he sido victima de robo de identidad, tanto de mis cuentas de correo como de mi facebook, tales asi que escribian al mismo tiempo que yo, lo he bloqueado, he descubierto la creacion de usuario ilegitimos y propietarios de svchost y services.exe aparte de archivos netuser.dat que los he eliminado, pero advirtiendo por netstat el uso de puertos 3562 por svchost.exe, en system32/ he pasado el combofix, y les paso el log creado, gracias, tambien desintale el thunderbit, porque me aparecia en los procesos aunque estuviera cerrado....... bueno espero me den una mano aqui les paso el log de combofix y gracias.

ComboFix 16-08-10.01 - Pappo 11/08/2016 1345.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.2040.1096 [GMT -3:00]
Running from: e:\users\Pappo\Downloads\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\users\Pappo\AppData\Roaming\Microsoft\Windows\Recent\desktop_20981119.ico
.
.
((((((((((((((((((((((((( Files Created from 2016-07-11 to 2016-08-11 )))))))))))))))))))))))))))))))
.
.
2016-08-11 16:18 . 2016-08-11 16:18 -------- d-----w- e:\users\Pappo\AppData\Local\temp
2016-08-11 16:18 . 2016-08-11 16:18 -------- d-----w- e:\users\majid\AppData\Local\temp
2016-08-11 16:18 . 2016-08-11 16:18 -------- d-----w- e:\users\Administrador\AppData\Local\temp
2016-08-10 22:21 . 2009-02-24 21:35 255552 ----a-w- e:\windows\SysWow64\drivers\mcdbus.sys
2016-08-10 22:21 . 2009-02-24 21:35 255552 ----a-w- e:\windows\system32\drivers\mcdbus.sys
2016-08-10 22:21 . 2016-08-10 22:22 -------- d-----w- e:\program files (x86)\MagicDisc
2016-08-10 16:26 . 2016-06-21 22:04 12007136 ----a-w- e:\programdata\Microsoft\Windows Defender\Definition Updates\{C2D0F4F9-D677-4B9B-A707-A065DAFFCE6C}\mpengine.dll
2016-07-14 16:26 . 2016-07-14 16:26 -------- d-----w- e:\programdata\Claro Internet
2016-07-14 16:24 . 2016-07-14 16:26 -------- d-----w- e:\programdata\DatacardService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-11 15:28 . 2016-03-03 13:21 192216 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-26 17:24 . 2010-11-21 03:27 504488 ------w- e:\windows\system32\MpSigStub.exe
2016-07-13 16:20 . 2015-05-18 16:33 796352 ----a-w- e:\windows\SysWow64\FlashPlayerApp.exe
2016-07-13 16:20 . 2015-05-18 16:33 142528 ----a-w- e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-16 17:26 . 2016-06-16 17:26 97280 ------w- E:\bootsect.exe
2016-06-01 18:12 . 2016-06-18 17:14 53008 ----a-w- e:\windows\system32\TURegOpt.exe
2016-06-01 18:05 . 2016-06-18 17:39 44304 ----a-w- e:\windows\system32\authuitu.dll
2016-06-01 18:05 . 2016-06-18 17:39 56080 ----a-w- e:\windows\system32\uxtuneup.dll
2016-06-01 18:05 . 2016-06-18 17:39 39696 ----a-w- e:\windows\SysWow64\authuitu.dll
2016-06-01 18:05 . 2016-06-18 17:39 49424 ----a-w- e:\windows\SysWow64\uxtuneup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="e:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="e:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2016-01-09 318248]
"SDTray"="e:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"AvgUi"="e:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-07-20 186640]
.
e:\users\Pappo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - e:\program files (x86)\MagicDisc\MagicDisc.exe [2016-8-10 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=e:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
"SwitchBoard"=e:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AdobeCS5ServiceManager"="e:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 Claro Internet. RunOuc;Claro Internet. OUC;e:\program files (x86)\Claro Internet\UpdateDog\ouc.exe;e:\program files (x86)\Claro Internet\UpdateDog\ouc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;e:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;e:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;e:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;e:\windows\system32\Drivers\ssadadb.sys;e:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;e:\program files\BitComet\tools\BitCometService.exe;e:\program files\BitComet\tools\BitCometService.exe [x]
R3 dmvsc;dmvsc;e:\windows\system32\drivers\dmvsc.sys;e:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;e:\windows\system32\DRIVERS\ew_hwusbdev.sys;e:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;e:\windows\system32\DRIVERS\ew_usbenumfilter.sys;e:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;e:\windows\system32\DRIVERS\ew_jucdcacm.sys;e:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;e:\windows\system32\DRIVERS\ew_juextctrl.sys;e:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;e:\windows\system32\DRIVERS\ew_juwwanecm.sys;e:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys;e:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;e:\windows\system32\drivers\mwac.sys;e:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);e:\windows\system32\DRIVERS\ssadbus.sys;e:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);e:\windows\system32\DRIVERS\ssadmdfl.sys;e:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;e:\windows\system32\DRIVERS\ssadmdm.sys;e:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);e:\windows\system32\DRIVERS\ssadserd.sys;e:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys;e:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;e:\windows\system32\drivers\TsUsbGD.sys;e:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 Motorola Device Manager;Motorola Device Manager Service;e:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;e:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 ose64;Office 64 Source Engine;e:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;e:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R4 PST Service;PST Service;e:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;e:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
R4 SwitchBoard;SwitchBoard;e:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;e:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S1 SDHookDriver;Hook Test Driver;e:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;e:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 avgsvc;AVG Service;e:\program files (x86)\AVG\Framework\Common\avgsvca.exe;e:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;e:\programdata\DatacardService\HWDeviceService64.exe;e:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;e:\program files\Common Files\Protexis\License Service\PsiService_2.exe;e:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;e:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;e:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;e:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;e:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 huawei_enumerator;huawei_enumerator;e:\windows\system32\DRIVERS\ew_jubusenum.sys;e:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Controlador NT de Realtek 8167;e:\windows\system32\DRIVERS\Rt64win7.sys;e:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;e:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-08-11 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="e:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"IgfxTray"="e:\windows\system32\igfxtray.exe" [2009-09-15 165912]
"Persistence"="e:\windows\system32\igfxpers.exe" [2009-09-15 363544]
"BCSSync"="e:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyServer = localhost:21320
IE: &D&escargar &con BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - e:\users\Pappo\AppData\Roaming\Mozilla\Firefox\Profiles\g8va8ts8.default-1465850757613\
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3319984290-1349418006-544972003-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00C53F6E-B2E2-333B-C51B-FF084AEB3CF6}*]
"jbdmlobefcninekmahobecclampeghbgaejhpgiijhjjoabbhein"=hex:68,61,69,67,61,65,
6f,65,6a,6d,67,6c,67,6d,6a,70,00,00
"dbdmlobefcninekmahobkcgegchedopmmgpkjnde"=hex:6a,61,66,63,63,6d,6f,61,6e,6a,
6a,70,62,6f,65,65,63,66,6a,6a,00,00
"dbdmlobefcninekmahobdbpealomcboomaignfgm"=hex:68,61,69,67,61,65,6f,65,6a,6d,
67,6c,67,6d,6a,70,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-08-11 13:22:06
ComboFix-quarantined-files.txt 2016-08-11 16:22
.
Pre-Run: 75.697.577.984 bytes libres
Post-Run: 75.549.544.448 bytes libres
.
- - End Of File - - 3CD5E14DD0041A2AD020315489CB670F
A36C5E4F47E84449FF07ED3517B43A31

EN OTRA PARTICION TENIA UN XP, PERO ME LO HICIERON ******.......