Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola de nuevo

Mi pc anda con unos problemillas por este par de intrusos,


26/03/2009 08:07:38 p.m. Intrusion.Win.NETAPI.buffer-overflow.exploit! Dirección IP del atacante: 190.159.179.225. Protocolo/servicio: TCP en puerto local 445. Hora: 26/03/2009 08:07:38 p.m.


26/03/2009 08:18:48 p.m. Intrusion.Win.MSSQL.worm.Helkern! Dirección IP del atacante: 94.240.205.63. Protocolo/servicio: UDP en puerto local 1434. Hora: 26/03/2009 08:18:48 p.m.


Ademas, cada vez que inserto cualquier memoria USB me la detecta como contaminada:

no encontrado: virus Worm.Win32.AutoRun.enk Fichero: H:\autorun.inf


mi Log the HJT es el siguiente, gracias de antemano:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:33 p.m., on 30/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217875483593
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} (LMAgent Control) - http://69.59.182.1/downloads/LearnMateAgent.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10382 bytes

Hola, Vamos a comenzar por estos pasos:

• Paso 1- Descarga, instala y actualiza las siguientes herramientas:
  • CCleaner // Manual de uso.
  • Malwarebytes' Anti-Malware // Manual de uso.
• Paso 2- Ejecuta CCleaner para hacerle una limpieza de cookies, archivos temporales e innecesarios para mejorar el rendimiento de tu equipo y generar reportes mas limpios.(NO necesitamos este reporte)
  
• Paso 3- Ejecuta Malwarebytes' Anti-Malware (MBAM) y selecciona todo lo que este encuentre para luego presionar el botón de "Quitar lo Seleccionado" y así mandarlo a cuarentena.
  
• Paso 4- Reinicia tu PC, y vuelve a generar un nuevo reporte de HijackThis 2.0.2 para pegarlo junto con el reporte de MBAM en este mismo mensaje contándonos si hubiera habido alguna mejora en el problema o rendimiento del equipo.

Por ultimo te recomiendo suscribirte al feed de nuestro Blog de InfoSpyware para estar al tanto de las nuevas amenazas que circulan por la red y así en un futuro puedas prevenirlas.


No te olvides de volver a dejarnos los reportes para continuar con el tema....

Saludos

Gracias GPastor, que pena la demora

Luego del escaneo no mejoro en nada, ni con CCleaner, lo unico que detectó fue lo de Actualizaciones Automaticas que no esta activado, de resto nada, mi pc sigue igual con el problema de la USB y win32.Autorun.enk (al insertar la USB aparece como si viniera infectada cuando no) al igual que los ataques de win.netapi, worm.helkern y otro que no recuerdo el nombre, de ahi que cada vez que inicio mi laptop me aparece esto en mensaje:

Generic Host Process for Win32 Services has encountered a problem and needs to close

La Firma del error es esta:

szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : unknown
szModVer : 0.0.0.0 offset : 6fdc17c2

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER44a1.dir00\s vchost.exe.mdmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER44a1.dir00\a ppcompat.txt

El informe de HJT y MBAM aca van, Gracias de antemano:

Malwarebytes' Anti-Malware 1.35
Database version: 1934
Windows 5.1.2600 Service Pack 2

04/04/2009 12:34:34 a.m.
mbam-log-2009-04-04 (00-34-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 168771
Time elapsed: 54 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:34 a.m., on 04/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217875483593
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} (LMAgent Control) - http://69.59.182.1/downloads/LearnMateAgent.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10290 bytes

Sigue estos pasos:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
• Cuando termine, generará un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Hola GPastor

Sigo recibiendo ataques, este ultimo de win.NETAPI.buffer-overflow, hasta el momento, nada del resto, y bueno, acabo de conectar mi USB y sale worm.win32.autorun.enk, este siempre sale cada vez que conecto cualquier USB, pareciese como si estuviera listo a atacar lo que conecto al PC. El log de ComboFix es el siguiente, gracias :D :

ComboFix 09-04-04.01 - Administrator 2009-04-04 21:37:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.606 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-02 13:59 . 2009-04-02 13:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 13:59 . 2009-04-02 13:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-02 13:59 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 13:59 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 13:58 . 2009-04-02 14:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 20:14 . 2009-03-29 20:14 <DIR> d-------- c:\program files\VSTplugins
2009-03-29 20:13 . 2009-03-29 20:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Publish Providers
2009-03-29 20:12 . 2009-03-29 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sony
2009-03-29 20:10 . 2009-03-29 20:10 <DIR> d-------- c:\program files\Sony Setup
2009-03-29 20:10 . 2009-03-29 20:10 <DIR> d-------- c:\program files\Sony
2009-03-26 23:34 . 2009-03-26 23:34 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 19:12 . 2006-07-14 10:31 332,288 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-16 07:03 . 2009-03-16 07:03 <DIR> d-------- c:\program files\BestGameEver
2009-03-08 10:22 . 2009-03-08 10:22 286 --a------ c:\windows\Endorfun.ini
2009-03-08 10:18 . 2009-03-08 10:18 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-08 10:18 . 1995-08-02 04:04 258,560 --a------ c:\windows\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-05 02:40 37,972,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-05 02:40 1,288,736 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-05 02:34 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-05 02:31 508,820 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-05 02:31 121,532 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-05 02:18 --------- d-----w c:\program files\eMule
2009-04-04 05:17 --------- d-----w c:\program files\Winamp
2009-03-08 14:50 --------- d-----w c:\program files\SpeedFan
2009-02-25 08:17 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-25 08:14 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-25 08:14 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-24 08:53 --------- d-----w c:\program files\Google
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-10-14 08:01 0 -c--a-w c:\documents and settings\Administrator\Application Data\wklnhst.dat
2008-03-31 01:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-01-02 17:22 3,760 ----a-w c:\documents and settings\Administrator\Application Data\mindhabits.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-20 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-16 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-29 7577600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-06-29 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-01 413696]
"nwiz"="nwiz.exe" [2006-06-29 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-16 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ares"="c:\program files\Ares\Ares.exe" -h
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\is uspm.exe -startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Intelitek\\RoboCell E-Learning\\bin\\Scorbase.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9fcb9029-fd9d-11dd-be74-001636b1b1fd}]
\Shell\AutoRun\command - h:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
\Shell\open\command - h:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{X9OBC5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]

2009-04-05 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} - hxxp://69.59.182.1/downloads/LearnMateAgent.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6uo8434r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6uo8434r.default\ext ensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD77 9-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 21:41:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???PW??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1596)
c:\windows\system32\klogon.dll
.
Completion time: 2009-04-04 21:42:36
ComboFix-quarantined-files.txt 2009-04-05 02:42:33
ComboFix2.txt 2009-03-26 17:57:17

Pre-Run: 1,550,974,976 bytes free
Post-Run: 1,711,304,704 bytes libres

165

Inserta tu memoria USB que está infectada y sigue estos pasos:

1.-Abrir el Notepad

• Clic en INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

3.- Graba este archivo en el Escritorio con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

Gracias GPastor


mmmm.... no se si quedo solucionado el problema porque acaba de ocurrir algo. Primero que todo el pc seguia molestando y me parecio que en una ocasion que tuve una infeccion similar la solucion fue la actualizacion del equipo (No me gusta mantener el pc con actualizaciones automaticas debido a que he tenido problemas con estas en ocasiones anteriores) y cuando las busque me ofrecian el Service Pack 3 de Win XP y pues luego de instalar las otras actualizaciones criticas supuestamente el SP3 se instaló en el equipo, luego de reiniciar no ocurrio nada, cero infecciones y mejoro todo, la USB la inserte tal como ud dijo, y no ocurrio nada como pensé que sucederia, aun asi hice lo de Combofix y listo, ahora lo que paso es que inserté otra USB y tenia el mismo Autorun.enk y lo detectó KIS 7, sino que esta vez no se replicó el virus como lo hacia antes. Repito el procedimiento de CF? o sera que con la actualizacion el problema quedó resuelto de raiz? Aun asi, el informe de HJT es el siguiente, y el de CF tambien, pero este antes de insertar mi 2da USB que estaba infectada. Gracias:


ComboFix 09-04-04.01 - Administrator 2009-04-06 14:07:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.594 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-06 14:05 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-05 23:47 . 2009-04-05 23:47 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-05 23:47 . 2009-04-05 23:47 <DIR> d-------- c:\program files\MSXML 4.0
2009-04-05 23:26 . 2009-04-05 23:26 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-05 22:49 . 2006-08-21 05:14 128,896 --------- c:\windows\system32\dllcache\fltmgr.sys
2009-04-05 22:49 . 2006-08-21 05:14 23,040 --------- c:\windows\system32\dllcache\fltmc.exe
2009-04-05 22:49 . 2006-08-21 08:21 16,896 --------- c:\windows\system32\dllcache\fltlib.dll
2009-04-05 22:26 . 2009-04-05 23:54 1,355 --a------ c:\windows\imsins.BAK
2009-04-05 21:40 . 2007-07-09 09:16 582,656 --------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-05 21:37 . 2007-03-17 09:43 292,864 --------- c:\windows\system32\dllcache\winsrv.dll
2009-04-05 21:33 . 2007-11-07 05:26 721,920 --------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-05 21:33 . 2006-08-17 08:28 132,096 --------- c:\windows\system32\dllcache\wkssvc.dll
2009-04-05 21:32 . 2006-07-21 04:24 72,704 --------- c:\windows\system32\dllcache\hlink.dll
2009-04-05 21:20 . 2008-06-13 09:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-04-05 21:20 . 2008-06-13 09:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-04-05 21:14 . 2008-08-14 06:00 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-05 21:14 . 2008-08-14 05:58 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-05 21:14 . 2008-08-14 05:22 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-05 21:14 . 2008-08-14 05:22 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-05 21:10 . 2006-03-20 23:23 23,040 --------- c:\windows\kb913800.exe
2009-04-05 21:06 . 2008-05-08 08:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys
2009-04-05 21:05 . 2008-12-11 07:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-04-05 21:05 . 2008-05-01 10:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-04-05 20:59 . 2008-09-04 12:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-04-05 20:29 . 2009-04-05 20:29 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-04-05 12:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-04-02 14:59 . 2009-04-02 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 14:59 . 2009-04-02 14:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-02 14:59 . 2009-03-26 17:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 14:59 . 2009-03-26 17:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 14:58 . 2009-04-02 15:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 21:14 . 2009-03-29 21:14 <DIR> d-------- c:\program files\VSTplugins
2009-03-29 21:13 . 2009-03-29 21:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Publish Providers
2009-03-29 21:12 . 2009-03-29 21:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sony
2009-03-29 21:10 . 2009-03-29 21:10 <DIR> d-------- c:\program files\Sony Setup
2009-03-29 21:10 . 2009-03-29 21:10 <DIR> d-------- c:\program files\Sony
2009-03-27 00:34 . 2009-03-27 00:34 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 20:12 . 2008-10-15 12:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-16 08:03 . 2009-03-16 08:03 <DIR> d-------- c:\program files\BestGameEver
2009-03-08 11:22 . 2009-03-08 11:22 286 --a------ c:\windows\Endorfun.ini
2009-03-08 11:18 . 2009-03-08 11:18 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-08 11:18 . 1995-08-02 05:04 258,560 --a------ c:\windows\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-06 18:12 39,461,664 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-06 18:12 1,390,880 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-06 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-06 18:10 529,412 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-06 18:10 131,372 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-05 19:14 --------- d-----w c:\program files\eMule
2009-04-05 17:37 --------- d-----w c:\program files\SpeedFan
2009-04-04 05:17 --------- d-----w c:\program files\Winamp
2009-02-25 08:17 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-25 08:14 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-25 08:14 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-24 08:53 --------- d-----w c:\program files\Google
2008-10-14 08:01 0 -c--a-w c:\documents and settings\Administrator\Application Data\wklnhst.dat
2008-03-31 01:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-01-02 17:22 3,760 ----a-w c:\documents and settings\Administrator\Application Data\mindhabits.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-16 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-29 7577600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-06-29 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-01 413696]
"nwiz"="nwiz.exe" [2006-06-29 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-16 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ares"="c:\program files\Ares\Ares.exe" -h
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\is uspm.exe -startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Intelitek\\RoboCell E-Learning\\bin\\Scorbase.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2009-04-06 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} - hxxp://69.59.182.1/downloads/LearnMateAgent.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6uo8434r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6uo8434r.default\ext ensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD77 9-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 14:12:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???HO??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\�•€|ÿÿÿÿ"•€|þ»Ôw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1604)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1664)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-04-06 14:16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 18:16:51
ComboFix2.txt 2009-04-05 02:42:37

Pre-Run: 372,903,936 bytes free
Post-Run: 384,966,656 bytes libres

216
--------------------------------------------------------------------------------------------------------------------------


ComboFix 09-04-04.01 - Administrator 2009-04-06 14:07:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.594 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-06 14:05 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-05 23:47 . 2009-04-05 23:47 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-05 23:47 . 2009-04-05 23:47 <DIR> d-------- c:\program files\MSXML 4.0
2009-04-05 23:26 . 2009-04-05 23:26 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-05 22:49 . 2006-08-21 05:14 128,896 --------- c:\windows\system32\dllcache\fltmgr.sys
2009-04-05 22:49 . 2006-08-21 05:14 23,040 --------- c:\windows\system32\dllcache\fltmc.exe
2009-04-05 22:49 . 2006-08-21 08:21 16,896 --------- c:\windows\system32\dllcache\fltlib.dll
2009-04-05 22:26 . 2009-04-05 23:54 1,355 --a------ c:\windows\imsins.BAK
2009-04-05 21:40 . 2007-07-09 09:16 582,656 --------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-05 21:37 . 2007-03-17 09:43 292,864 --------- c:\windows\system32\dllcache\winsrv.dll
2009-04-05 21:33 . 2007-11-07 05:26 721,920 --------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-05 21:33 . 2006-08-17 08:28 132,096 --------- c:\windows\system32\dllcache\wkssvc.dll
2009-04-05 21:32 . 2006-07-21 04:24 72,704 --------- c:\windows\system32\dllcache\hlink.dll
2009-04-05 21:20 . 2008-06-13 09:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-04-05 21:20 . 2008-06-13 09:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-04-05 21:14 . 2008-08-14 06:00 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-05 21:14 . 2008-08-14 05:58 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-05 21:14 . 2008-08-14 05:22 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-05 21:14 . 2008-08-14 05:22 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-05 21:10 . 2006-03-20 23:23 23,040 --------- c:\windows\kb913800.exe
2009-04-05 21:06 . 2008-05-08 08:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys
2009-04-05 21:05 . 2008-12-11 07:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-04-05 21:05 . 2008-05-01 10:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-04-05 20:59 . 2008-09-04 12:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-04-05 20:29 . 2009-04-05 20:29 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-04-05 12:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-04-02 14:59 . 2009-04-02 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 14:59 . 2009-04-02 14:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-02 14:59 . 2009-03-26 17:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 14:59 . 2009-03-26 17:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 14:58 . 2009-04-02 15:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 21:14 . 2009-03-29 21:14 <DIR> d-------- c:\program files\VSTplugins
2009-03-29 21:13 . 2009-03-29 21:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Publish Providers
2009-03-29 21:12 . 2009-03-29 21:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sony
2009-03-29 21:10 . 2009-03-29 21:10 <DIR> d-------- c:\program files\Sony Setup
2009-03-29 21:10 . 2009-03-29 21:10 <DIR> d-------- c:\program files\Sony
2009-03-27 00:34 . 2009-03-27 00:34 <DIR> d-------- c:\program files\Trend Micro
2009-03-26 20:12 . 2008-10-15 12:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-16 08:03 . 2009-03-16 08:03 <DIR> d-------- c:\program files\BestGameEver
2009-03-08 11:22 . 2009-03-08 11:22 286 --a------ c:\windows\Endorfun.ini
2009-03-08 11:18 . 2009-03-08 11:18 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-08 11:18 . 1995-08-02 05:04 258,560 --a------ c:\windows\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-06 18:12 39,461,664 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-06 18:12 1,390,880 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-06 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-06 18:10 529,412 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-06 18:10 131,372 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-05 19:14 --------- d-----w c:\program files\eMule
2009-04-05 17:37 --------- d-----w c:\program files\SpeedFan
2009-04-04 05:17 --------- d-----w c:\program files\Winamp
2009-02-25 08:17 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-25 08:14 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-25 08:14 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-24 08:53 --------- d-----w c:\program files\Google
2008-10-14 08:01 0 -c--a-w c:\documents and settings\Administrator\Application Data\wklnhst.dat
2008-03-31 01:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-01-02 17:22 3,760 ----a-w c:\documents and settings\Administrator\Application Data\mindhabits.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-21 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-16 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-29 7577600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-06-29 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-01 413696]
"nwiz"="nwiz.exe" [2006-06-29 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-16 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ares"="c:\program files\Ares\Ares.exe" -h
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\is uspm.exe -startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Intelitek\\RoboCell E-Learning\\bin\\Scorbase.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]

2009-04-06 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} - hxxp://69.59.182.1/downloads/LearnMateAgent.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6uo8434r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6uo8434r.default\ext ensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD77 9-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 14:12:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???HO??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\�•€|ÿÿÿÿ"•€|þ»Ôw*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1604)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1664)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-04-06 14:16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 18:16:51
ComboFix2.txt 2009-04-05 02:42:37

Pre-Run: 372,903,936 bytes free
Post-Run: 384,966,656 bytes libres

216

Sólo quedó un archivo por eliminar, así que aprovecharemos para insertar tu memoria infectada y sigue estos pasos:

1.-Abrir el Notepad

• Clic en INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

3.- Graba este archivo en el Escritorio con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

Hola GPastor

Que pena que extiendo el tema con algo que no tiene que ver mucho con el anterior inconveniente. Se me agravó el problema por culpa de una mala recomendacion ya que mi Ares no funcionaba, instale una version vieja de Limewire y un trojan me daño unas cosas (justo luego de la infeccion me doy cuenta de la lista de programas P2P que uds consideran que descargan virus o no, muy de malas) luego usé Ad-Aware SE y detecto el Svchost.exe como contaminado y la verdad ni me percaté y al darle next borro eso y habia un apagado obligatiorio del PC, luego encuentro que casi ninguno de mis programas sirven y mi pc tiene la apariencia clasica de windows, cuando voy a instalar algo o me dirijo a servicios aparece un mensaje: Win32: El servidor RPC no esta disponible. No tengo internet ni nada nada nada. Logré reemplazar el svchost.exe con otro que encontré en mi pc (con un buscador que me toco descargar desde otro pc ya que ni el buscador de windows sirve) y pues ahora inicia mas lento y no mejora en nada, me gustaria saber que probabilidad existe de recuperar la funcionabilidad de las aplicaciones y del PC como tal o si toca reinstalar WinXP, esto es lo que encuentro del HJT, me gustaria recibir ayuda con esto tambien si no es mucha molestia, ya que pasamos de un tema a aumentar el daño, gracias:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:07:40 p.m., on 07/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\SMINST\INSTALL_APP.EXE
c:\swsetup\chipset\Setup.exe
c:\swsetup\chipset\Setup.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-2989956134-3173563763-3344146913-500\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User '?')
O4 - HKUS\S-1-5-21-2989956134-3173563763-3344146913-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2989956134-3173563763-3344146913-500\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2989956134-3173563763-3344146913-500 Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238883373644
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238883334269
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {84FBD09D-921E-460C-9652-ECDC8B4EE1B7} (LMAgent Control) - http://69.59.182.1/downloads/LearnMateAgent.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 10621 bytes

Ejecuta nuevamente el ComboFix y pega un nuevo reporte.