Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Estimados amigos. Hace tiempo que no me acercaba a consultaros un report, y es que desde hace un tiempo he venido utilizando un un nuevo ordenador con windows vista.

Pues bien desde hace un tiempo a esta parte, la lentitud del ordenador, sus cuelgues, el acudir constantemente al administrador de tareas, etc, me hacen sospechar que algo pueda tener y que haga que el ordenador no funcione del todo correctamente.

Os dejo el log que he sacado y os agradezco de antemano que me deis algún consejo de ello. Muchas gracias.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:19, on 01/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManage r.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\ApVxdWin.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Mobile-based device management] "%windir%\WindowsMobile\wmdSync.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

--
End of file - 7407 bytes

Hola, sigue estos pasos:

Cierra todos los programas, ejecuta HijackThis y dale "FIX Cheked" a estas entradas:

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)


Descarga, actualiza y ejecuta el programa:

• Malwarebyte’s AntiMalwares

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
• Cuando termine, generará un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Muchas gracias por los consejos. He hecho todo lo que me has dicho y ahí va el reporte. Ya observo que la máquina funciona mucho mejor. A ver si lo completamos. Si ves cualquier cosa dime qué es lo que tengo que hacer. Gracias.


ComboFix 09-11-03.01 - LUIS PATRICIO 04/11/2009 17:57.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.34.3082.18.2045.1116 [GMT 1:00]
Running from: c:\users\LUIS PATRICIO\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1673670999-1704428649-1286829716-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3521595301-1071771015-2125652048-500
c:\$recycle.bin\S-1-5-21-562593655-1936356248-2708367035-500
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\LUIS PATRICIO\AppData\Roaming\Desktopicon
c:\users\LUIS PATRICIO\AppData\Roaming\Desktopicon\eBayShortcuts .exe
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 17:07 . 2009-11-04 17:08 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Local\temp
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\users\postgres\AppData\Local\temp
2009-11-03 19:42 . 2009-11-03 19:42 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\Malwarebytes
2009-11-03 19:42 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 19:42 . 2009-11-03 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 19:42 . 2009-11-03 19:42 -------- d-----w- c:\programdata\Malwarebytes
2009-11-03 19:42 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 18:42 . 2009-10-28 18:42 -------- d-----w- c:\program files\Trend Micro
2009-10-23 16:47 . 2009-10-23 16:47 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\FreeVideoConverter
2009-10-19 23:08 . 2009-10-19 23:08 -------- d-----w- c:\program files\Devious Codeworks
2009-10-19 14:28 . 2009-10-19 14:28 58 ----a-w- c:\windows\system32\DonationCoder_ScreenshotCaptor _InstallInfo.dat
2009-10-18 17:04 . 2009-10-18 17:04 552 ----a-w- c:\users\LUIS PATRICIO\AppData\Local\d3d8caps.dat
2009-10-18 16:58 . 2009-10-18 16:58 -------- d-----w- c:\program files\ZD Soft
2009-10-18 15:09 . 2009-10-18 16:24 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\FreeScreenToVideo
2009-10-18 15:09 . 2009-10-18 15:09 -------- d-----w- c:\program files\Free Screen To Video
2009-10-18 11:36 . 2009-10-18 11:36 -------- d-----w- c:\programdata\TechSmith
2009-10-14 21:32 . 2009-10-14 21:32 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 13:07 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 13:07 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 13:07 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 12:02 . 2009-11-03 18:54 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\Spotify
2009-10-11 12:02 . 2009-10-11 12:02 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Local\Spotify
2009-10-11 12:02 . 2009-10-11 12:02 -------- d-----w- c:\program files\Spotify
2009-10-10 21:53 . 2009-10-11 08:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-10 21:53 . 2009-10-10 21:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-10 20:48 . 2009-10-10 20:48 -------- d-----w- c:\program files\Webroot
2009-10-10 20:47 . 2009-10-10 21:53 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-10-10 20:47 . 2009-10-10 20:47 -------- d-----w- c:\programdata\Lavasoft
2009-10-10 20:47 . 2009-10-10 20:47 -------- d-----w- c:\program files\Lavasoft
2009-10-07 13:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-07 13:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-07 13:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-07 13:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 13:54 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-07 13:54 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-07 13:54 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 13:53 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-07 13:53 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-03 22:42 . 2007-08-22 18:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-03 19:44 . 2008-11-21 18:10 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\Audacity
2009-11-03 13:40 . 2008-01-11 07:34 105616 ----a-w- c:\users\LUIS PATRICIO\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:16 . 2007-08-22 18:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-02 11:22 . 2007-08-22 01:17 729628 ----a-w- c:\windows\system32\perfh00A.dat
2009-11-02 11:22 . 2007-08-22 01:17 157996 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-31 10:46 . 2008-02-14 21:24 1521 ----a-w- c:\windows\system32\dmlg.dat
2009-10-24 10:00 . 2009-09-04 22:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-24 10:00 . 2009-04-14 19:43 -------- d-----w- c:\program files\TechSmith
2009-10-23 16:59 . 2009-05-27 16:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-23 16:56 . 2009-05-27 16:47 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-23 16:49 . 2009-01-17 08:46 -------- d-----w- c:\program files\Free Video Converter
2009-10-23 05:58 . 2008-06-28 13:32 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\Vso
2009-10-19 14:28 . 2008-12-21 09:17 58 ----a-w- c:\users\LUIS PATRICIO\AppData\Local\DonationCoder_ScreenshotCap tor_InstallInfo.dat
2009-10-19 14:28 . 2008-12-21 09:16 -------- d-----w- c:\program files\ScreenshotCaptor
2009-10-18 17:04 . 2008-06-23 09:54 680 ----a-w- c:\users\LUIS PATRICIO\AppData\Local\d3d9caps.dat
2009-10-16 12:50 . 2009-08-18 07:54 -------- d-----w- c:\program files\Lospelayos Poker
2009-10-14 21:32 . 2007-08-22 19:31 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-12 20:36 . 2009-08-19 15:16 -------- d-----w- c:\program files\PokerTracker 3
2009-10-10 20:49 . 2007-08-22 18:55 -------- d-----w- c:\program files\MSSOAP
2009-10-10 19:54 . 2008-12-26 15:12 -------- d-----w- c:\program files\Panda Security
2009-10-01 08:29 . 2009-10-03 13:10 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 18:57 . 2009-09-29 18:57 -------- d-----w- c:\users\LUIS PATRICIO\AppData\Roaming\StreamTorrent
2009-09-29 18:57 . 2009-09-29 18:57 -------- d-----w- c:\program files\StreamTorrent 1.0
2009-09-27 20:58 . 2008-12-07 10:06 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-20 09:21 . 2009-09-20 09:21 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-09-12 16:27 . 2009-01-25 13:38 -------- d-----w- c:\program files\PhotoScape
2009-09-10 19:11 . 2008-12-26 15:14 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-09-10 19:11 . 2008-12-26 15:14 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-09-10 18:35 . 2009-09-10 18:06 -------- d-----w- c:\programdata\NOS
2009-09-10 18:06 . 2009-09-10 18:06 -------- d-----w- c:\program files\NOS
2009-09-10 17:55 . 2008-12-26 15:14 381432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-09-10 17:55 . 2008-12-26 15:14 381432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-09-10 17:30 . 2009-10-14 13:13 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:00 . 2008-12-22 13:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 13:19 . 2009-07-21 17:39 -------- d-----w- c:\programdata\Boss Media
2009-08-27 05:22 . 2009-10-14 13:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 13:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 13:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 13:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 17:07 . 2009-09-09 16:47 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 16:47 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 16:47 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 16:47 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 16:47 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 16:47 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 16:47 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 16:47 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 16:47 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 16:47 10240 ----a-w- c:\windows\system32\finger.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2009-07-15 881920]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [26/12/2008 16:09 28544]
R1 APPFLT;App Filter Plugin;c:\windows\System32\drivers\APPFLT.SYS [26/12/2008 16:13 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\System32\drivers\dsaflt.sys [26/12/2008 16:14 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\System32\drivers\fnetmon.sys [26/12/2008 16:13 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\System32\drivers\idsflt.sys [26/12/2008 16:14 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\System32\drivers\NETFLTDI.SYS [26/12/2008 16:13 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [26/12/2008 16:07 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\System32\drivers\wnmflt.sys [26/12/2008 16:14 46720]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sy s [26/12/2008 16:14 49208]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\System32\drivers\COMFiltr.sys [26/12/2008 16:14 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [22/08/2007 19:46 13312]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [26/12/2008 16:07 179640]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [26/12/2008 16:12 197888]
R3 scncap;scncap;c:\windows\System32\drivers\scncap.s ys [22/06/2009 7:46 9984]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [23/06/2008 10:29 21504]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 11:25 2589184]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 11:34 507136]
S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [10/12/2008 0:10 24636]
S4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [26/12/2008 16:12 28928]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [06/05/2009 10:11 185640]
S4 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [10/07/2009 16:49 4014080]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
panda REG_MULTI_SZ Gwmsrv
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\NeroLiveEpgUpdate-LUISPATRICIO1_LUIS-PATRICIO.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 08:59]

2009-11-04 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 13:38]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{F4170CE3-CB86-49D0-98A3-6E137D74FEDE}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{FB3804D1-BA5E-4B92-93D9-AA3062E7C401}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\LUIS PATRICIO\AppData\Roaming\Mozilla\Firefox\Profiles\ 0gdvyci2.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF - plugin: c:\users\LUIS PATRICIO\AppData\Roaming\Mozilla\plugins\npPxPlay. dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 18:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\LUISPA~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E1B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x84e1b1f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3521595301-1071771015-2125652048-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{C86FEAC1-BF09-B139-699A-F54842E6D400}*]
"najfdgmhbllpkfcagoogfdcebljd"=hex:69,61,6d,67,6a, 64,6c,69,65,6a,68,6d,6e,6c,
65,6c,63,69,00,00
"oahffhjehnkpofkhlaijabdnlapbhj"=hex:69,61,6d,67,6 a,64,6c,69,65,6a,68,6d,6e,6c,
65,6c,63,69,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Bitstream\Font Navigator]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\LSoft Technologies Inc\Active@ ISO Burner]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\MarkAny\ContentSAFER]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan\InstallAwar e]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver\2.60]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\RyTech Software\Create Your Business Card]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Samsung Electronics Co., LTD,\McAfeeInstall_spn]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\SOFTWARE\Windows\CurrentVersion]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-04 18:11
ComboFix-quarantined-files.txt 2009-11-04 17:11

Pre-Run: 30.193.618.944 bytes libres
Post-Run: 30.112.608.256 bytes libres

ComboFix ya se encargó de eliminar la infección, solo te quedaría quitar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 

Esto realizara las siguientes tareas:

• Se borraran:
  • ComboFix: sus archivos y carpetas.
  • VundoFix: copias de seguridad (si está presente)
  • La carpeta C:\Deckard (si está presente)
  • La carpeta C: _OtMoveIt (si está presente)
• Restablece la configuración del reloj.
• Ocultar extensiones de archivo (si es necesario.)
• Oculta los archivos que estaban ocultos
• Reactiva el "Restaurar Sistema"

Por lo demás sigue los pasos para Optimizar Windows así como también descarga y ejecuta la utilidad Advanced SystemCare, para reparar y optimizar a fondo tu PC.

Muchísimas gracias Gpastor. Esto ya es otra cosa. Caso solucionado de manera perfecta. Gracias.