Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

spybot encontró este trojano en mi pc NEBULER.BHO, como puedo eliminarlo?. el pc a estado muy lento, pero recientemente me di cuenta de que tenia este trojano, ademas que la version trial de mi antivirus ya finalizo. Ayudenme por favor, Gracias.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:15, on 30-06-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O8 - Extra context menu item: Adición a la lista de impresión de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Impresión a alta velocidad de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Impresión de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vista previa de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldes-cl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/ES-CL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7667 bytes

Hola, Vamos a comenzar por estos pasos:

• Paso 1- Descarga, instala y actualiza las siguientes herramientas:
  • CCleaner // Manual de uso.
  • Malwarebytes' Anti-Malware // Manual de uso.
• Paso 2- Ejecuta CCleaner para hacerle una limpieza de cookies, archivos temporales e innecesarios para mejorar el rendimiento de tu equipo y generar reportes mas limpios.(NO necesitamos este reporte)
  
• Paso 3- Ejecuta Malwarebytes' Anti-Malware (MBAM) y selecciona todo lo que este encuentre para luego presionar el botón de "Quitar lo Seleccionado" y así mandarlo a cuarentena.
  
• Paso 4- Reinicia tu PC, y vuelve a generar un nuevo reporte de HijackThis 2.0.2 para pegarlo junto con el reporte de MBAM en este mismo mensaje contándonos si hubiera habido alguna mejora en el problema o rendimiento del equipo.

Por ultimo te recomiendo suscribirte al feed de nuestro Blog de InfoSpyware para estar al tanto de las nuevas amenazas que circulan por la red y así en un futuro puedas prevenirlas.

No te olvides de volver a dejarnos los reportes para continuar con el tema....

Saludos

todavia esta lento, pero cambie el navegador a Mozilla Furefox ahora carga las paginas mas rapido... aki les dejo los reportes..Gracias

Malwarebytes' Anti-Malware 1.38
Versión de la Base de Datos: 2363
Windows 6.0.6000

02-07-2009 15:17:57
mbam-log-2009-07-02 (15-17-57).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 149434
Tiempo transcurrido: 1 hour(s), 2 minute(s), 11 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 5
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:15, on 30-06-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O8 - Extra context menu item: Adición a la lista de impresión de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Agregar al componente Anti-Banners - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Impresión a alta velocidad de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Impresión de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vista previa de Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Estadísticas de protección del tráfico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldes-cl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/ES-CL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7667 bytes

El log está limpio, para descartar infecciones sigue estos pasos:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
• Cuando termine, generará un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

aki esta el reporte de combofix


ComboFix 09-07-01.04 - SOFIA 02-07-2009 16:04.1 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6000.0.1252.56.3082.18.446.141 [GMT -4:00]
Running from: c:\users\SOFIA\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 20:09 . 2009-07-02 20:10 -------- d-----w- c:\users\SOFIA\AppData\Local\temp
2009-07-02 20:09 . 2009-07-02 20:09 -------- d-----w- c:\users\Invitado\AppData\Local\temp
2009-07-02 20:09 . 2009-07-02 20:09 -------- d-----w- c:\users\GERMAN\AppData\Local\temp
2009-07-02 18:30 . 2009-07-02 18:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-02 18:29 . 2009-07-02 18:31 -------- d-----w- c:\program files\Norton Security Scan
2009-07-02 18:12 . 2009-07-02 18:12 -------- d-----w- c:\users\SOFIA\AppData\Roaming\Malwarebytes
2009-07-02 18:12 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 18:12 . 2009-07-02 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 18:12 . 2009-07-02 18:12 -------- d-----w- c:\programdata\Malwarebytes
2009-07-02 18:12 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\users\SOFIA\AppData\Local\Mozilla
2009-06-30 20:31 . 2009-07-02 18:24 -------- d-----w- c:\programdata\Google Updater
2009-06-30 20:31 . 2009-06-30 20:31 -------- d-----w- c:\program files\Google
2009-06-30 19:56 . 2009-06-30 19:56 -------- d-----w- c:\program files\Trend Micro
2009-06-29 18:42 . 2009-07-02 18:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-29 18:42 . 2009-06-29 18:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-23 03:36 . 2009-06-23 03:37 -------- d-----w- c:\users\GERMAN\AppData\Roaming\Canon
2009-06-23 03:31 . 2009-06-23 03:31 -------- d-----w- c:\users\GERMAN\AppData\Roaming\ArcSoft
2009-06-23 02:50 . 2009-06-23 02:50 -------- d-----w- c:\users\GERMAN\AppData\Roaming\AdobeUM
2009-06-23 02:50 . 2009-06-23 02:50 -------- d-----w- c:\users\GERMAN\AppData\Local\Adobe
2009-06-22 21:05 . 2009-06-22 21:05 -------- d-----w- c:\users\SOFIA\AppData\Roaming\ScanSoft
2009-06-22 21:05 . 2009-06-22 21:05 -------- d-----w- c:\programdata\SSScanWizard
2009-06-22 21:05 . 2009-06-22 21:05 -------- d-----w- c:\programdata\SSScanAppDataDir
2009-06-22 21:03 . 2009-06-22 21:05 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-22 21:03 . 2009-06-22 21:03 -------- d-----w- c:\program files\ScanSoft
2009-06-22 20:59 . 1995-08-01 08:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-06-22 20:59 . 2009-06-22 20:59 -------- d-----w- c:\program files\ArcSoft
2009-06-22 20:56 . 2009-06-22 20:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-22 20:55 . 2003-09-18 18:32 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-22 20:52 . 2009-06-22 20:55 -------- d-----w- c:\program files\Canon
2009-06-22 20:05 . 2009-06-22 20:05 -------- d--h--w- c:\programdata\CanonBJ
2009-06-22 20:04 . 2009-06-22 20:04 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-06-22 19:57 . 2008-04-03 09:00 198656 ----a-w- c:\windows\system32\CNMLM7I.DLL
2009-06-22 19:56 . 2008-02-07 19:59 195072 ----a-w- c:\windows\system32\CNCC450.DLL
2009-06-22 19:56 . 2008-02-07 19:59 37888 ----a-w- c:\windows\system32\CNCI450.DLL
2009-06-22 19:56 . 2006-06-29 18:29 106496 ----a-w- c:\windows\system32\cncisco.dll
2009-06-22 19:56 . 2005-05-30 23:46 139264 ----a-w- c:\windows\system32\CNCL450.DLL
2009-06-22 19:56 . 2009-06-22 19:56 -------- d--h--w- c:\program files\CanonBJ
2009-06-21 18:17 . 2009-06-21 18:17 -------- d-----w- c:\windows\Applian FLV Player
2009-06-21 18:17 . 2009-06-21 18:17 -------- d-----w- c:\program files\FLV Player
2009-06-20 20:57 . 1998-11-13 17:04 308224 ----a-w- c:\windows\IsUn040a.exe
2009-06-20 20:46 . 2009-06-20 20:46 -------- d--h--w- c:\windows\PIF
2009-06-20 20:45 . 1996-01-09 10:38 283648 ----a-w- c:\windows\uninst.exe
2009-06-12 02:36 . 2009-06-12 02:36 -------- d-----w- c:\users\GERMAN\AppData\Roaming\Yahoo!
2009-06-12 01:19 . 2009-06-12 01:19 -------- d-----w- c:\program files\Java
2009-06-12 01:08 . 2009-06-12 01:12 -------- d-----w- c:\windows\system32\Adobe
2009-06-12 00:55 . 2009-06-18 16:29 -------- d-----w- c:\program files\Panda Security
2009-06-10 00:37 . 2009-06-30 20:49 117760 ----a-w- c:\users\SOFIA\AppData\Roaming\SUPERAntiSpyware.co m\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-09 01:27 . 2009-06-09 01:27 -------- d-----w- c:\users\Invitado\AppData\Roaming\Yahoo!
2009-06-09 01:26 . 2009-06-09 18:53 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-09 01:26 . 2009-06-09 01:26 -------- d-----w- c:\users\SOFIA\AppData\Roaming\Yahoo!
2009-06-09 01:26 . 2009-06-09 01:26 -------- d-----w- c:\program files\Yahoo!
2009-06-06 23:06 . 2009-06-06 23:06 750080 ----a-w- c:\windows\system32\qmgr.dll
2009-06-06 01:08 . 2009-06-06 01:08 -------- d-----w- c:\users\GERMAN\AppData\Roaming\TuneUp Software
2009-06-06 01:02 . 2009-07-02 04:14 -------- d-----w- c:\users\GERMAN\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-02 20:02 . 2009-05-23 01:17 680 ----a-w- c:\users\SOFIA\AppData\Local\d3d9caps.dat
2009-07-02 15:18 . 2009-05-25 04:29 680 ----a-w- c:\users\Invitado\AppData\Local\d3d9caps.dat
2009-07-02 04:14 . 2009-05-23 14:40 680 ----a-w- c:\users\GERMAN\AppData\Local\d3d9caps.dat
2009-07-01 23:45 . 2006-11-02 15:56 660802 ----a-w- c:\windows\system32\perfh00A.dat
2009-07-01 23:45 . 2006-11-02 15:56 118148 ----a-w- c:\windows\system32\perfc00A.dat
2009-06-30 22:15 . 2009-05-23 02:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-30 20:49 . 2009-05-24 18:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-22 20:59 . 2009-05-23 02:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-06 01:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-04 03:28 . 2009-05-25 04:30 99864 ----a-w- c:\users\Invitado\AppData\Local\GDIPFONTCACHEV1.DA T
2009-06-04 03:22 . 2009-05-23 14:42 99864 ----a-w- c:\users\GERMAN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-04 01:23 . 2009-05-23 01:19 99864 ----a-w- c:\users\SOFIA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-29 01:24 . 2009-05-29 01:24 414208 ----a-w- c:\windows\system32\msscp.dll
2009-05-29 01:20 . 2009-05-29 01:20 1645568 ----a-w- c:\windows\system32\connect.dll
2009-05-29 01:19 . 2009-05-29 01:19 2026496 ----a-w- c:\windows\system32\win32k.sys
2009-05-29 01:19 . 2009-05-29 01:19 633856 ----a-w- c:\windows\system32\user32.dll
2009-05-28 03:04 . 2009-05-28 03:04 -------- d-----w- c:\users\Invitado\AppData\Roaming\AdobeUM
2009-05-26 17:26 . 2009-05-26 17:26 552 ----a-w- c:\users\Invitado\AppData\Local\d3d8caps.dat
2009-05-25 21:20 . 2009-05-25 21:20 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-25 21:20 . 2009-05-25 21:20 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-25 21:20 . 2009-05-25 21:20 -------- d-----w- c:\users\SOFIA\AppData\Roaming\TuneUp Software
2009-05-25 21:20 . 2009-05-25 21:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-25 21:18 . 2009-05-25 21:18 -------- d-----w- c:\programdata\TuneUp Software
2009-05-25 21:17 . 2009-05-25 21:17 -------- d-----w- c:\program files\CCleaner
2009-05-25 21:17 . 2009-05-25 21:17 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-25 18:33 . 2009-05-25 18:33 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-05-25 18:33 . 2009-05-25 18:33 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-05-25 18:33 . 2009-05-25 18:33 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-05-25 02:44 . 2009-05-25 02:44 -------- d-----w- c:\users\SOFIA\AppData\Roaming\AdobeUM
2009-05-24 23:39 . 2009-05-24 23:39 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-24 23:39 . 2009-05-24 23:39 737792 ----a-w- c:\windows\system32\inetcomm.dll
2009-05-24 23:33 . 2009-05-24 23:33 72704 ----a-w- c:\windows\system32\admparse.dll
2009-05-24 23:33 . 2009-05-24 23:33 826368 ----a-w- c:\windows\system32\wininet.dll
2009-05-24 23:33 . 2009-05-24 23:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-05-24 23:33 . 2009-05-24 23:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-05-24 23:32 . 2009-05-24 23:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-24 23:32 . 2009-05-24 23:32 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-05-24 21:56 . 2009-05-24 21:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-05-24 18:41 . 2009-05-24 18:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-05-24 18:41 . 2009-05-24 18:41 -------- d-----w- c:\users\SOFIA\AppData\Roaming\SUPERAntiSpyware.co m
2009-05-24 18:39 . 2009-05-24 18:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-24 18:39 . 2009-05-24 18:39 -------- d-----w- c:\program files\SpywareBlaster
2009-05-24 17:58 . 2009-05-23 02:30 -------- d-----w- c:\programdata\McAfee
2009-05-24 05:01 . 2009-05-24 05:01 -------- d-----w- c:\program files\Microsoft
2009-05-24 05:01 . 2009-05-24 05:00 -------- d-----w- c:\program files\Windows Live
2009-05-24 05:01 . 2009-05-24 05:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-24 03:20 . 2009-05-24 03:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-24 03:17 . 2009-05-23 02:33 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-24 03:02 . 2009-05-23 14:45 -------- d-----w- c:\users\GERMAN\AppData\Roaming\SiteAdvisor
2009-05-23 04:20 . 2009-05-23 04:02 -------- d-----w- c:\programdata\Microsoft Help
2009-05-23 04:13 . 2009-05-23 04:13 -------- d-----w- c:\program files\Microsoft Works
2009-05-23 04:12 . 2006-11-02 12:33 -------- d-----w- c:\program files\MSBuild
2009-05-23 04:10 . 2009-05-23 04:10 -------- d-----w- c:\program files\Microsoft.NET
2009-05-23 04:04 . 2009-05-23 04:04 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-23 03:03 . 2009-05-23 03:03 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-23 02:52 . 2009-05-23 02:36 -------- d-----w- c:\users\SOFIA\AppData\Roaming\SiteAdvisor
2009-05-23 02:18 . 2009-05-23 02:18 552 ----a-w- c:\users\SOFIA\AppData\Local\d3d8caps.dat
2009-05-23 01:37 . 2009-05-23 01:37 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-23 01:37 . 2009-05-23 01:37 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-23 01:37 . 2009-05-23 01:37 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-23 01:37 . 2009-05-23 01:37 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-23 01:37 . 2009-05-23 01:37 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-23 01:37 . 2009-05-23 01:37 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-23 01:37 . 2009-05-23 01:37 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-23 01:36 . 2009-05-23 01:36 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-23 01:36 . 2009-05-23 01:36 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\programdata\Plantillas
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\programdata\Menú Inicio
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\programdata\Favoritos
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\programdata\Escritorio
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\programdata\Documentos
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\programdata\Datos de programa
2009-05-23 01:14 . 2009-05-23 01:14 -------- d-sh--we c:\program files\Archivos comunes
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

c:\users\SOFIA\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregSpa\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregSpa\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{5515D587-4B39-48A1-B241-62AAC47D4D54}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C88E1F4D-3917-48B5-892C-6C81C1D975A5}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-04-2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28-04-2009 11:33 72944]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [29-06-2009 14:43 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [25-05-2009 17:20 603904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02-11-2006 6:25 167936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-04-2009 11:33 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-30 20:31]

2009-07-02 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-27 15:31]

2009-07-02 c:\windows\Tasks\Norton Security Scan for SOFIA.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.cl/
IE: Adición a la lista de impresión de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Impresión a alta velocidad de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Impresión de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Vista previa de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
FF - ProfilePath - c:\users\SOFIA\AppData\Roaming\Mozilla\Firefox\Pro files\esq0563o.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 16:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4084)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Completion time: 2009-07-02 16:12
ComboFix-quarantined-files.txt 2009-07-02 20:12

Pre-Run: 20.438.106.112 bytes libres
Post-Run: 20.527.112.192 bytes libres

274

El reporte está limpio solo te quedaría quitar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 

Esto realizara las siguientes tareas:

• Se borraran:
  • ComboFix: sus archivos y carpetas.
  • VundoFix: copias de seguridad (si está presente)
  • La carpeta C:\Deckard (si está presente)
  • La carpeta C: _OtMoveIt (si está presente)
• Restablece la configuración del reloj.
• Ocultar extensiones de archivo (si es necesario.)
• Oculta los archivos que estaban ocultos
• Reactiva el "Restaurar Sistema"

- Si el problema persiste sigue los pasos para Optimizar Windows así como también descarga y ejecuta la utilidad Advanced SystemCare, para reparar y optimizar a fondo tu PC.

Saludos

se eliminaron los trojanos, ahora solo me queda optimizar. GRACIAS