Después de eliminar virus, no aparece Centro de Seguridad en la lista de services.msc

Pues eso, la PC de mi madre se infectó de un virus que bloqueaba los ejecutables (.exe), y al intentar correr algún programa me mostraba la ventana de "Abrir con...", dejando la PC completamente inutilizable (segun Panda ActiveScanner, tenía más de 119 infecciones). Afortunadamente pude solucionarlo viendo entradas de este foro, lo arreglé con Panda ActiveScanner, rkill y malwarebytes en modo a prueba de fallos.

Después de eso la compu volvió a ser usable, solo que faltó un detalle... En el centro de actividades, en concreto el Centro de Seguridad, no puede activarse...

Si entro a services.msc, el servicio del Centro de Seguridad no aparece... por lo tanto, no lo puedo iniciar, ni detener, ni nada... y cuando trato de activarlo desde el Centro de Actividades me dice simplemente "No se puede iniciar el centro de seguridad de windows"... eso sin más y sin un código de error...

Les agradecería mucho su ayuda... le volví a pasar el malwarebytes (escanéo rápido esta vez), el Panda Cloud (full scan) y nada más me falta el spybot...

Espero que tenga solución... en verdad llevo horas en google y en vuestro foro buscando a alguien que le haya pasado lo mismo... pero veo que todos encuentran el servicio en la lista y queda bien con eso... a mí ni me aparece...

Gracias de antemano por su ayuda...

Hola cplatt.

Consejos para antes de publicar un nuevo mensaje
Políticas del Foro de InfoSpyware

Podrías pegar el reporte de Malwarebytes, Rkill y Panda ActiveScan (dode detectaron las amenazas), para analizarlos.

Malwareytes: dentro del programa en la pestaña "Registros".
Rkill:

C:\rkill.log

Saludos!

Gracias por responder...

Los reportes son bastante extensos como para atiborrar la pantalla, así que los subí a mega (solo 4 kbs):

Rkill

Código:

This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 

Rkill was run on 28/05/2011 at 19:49:05. 
Operating System: Windows 7 Home Basic 


Processes terminated by Rkill or while it was running: 



Rkill completed on 28/05/2011 at 19:49:22.

Malwarebytes

Código:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versión de la Base de Datos: 6707

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

28/05/2011 07:43:03 p.m.
mbam-log-2011-05-28 (19-43-03).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Objetos examinados: 361715
Tiempo transcurrido: 46 minuto(s), 1 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 1
Claves del Registro Infectadas: 8
Valores del Registro Infectados: 6
Elementos de Datos del Registro Infectados: 7
Carpetas Infectadas: 0
Archivos Infectados: 55

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
c:\Windows\System32\hgrykvag.dll (IPH.GenericBHO) -> Delete on reboot.

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\{6F2B64C6-9604-ECBD-0319-F7428D12B773} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Xcbkrubg (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F2B64C6-9604-ECBD-0319-F7428D12B773} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F2B64C6-9604-ECBD-0319-F7428D12B773} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmhfoot (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDLL (service.exe) (Worm.Agent) -> Value: WinDLL (service.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Firewall (Trojan.VirTool) -> Value: Firewall -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWindows (Trojan.VirTool) -> Value: UpdateWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\engel (Trojan.Proxy) -> Value: engel -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zeeeceh (Backdoor.Bot) -> Value: zeeeceh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysRun (Trojan.BHO) -> Value: SysRun -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (mitgmkpu.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (momaymly.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (mijuwlgv.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (mrirwhxd.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (mdivgqce.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (mymxlivh.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\nxm.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
c:\Windows\System32\hgrykvag.dll (IPH.GenericBHO) -> Quarantined and deleted successfully.
c:\Windows\service.exe (Worm.Agent) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Roaming\firewall update.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\Users\eduardo\zeeeceh.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\System32\mitgmkpu.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\momaymly.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\mijuwlgv.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\mrirwhxd.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\mdivgqce.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\mymxlivh.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\kmhfoot.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\mssrv32.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\svshost.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1855103910-1296302430-1705687183-1000\$R8NKW8S.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-1855103910-1296302430-1705687183-1000\$RT9XNL2.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\programdata\dhcpcores.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\eduardo\l.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\eduardo\nvt32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\eduardo\o.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\eduardo\pvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\eduardo\svc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\37F2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\3ED5.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\4818.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\539D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\5F7F.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\693D.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\7705.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\DD55.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\EAFC.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Local\Temp\F799.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\eduardo\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mousedriver.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\Users\eduardo\Desktop\programas\sketch up\sketch up pro8\Sketchup\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows\System32\wininet.exe (Backdoor.Syrutrk) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\kmhfoot.exe105 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\kmhfoot.exe773 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\cgjf\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\deto\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\fbqt\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\gopq\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\gpif\setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\ifuk\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\isvi\setup.exe (Backdoor.Syrutrk) -> Quarantined and deleted successfully.
c:\Windows\Temp\jrmg\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\kdrh\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\kobb\setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\muym\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\owfq\setup.exe (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Windows\Temp\payd\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\qxin\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\tvty\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\Temp\wegl\setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\wvxk\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\eduardo\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Panda ActiveScan

Código:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-05-28 19:16:45
PROTECTIONS: 1
MALWARE: 51
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Norton Internet Security                                                   No        No
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139059  Cookie/Traffic Marketplace         TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@trafficmp[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\eduardo@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[4].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[3].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[2].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[5].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@atdmt[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\eduardo@atdmt[2].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@atdmt[3].txt
00145457  Cookie/FastClick                   TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@fastclick[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[3].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\eduardo@mediaplex[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@mediaplex[4].txt
00167647  Cookie/Yadro                       TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@yadro[1].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@xiti[1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][9].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][8].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][7].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][5].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][2].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][3].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][6].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][11].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\[email protected][4].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\[email protected][2].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[5].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[2].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[1].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\roaming\microsoft\windows\cookies\eduardo@apmebf[1].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\eduardo@apmebf[1].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@apmebf[4].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@serving-sys[3].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@serving-sys[1].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@serving-sys[4].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\roaming\microsoft\windows\cookies\eduardo@serving-sys[1].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\eduardo@serving-sys[1].txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\local\temp\low\cookies\[email protected][1].txt
00168109  Cookie/Adtech                      TrackingCookie      No        0         Yes            No           c:\users\eduardo\appdata\roaming\microsoft\windows\cookies\eduardo@adtech[1].txt
00168109  Cookie/Adtech                      TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adtech[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@advertising[2].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@overture[2].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@overture[1].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@overture[3].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@overture[4].txt
00170554  Cookie/Overture                    TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@overture[5].txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@zedo[1].txt
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adultfriendfinder[4].txt
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adultfriendfinder[1].txt
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adultfriendfinder[2].txt
00191644  Cookie/adultfriendfinder           TrackingCookie      No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@adultfriendfinder[3].txt
00535733  W32/LdPinch.AVK.worm               Virus/Worm          No        0         Yes            No           c:\windows\service.exe
00624454  Trj/Genetic.gen                    Virus/Trojan        No        0         Yes            No           c:\windows\system32\wqyczuwd.dll
00624454  Trj/Genetic.gen                    Virus/Trojan        Yes       0         Yes            No           c:\windows\system32\hgrykvag.dll
00624454  Trj/Genetic.gen                    Virus/Trojan        No        0         Yes            No           c:\programdata\dhcpcores.dll
00684797  ACAD/Bursted.F                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\roaming\autodesk\autocad 2010\r18.0\enu\support\acadapp.lsp
00684797  ACAD/Bursted.F                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\desktop\taller vi\agencia automotriz\autocad\agencia automotriz\acad.lsp
00684797  ACAD/Bursted.F                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\desktop\cd agencia automotriz\autocad agencia automotriz\acad.lsp
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{23173037-eefa-8406-abc2-5bd4769b7794}-system.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{94ec3494-8bbb-e783-dc06-8c49c5cd3554}-setup.exe
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{1780ea59-4744-ca9c-c69c-5a7506d8031c}-system.core.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{16795af9-f338-ccef-ed5f-ce40181151d7}-system.net.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{b71d66f6-0e49-feb4-80da-78c24ad234da}-system.windows.browser.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{1f00b591-737e-af8d-0efc-680fa3048670}-setup.exe
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{4c8eab5b-819c-8bc6-cc54-af2dd3c58827}-system.runtime.serialization.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{0aae66f6-ea48-5648-c542-ba8f986e19a8}-system.xml.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{07335744-d1aa-15bb-d74d-ef4fa7ee3b9c}-system.windows.ni.dll
03009106  W32/Xor-encoded.A                  Virus               No        0         Yes            No           c:\programdata\microsoft\windows defender\localcopy\{dd397f7d-91dd-efb4-a9d2-29663063ddbf}-system.servicemodel.web.ni.dll
03074964  Trj/CI.A                           Virus/Trojan        Yes       0         Yes            No           c:\windows\system32\drivers\kmhfoot.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\windows\system32\drivers\kmhfoot.exe105
03074964  Trj/CI.A€´T�à6               Virus/Trojan        No        0         Yes            No           c:\windows\system32\drivers\kmhfoot.exe773
03074964  Trj/CI.A€´T�à6               Virus/Trojan        No        0         Yes            No           c:\windows\temp\gpif\setup.exe
03074964  Trj/CI.A€´T�à6               Virus/Trojan        No        0         Yes            No           c:\windows\temp\kobb\setup.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\windows\temp\wegl\setup.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\windows\temp\goo50bf.tmpt.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\windows\temp\tvty\setup.exe
05646626  W32/Sality.AO                      Virus               No        1         No             No           e:\autoplay\docs\portables\novedades\wireless key view\wireles keyview.exe[wirelesskeyview.exe]
05788070  Bck/Agent.DPD                      Virus/Trojan        No        1         Yes            No           c:\windows\system32\wininet.exe
05788070  Bck/Agent.DPD                      Virus/Trojan        No        1         Yes            No           c:\windows\temp\isvi\setup.exe
05948426  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\roaming\firewall update.exe
05948426  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\$recycle.bin\s-1-5-21-1855103910-1296302430-1705687183-1000\$r8nkw8s.exe
07918681  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\system32\svshost.dll
08337664  Trj/Agent.ONL                      Virus/Trojan        No        0         Yes            No           c:\windows\system32\mitgmkpu.dll
08337665  Trj/Agent.ONL                      Virus/Trojan        No        0         Yes            No           c:\windows\temp\wvxk\setup.exe
08337693  W32/Vobfus.GEP                     Virus               No        1         Yes            No           c:\users\eduardo\l.exe
08347119  Trj/Alureon.CN                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\4818.tmp
08350490  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\k8nlbz6ce1.exe
08351011  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\users\eduardo\j0gzwo455fy3.exe
08359780  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\jrmg\setup.exe
08359780  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\deto\setup.exe
08359780  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\cgjf\setup.exe
08359780  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\muym\setup.exe
08362764  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\o.exe
08364949  Generic Malware                    Virus/Trojan        Yes       0         Yes            No           c:\windows\system32\mssrv32.exe
08364965  Generic Trojan                     Virus/Trojan        Yes       0         Yes            No           c:\users\eduardo\appdata\roaming\microsoft\windows\start menu\programs\startup\mousedriver.exe
08364965  Generic Trojan                     Virus/Trojan        Yes       0         Yes            No           c:\users\eduardo\appdata\roaming\updates\updates.exe
08365020  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\payd\setup.exe
08366150  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\users\eduardo\ruorx.exe
08367009  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\7705.tmp
08375180  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\ckat\setup.exe
08375180  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\hpbc\setup.exe
08391971  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\windows\system32\momaymly.dll
08393830  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\windows\temp\gopq\setup.exe
08393830  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\windows\temp\ifuk\setup.exe
08413413  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\users\eduardo\nvt32.exe
08419423  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\3ed5.tmp
08421506  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\693d.tmp
08423738  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\svc32.exe
08435608  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\windows\temp\fbqt\setup.exe
08437805  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\f799.tmp
08437805  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\539d.tmp
08439904  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\5f7f.tmp
08439904  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\eafc.tmp
08439904  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\dd55.tmp
08439904  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\eduardo\appdata\local\temp\37f2.tmp
08442920  Adware/SecurityCenter              Adware              No        1         Yes            No           c:\users\eduardo\pvc32.exe
08465133  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\windows\temp\owfq\setup.exe
08467418  Generic Trojan¼È
rt?*         Virus/Trojan        No        0         Yes            No           c:\windows\system32\config\systemprofile\appdata\local\mekomdo.dll
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
No        c:\users\eduardo\zeeeceh.exe
No        c:\windows\temp\jtmc\setup.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Saludos y gracias!

Realiza lo siguiente:

Si utilizas Spybot Search & Destroy desactivas el Tea Timer

1.-

Descarga, instala y/o actualiza (fundamental):

• Ccleaner y su Manual

• TDSSKiller

• UsbFix By El Desaparecido C_XX

*IMPORTANTE* Conecta tus dispotivos USB al ordenador al realizar los análisis, marcando la unidad que le corresponda.

2.-

• Iniciar el Sistema en Modo Seguro (si no podes, omití este paso)

3.- (Modo seguro)

Ejecuta:

Ccleaner, usando sus opciones:

• Limpiador: para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos;
• Registro: para limpiar todo el Registro de Windows haciendo Copia de Seguridad.

UsbFix.exe, siguiendo los pasos de su Manual en su opción "Supresión". Al finalizar pega el reporte en tu próxima respuesta.

4.- (Modo normal)

Ejecuta TDSSKiller como detalla su manual. Al finalizar pegas el reporte en tu próxima respuesta.

5.-

Realizar un nuevo análisis completo con Panda ActiveScan 2.0, al finalizar *IMPORTANTE* presiona el simbolo Exportar a y en tu próxima respuesta pegas el reporte.

En tu próxima respuesta pega los reportes:
UsbFix
TDSSKiller
Panda ActiveScan 2.0

Comentanos como te fue y como funciona el sistema ...

¿Con respecto al Centro de Seguridad de Windows, se ha solucionado el inconveniente?

Aún no...

Sigue sin aparecer el servicio en cuestión en la lista y el mismo mensaje de error cuando se intenta activar desde el Centro de Actividades..

Realiza lo siguiente:

1.-

• Desinstala desde Inicio / Panel de Control / Programas - Programas y características:

Spybot - Search and Destroy

2-

Para desinstalar UsbFix.exe, siga estos pasos:

• Ejecute UsbFix
• Seguido pulse la opción "Desinstalar"
• Aparecera una nueva ventana mencionando lo siguiente "UsbFix se ha desinstalado!"
• Acepte para finalizar.

3.-


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Si te pide actualizar "Aceptas".
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones. Importante instalar Recovery Console.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
  
  
  

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje. Comentando como esta funcionado tu sistema y detallando el error que aparece sobre el Centro de Seguridad de Windows.

Aquí el reporte de ComboFix:

ComboFix 11-05-28.01 - eduardo 29/05/2011 13:32:40.1.1 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.52.3082.18.1979.1298 [GMT -7:00]
Running from: c:\users\eduardo\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\eduardo\AppData\Roaming\updates
c:\windows\system32\tmp.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 20:40 . 2011-05-29 20:40 -------- d-----w- c:\users\eduardo\AppData\Local\temp
2011-05-29 20:40 . 2011-05-29 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 18:45 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-29 17:09 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-29 17:09 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-29 17:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-29 17:09 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-29 07:08 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-05-29 07:08 . 2011-05-29 07:08 -------- d--h--w- c:\windows\AxInstSV
2011-05-29 07:06 . 2011-05-29 07:06 -------- d-----w- c:\users\eduardo\AppData\Local\Mozilla
2011-05-29 06:43 . 2011-05-29 20:28 -------- d-----w- C:\UsbFix
2011-05-29 06:30 . 2011-05-29 06:30 -------- d-----w- c:\windows\system32\wbem\en-US
2011-05-29 04:40 . 2011-05-29 20:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-29 04:40 . 2011-05-29 20:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-29 04:19 . 2011-05-29 04:20 -------- d-----w- c:\program files\CCleaner
2011-05-29 03:07 . 2011-05-29 03:07 -------- d-----w- c:\users\eduardo\AppData\Roaming\Panda Security
2011-05-29 03:02 . 2011-05-29 03:02 -------- d-----w- c:\users\eduardo\AppData\Local\panda2_0dn
2011-05-29 03:02 . 2011-05-29 20:21 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-05-29 03:02 . 2011-05-29 03:02 -------- d-----w- c:\programdata\Panda Security
2011-05-29 01:18 . 2011-05-29 01:18 -------- d-----w- c:\users\eduardo\AppData\Roaming\Malwarebytes
2011-05-29 01:17 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 01:17 . 2011-05-29 01:17 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 01:17 . 2011-05-29 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 01:17 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 00:03 . 2011-05-29 00:03 281 ----a-w- c:\programdata\bdinstall.bin
2011-05-28 23:39 . 2011-05-29 07:08 -------- d-----w- c:\program files\Panda Security
2011-05-28 23:35 . 2011-05-28 23:35 -------- d-----w- c:\users\eduardo\AppData\Roaming\QuickScan
2011-05-28 23:25 . 2011-05-28 23:25 -------- d-----w- c:\users\eduardo\AppData\Local\Apps
2011-05-27 21:14 . 2011-05-27 21:14 0 ---ha-w- c:\users\eduardo\AppData\Local\BIT32F6.tmp
2011-05-24 12:31 . 2011-05-24 12:32 -------- d-----w- c:\users\eduardo\AppData\Local\{72AAEF7F-4FE5-48CD-934E-9FA7A03D0C7F}
2011-05-24 06:23 . 2011-05-24 06:23 -------- d-----w- c:\users\eduardo\AppData\Local\ElevatedDiagnostics
2011-05-23 19:48 . 2011-05-23 19:48 -------- d-----w- c:\users\eduardo\AppData\Local\{5117B1CF-9193-40E2-B510-03258EDF96CA}
2011-05-23 07:42 . 2011-05-23 07:42 -------- d-----w- c:\users\eduardo\AppData\Local\{FA949AA4-EA27-43CB-A46E-819123A892CE}
2011-05-23 07:12 . 2011-05-23 07:13 -------- d-----w- c:\users\eduardo\AppData\Local\{FC188559-469E-4116-84E2-973C85088B02}
2011-05-21 01:00 . 2011-05-21 01:00 0 ---ha-w- c:\users\eduardo\AppData\Local\BITDF9A.tmp
2011-05-20 17:37 . 2011-05-20 17:38 -------- d-----w- c:\users\eduardo\AppData\Local\{1BB05310-B4FE-49B3-BF29-4B265A84C0B9}
2011-05-20 03:47 . 2011-05-20 03:48 -------- d-----w- c:\users\eduardo\AppData\Local\{192E724B-6767-4D40-86D4-E0119AEC01D5}
2011-05-19 14:49 . 2011-05-19 14:49 -------- d-----w- c:\users\eduardo\AppData\Local\{6166379B-A71B-4979-A33F-B6F230A19E5A}
2011-05-19 01:15 . 2011-05-19 01:16 -------- d-----w- c:\users\eduardo\AppData\Local\{846E6761-9F6A-435B-A5D3-FCFC6B5B96F3}
2011-05-18 06:59 . 2011-05-18 07:00 -------- d-----w- c:\users\eduardo\AppData\Local\{10D7B014-94BF-4F9D-B7D5-1A10B49B364A}
2011-05-17 01:30 . 2011-05-17 01:30 -------- d-----w- c:\users\eduardo\AppData\Local\Apple Computer
2011-05-17 01:12 . 2011-05-17 01:12 -------- d-----w- c:\users\eduardo\AppData\Roaming\Apple Computer
2011-05-17 01:12 . 2011-05-17 01:12 0 ---ha-w- c:\users\eduardo\AppData\Local\BIT2480.tmp
2011-05-14 00:59 . 2011-05-14 00:59 0 ---ha-w- c:\users\eduardo\AppData\Local\BIT6131.tmp
2011-05-13 03:14 . 2011-05-13 03:14 -------- d-----w- c:\users\eduardo\AppData\Local\{6F38C9C3-7515-4207-93E6-F6D83E1E9CB5}
2011-05-12 14:19 . 2011-05-12 14:19 -------- d-----w- c:\users\eduardo\AppData\Local\{E9175829-0CCB-4B20-8C06-ED186BFC2F5D}
2011-05-11 23:35 . 2011-05-11 23:35 -------- d-----w- c:\users\eduardo\AppData\Local\{80B45EDE-5E0A-4BAF-A59D-4AB0E2F4AE09}
2011-05-11 10:23 . 2011-05-11 10:23 0 ---ha-w- c:\users\eduardo\AppData\Local\BIT78FD.tmp
2011-05-10 23:06 . 2011-05-10 23:06 -------- d-----w- c:\users\eduardo\AppData\Local\{2AAF5A32-0D91-4C06-9B50-BDF0237D457E}
2011-05-09 21:29 . 2011-05-09 21:30 -------- d-----w- c:\users\eduardo\AppData\Local\{20354647-1492-4FEC-8027-3879963CBE4E}
2011-05-09 03:45 . 2011-05-09 03:45 -------- d-----w- c:\users\eduardo\AppData\Local\{A3C6667A-432E-4BCB-9F79-F9E6898D3491}
2011-05-08 15:42 . 2011-05-08 15:43 -------- d-----w- c:\users\eduardo\AppData\Local\{3D9612DC-A45A-494E-9C0D-2B408499C65D}
2011-05-08 01:47 . 2011-04-11 07:04 7071056 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB788729-D118-4E8A-8010-12310C1012D0}\mpengine.dll
2011-05-07 16:38 . 2011-05-07 16:38 0 ---ha-w- c:\users\eduardo\AppData\Local\BIT8220.tmp
2011-05-07 05:46 . 2011-05-07 05:46 -------- d-----w- c:\users\eduardo\AppData\Local\{D4B212F8-F155-43E5-9352-4353DBDFB23A}
2011-05-06 00:55 . 2011-05-06 00:55 -------- d-----w- c:\users\eduardo\AppData\Local\{DA09AE03-E527-4501-93A5-2B68AFA44E60}
2011-05-04 23:05 . 2011-05-04 23:06 -------- d-----w- c:\users\eduardo\AppData\Local\{587354B1-8573-4D81-8E0D-BB6E15B6AFC6}
2011-05-04 11:03 . 2011-05-04 11:03 -------- d-----w- c:\users\eduardo\AppData\Local\{070EFD18-8B60-4A84-88D5-348B39F92785}
2011-05-03 23:01 . 2011-05-03 23:01 -------- d-----w- c:\users\eduardo\AppData\Local\{DC787A8F-EC6E-46E5-96EA-547186705D42}
2011-05-02 23:47 . 2011-05-02 23:47 -------- d-----w- c:\users\eduardo\AppData\Local\{19892448-B47C-4B29-A790-ED95ECF8A33E}
2011-05-02 00:00 . 2011-05-02 00:01 -------- d-----w- c:\users\eduardo\AppData\Local\{59FEA152-ACD5-494A-948D-478422E6E24E}
2011-05-01 23:40 . 2011-05-01 23:40 -------- d-----w- c:\users\eduardo\AppData\Local\{73601A16-BE53-4E57-8585-3F80667BD9EF}
2011-04-30 23:16 . 2011-04-30 23:17 -------- d-----w- c:\users\eduardo\AppData\Local\{44AE44BD-7F5F-4959-AF1E-495E1E0A0BA3}
2011-04-29 20:44 . 2011-04-29 20:44 -------- d-----w- c:\users\eduardo\AppData\Local\{53B14529-9981-40DB-8A8C-A5A56806D041}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 06:56 . 2011-05-29 06:56 12412 ----a-w- C:\UsbFix_Upload_Me_EDUARDOQ.zip
2011-05-25 02:14 . 2011-04-08 03:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-27 20:18 . 2011-04-27 20:18 0 ---ha-w- c:\users\eduardo\AppData\Local\BIT2C2.tmp
2011-03-12 11:31 . 2011-04-28 03:42 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 04:44 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 05:44 . 2011-04-28 03:43 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:44 . 2011-04-28 03:43 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44 . 2011-04-28 03:43 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44 . 2011-04-28 03:43 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43 . 2011-04-28 03:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43 . 2011-04-28 03:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43 . 2011-04-28 03:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40 . 2011-04-15 00:44 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 00:44 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:39 . 2011-04-28 03:43 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37 . 2011-04-28 03:43 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38 . 2011-04-15 00:52 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 00:46 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 00:46 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-16 02:04 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:43 . 2011-05-29 07:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-17 01:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-17 01:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 282624]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-17 423232]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-05-17 231592]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^eduardo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=c:\users\eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-03 23:04 174104 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-03 23:04 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 01:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-05-12 15:09 581480 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-03 23:04 151064 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-17 20:21 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-19 20:16 222504 ----a-w- c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 09:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 bkcatfil;Performance Counters for Windows Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R3 dc3d;Controlador de detección de dispositivos de hardware de Microsoft;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 44432]
R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-23 116136]
R3 netr73;Controlador de tarjeta LAN inalámbrica USB RT73 para Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 netw5v32;Controlador del adaptador Intel(R) Wireless WiFi Link 5000 Series para Windows Vista de 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-17 126536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-17 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-17 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-17 99400]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-17 111176]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-17 113736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bkcatfil
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 22:38]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 22:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = proxy.uson.mx:8080
uInternet Settings,ProxyOverride = 127-0-0-1;148.255.*;*.uson.mx;<local>
IE: E&xportar a Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\eduardo\AppData\Roaming\Mozilla\Firefox\Profiles\x0i1gamw.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
Notify-mekomdo - c:\windows\system32\config\systemprofile\AppData\Local\mekomdo.dll
SafeBoot-Wdf01000.sys
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-29 13:43:41
ComboFix-quarantined-files.txt 2011-05-29 20:43
.
Pre-Run: 171,669,065,728 bytes libres
Post-Run: 171,601,092,608 bytes libres
.
- - End Of File - - 2EDCF8ECB43EFAF6A262785D74D29484


_________________________________________

Y debo decir, que después de reiniciar, eso ha solucionado el problema!

El Centro de Seguridad ya está activado!!

Y bueno... pude activar el firewall de Windows, pero ahora el servicio que no inicia es el de Windows Defender ni tampoco reconoce al antivirus ni antispyware que tengo instalado (Panda Cloud y Spybot de nuevo).

¿Es esto realmente un problema para que trabajen bien los programas de seguridad que tengo? Como dato curioso, el servicio del Centro de Seguridad aún no aparece... pero después de usar el ComboFix y volver a entrar a services.msc, aparece un nuevo servicio al final de la lista llamado wscsvc... (deduzco que significa Windows Security Center Service), no tiene descripción y está como inicio retrasado.

El error que da Windows Defender al tratar de iniciarlo es el siguiente:
El servicio especificado no existe como servicio instalado. Código de error: 0x80070424.

Por favor realiza los pasos tal cual te menciono:

A.-

• Desinstala desde Inicio / Panel de Control / Programas - Programas y características:

Spybot - Search and Destroy
Panda Cloud Antivirus
Norton Internet Security

En el caso de no poder desinstalarlos correctamente observa detalladamente y sigue los 3 Pasos a seguir para una correcta desinstalación y/o limpieza de rastros.

B.-


1.-Abrir el Notepad (Bloc de Notas)

• Ir a INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.-Ahora copia y pega estos archivos dentro del Notepad

Código:

KillAll::

File::
c:\users\eduardo\AppData\Local\BIT32F6.tmp
c:\users\eduardo\AppData\Local\BITDF9A.tmp
c:\users\eduardo\AppData\Local\BIT2480.tmp
c:\users\eduardo\AppData\Local\BIT6131.tmp
c:\users\eduardo\AppData\Local\BIT8220.tmp
c:\users\eduardo\AppData\Local\BIT2C2.tmp

NetSvcs::
bkcatfil

Driver::
bkcatfil

3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

• Reinicia tu PC y nos dejas el nuevo reporte de ComboFix, comentándonos ¿Cómo esta funcionado todo actualmente?

Antes de usar el CFScript....

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Si te pide actualizar aceptas.