-03-18 08:56 --------- d-----w c:\users\Administrador\AppData\Roaming\Vso
2009-03-18 08:50 --------- d-----w c:\programdata\McAfee
2009-03-17 15:43 --------- d-----w c:\programdata\Google Updater
2009-03-17 11:24 --------- d-----w c:\program files\Opera
2009-03-15 11:57 --------- d-----w c:\users\Administrador\AppData\Roaming\Apple Computer
2009-03-13 17:13 --------- d-----w c:\program files\Common Files\Apple
2009-03-13 17:12 --------- d-----w c:\programdata\Apple Computer
2009-03-13 08:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 17:17 --------- d-----w c:\program files\Windows Mail
2009-03-11 08:38 --------- d-----w c:\programdata\Microsoft Help
2009-03-09 10:28 --------- d---a-w c:\programdata\TEMP
2009-03-09 10:27 --------- d-----w c:\program files\SpywareBlaster
2009-03-04 11:16 --------- d-----w c:\program files\DivX
2009-02-28 11:01 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-26 10:30 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 17:01 --------- d-----w c:\program files\Windows Live
2009-02-16 14:23 --------- d-----w c:\program files\Common Files\xing shared
2009-02-16 14:23 --------- d-----w c:\program files\Common Files\Real
2009-02-13 14:35 --------- d-----w c:\program files\SMPlayer
2009-02-11 19:11 57,344 ----a-w c:\users\Administrador\lametritonus.dll
2009-02-11 19:11 162,304 ----a-w c:\users\Administrador\lame_enc.dll
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 14:29 --------- d-----w c:\users\Administrador\AppData\Roaming\Megaupload
2009-02-09 18:43 --------- d-----w c:\program files\Google
2009-02-07 21:15 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-02-07 21:15 56 ---ha-w c:\programdata\ezsidmv.dat
2009-02-07 21:13 --------- d-----w c:\programdata\Skype
2009-02-07 21:13 --------- d-----w c:\program files\Common Files\Skype
2009-02-07 21:13 --------- d-----r c:\program files\Skype
2009-02-07 17:57 --------- d-----w c:\program files\Microsoft LifeCam
2009-02-07 15:21 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-07 15:21 --------- d-----w c:\program files\Common Files\Nokia
2009-02-07 15:19 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-07 15:15 --------- d-----w c:\program files\Nokia
2009-02-07 15:13 --------- d-----w c:\programdata\Installations
2009-02-06 18:34 308,616 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 17:06 --------- d-----w c:\users\Administrador\AppData\Roaming\WidgetLaSex taProgramas.80FDF2C7BAA82659C5D18366280C2313E1776F E1.1
2009-02-06 08:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-04 12:16 --------- d-----w c:\users\Administrador\AppData\Roaming\Malwarebyte s
2009-02-04 12:16 --------- d-----w c:\programdata\Malwarebytes
2009-02-03 09:25 --------- d-----w c:\program files\Trend Micro
2009-02-03 09:04 --------- d-----w c:\program files\Panda Security
2009-02-02 19:29 --------- d-----w c:\users\Administrador\AppData\Roaming\johnsadvent ures.com
2009-02-02 19:29 --------- d-----w c:\program files\johnsadventures.com
2009-01-28 16:53 --------- d-----w c:\programdata\Megaupload
2009-01-28 16:53 --------- d-----w c:\programdata\EmailNotifier
2009-01-24 16:57 --------- d-----w c:\program files\Movavi Video Converter 7
2009-01-22 15:56 --------- d-----w c:\program files\Microsoft
2009-01-22 15:53 --------- d-----w c:\program files\CCleaner
2009-01-20 14:07 --------- d-----w c:\programdata\Kaspersky Lab
2009-01-18 14:32 --------- d-----w c:\program files\Norton 360
2009-01-18 14:32 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-18 14:30 --------- d-----w c:\programdata\Symantec
2009-01-18 14:15 --------- d-----w c:\users\Administrador\AppData\Roaming\Symantec
2009-01-18 12:07 --------- d-----w c:\program files\iPodder
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-14 16:35 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-14 16:35 249,856 ------w c:\windows\Setup1.exe
2008-12-12 19:24 47,360 ----a-w c:\users\Administrador\AppData\Roaming\pcouffin.sy s
2008-11-29 13:07 4,740 ----a-w c:\users\Administrador\AppData\Roaming\wklnhst.dat
2008-11-09 12:10 22,328 ----a-w c:\users\Administrador\AppData\Roaming\PnkBstrK.sy s
2008-09-30 09:40 174 --sha-w c:\program files\desktop.ini
2008-03-27 20:42 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-27 20:42 32 ----a-w c:\programdata\ezsid.dat
2008-04-06 20:11 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-04-06 20:11 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-06 20:11 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
2007-09-10 16:19 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Octoshape Streaming Services"="c:\users\Administrador\AppData\Local\Oc toshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 214648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-08-24 129560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-17 92704]
"RegistrarUsrDNIeCertStoreDLL"="c:\windows\system3 2\udcs.exe" [2007-12-18 24576]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"CSO.exe"="c:\program files\Ono\Centro de Servicios\CSO.exe" [2007-11-16 2065648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{AD24A658-07B5-4801-8237-E384E5CC953B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{14B034B1-34DF-42EA-8BDC-6CFBE03681B6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5126735A-BB34-4C00-90E6-94D12A23C78C}"= UDP:c:\windows\System32\lxblcoms.exe:Lexmark Communications System
"{983D1CEA-C232-4699-AF83-E2ABFC384CB9}"= TCP:c:\windows\System32\lxblcoms.exe:Lexmark Communications System
"{31B9FA26-08D5-4354-ACBE-2542B721F65B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxb lpswx.exe:Printer Status Window
"{58017156-706C-48C5-A96D-4CD76522766D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxb lpswx.exe:Printer Status Window
"{39B16174-EF86-4C49-9204-4D7AAC4EB5D1}"= UDP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{5FE43059-3E3D-4E3A-9816-6BA29001F5B3}"= TCP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{341CAFF9-DE2C-4CCA-8841-0064B7269938}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A3082D91-DAD6-48C0-8EA6-D23D8FBD9D46}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3F515E13-9DA3-405C-91D5-C0C347D03C51}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{43590002-545B-418B-8668-1B9A5A6B50E8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{979658E2-2D7A-4780-8E18-188739E49F20}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{901A9632-595C-400D-A0A9-C8023A63232D}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{47D09B13-5CB5-433E-BC55-41FFE94B3171}"= UDP:56453:Pando P2P TCP Listening Port
"{5998612F-A690-4C28-9E78-C60785BFFD18}"= TCP:56453:Pando P2P UDP Listening Port
"{58967769-BB1F-4E89-9FFD-8F4EFE73F89F}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleil CS
"{53FE3E6A-E119-43D1-A946-69421930E93B}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleil CS
"{C7278718-37CA-42D5-9C79-A2C38F336C73}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A2FC88FC-0A05-43C2-BE53-CEC707559B63}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B0CB6294-2494-495C-A70D-86635FEE5EF7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{84F51D85-9DC3-4D3F-8506-F5265010AC43}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6B324A55-A5AE-4C54-9771-4B15AA6A9D69}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C882E333-912F-4B76-A99F-3976A48A505D}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{0523C1BE-01D2-41E2-8046-F975CC135140}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{29F88533-59D7-4B1A-8AA9-8D01E2FE9C66}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{9149196E-8165-491D-B211-EA229C957030}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{E5A54184-2C27-4666-8E41-178E4CEE52CE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3838E4FD-9319-4EED-B094-CD87AC18A592}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{9CAC7D1B-5667-4376-AB82-BB474D67A3A9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6910F949-CD87-45B1-9B4F-304C8EF856F9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E17C3026-AA1C-472F-A250-C2A596584141}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EE05DF18-11E3-4683-8FAE-F3694C56F765}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{17B5B0A9-F600-484B-9509-5D53B651C356}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboo t.sys [2009-02-03 28544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-18 210216]
S2 gupdate1c98ae5a88cb5c4;Google Update Service (gupdate1c98ae5a88cb5c4);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 19:38]

2009-03-18 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-03-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-18 c:\windows\Tasks\User_Feed_Synchronization-{E4660D6D-B329-4580-97BE-F2F1E90ECD9E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-gcquemo - c:\users\administrador\appdata\local\gcquemo.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion &pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://es.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Añadir a herramienta AMV Convert… - c:\program files\MP3 Player Utilities 3.70\AMVConverter\grab.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\WOT\WOT.dll
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
FF - ProfilePath - c:\users\Administrador\AppData\Roaming\Mozilla\Fir efox\Profiles\91i0dsoh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.es
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dl l
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 11:24:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\ADMINI~1\AppData\Local\Temp\~DF6584.tmp 16384 bytes
c:\users\ADMINI~1\AppData\Local\Temp\~DF7063.tmp 512 bytes

scan completed successfully
hidden files: 2

************************************************** ************************
.
Completion time: 2009-03-18 11:27:32
ComboFix-quarantined-files.txt 2009-03-18 10:27:29
ComboFix2.txt 2009-02-05 08:53:07

Pre-Run: 31.460.941.824 bytes libres
Post-Run: 31,423,672,320 bytes libres

306 --- E O F --- 2009-03-17 08:44:24

ComboFix ya se encargó de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría quitar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 

Esto realizara las siguientes tareas:

• Se borraran:
  • ComboFix: sus archivos y carpetas.
  • VundoFix: copias de seguridad (si está presente)
  • La carpeta C:\Deckard (si está presente)
  • La carpeta C: _OtMoveIt (si está presente)
• Restablece la configuración del reloj.
• Ocultar extensiones de archivo (si es necesario.)
• Oculta los archivos que estaban ocultos
• Reactiva el "Restaurar Sistema"

Para evitar este tipo de infecciones te recomiendo usar un navegador mas seguro como Firefox

Saludos

resuelto!, muchas gracias x segunda vez