Tras seguir los pasos previos que listais en el Post-it (y alguno mas)
os dejo mi Hijack por si alguien ma puede ayudar:

(por supuesto los s´´intomas que me salen acentos dobles en ambas teclas de acentos)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:31, on 25/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Ares\Ares.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
c:\program files\grasssoft\macro expert\MacroServiceWnd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Web Replay BHO - {8B57DF7C-9BF9-4D52-B94E-37ACE3893F7D} - C:\Program Files\Deskperience\Web Replay\inetie.dll (file missing)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Web Replay Toolbar - {756727E5-1E5C-4284-B2DA-C21D3A283A38} - C:\Program Files\Deskperience\Web Replay\inetieui.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Archivos de programa\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Macro Manager] C:\Program Files\GrassSoft\Macro Expert\MacroManager.exe /q
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Archivos de programa\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Archivos de programa\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D23F2B73} - C:\Program Files\Deskperience\Web Replay\ShowToolbar.dll (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-8f8b02be9397472d.spaces.l...PUpldes-es.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/...ws-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.com/ocx/VUploaderProj1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Monitors macro triggers and scheduler items. (Macro Expert) - Unknown owner - c:\program files\grasssoft\macro expert\MacroService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6685 bytes

Este es mi archv de hosts, que por cierto el HijackThis alerta de que no puede acceder:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

----------------------------------------------------------

Tampoco tengo ningun archivo NTOS.EXE ni TWEXT.EXE en el system32

○» Desactiva la opción de Restaurar Sistema, una vez que tu sistema quede limpio la puedes volver a activar (Si no puedes por cualquier motivo, omite este paso).

○» Asegura que tu sistema Muestre los archivos y carpetas ocultos

○» Reinicia en Modo Seguro. (Repáralo si no funciona y si no puedes repararlo omite este paso)

○»En Procedimientos en Logs de HijackThis encontraras información de cómo llevar a cabo las indicaciones que desconozcas.

○» Ejecuta el HijackThis y da clic en el botón Do a system scan only
Sacar un log de Hijackthis para su análisis en el foro

○» Selecciona las casillas de las siguientes entradas y presiona el botón Fix Checked:
○»Asegúrate de que los siguientes archivos están borrados:
De no ser así elimínalos con alguno de los siguientes métodos: Eliminar librerías .DLL o .EXE

○» Limpia la papelera

○» Reinicia tu sistema operativo normalmente

Ahora sigue los siguientes pasos:

○»Actualiza tu sistema acá: microsoft.com (Si por algún motivo no puedes actualizar sigue con los demás pasos)

○» Borra todas las cookies, archivos temporales… y limpia el registro con CCleaner.

○»Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA)

○»Pásale el Malwarebytes Anti-Malware. Descarga de Malwarebytes Anti-Malware

○»Pásale el Dr.Web CureIt! (Dr. Web Cureit - Manual)

○» Haz un scan on-line acá: Free ESET Online Antivirus Scanner
Debes usar el Internet Explorer y aceptar los Active X
Le pones que elimine lo que te detecte.

○» Coméntame los resultados y publica otro log aquí.

__________________

Tras seguir los pasos persiste el problema.
Este es el nuevo LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:23, on 25/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\grasssoft\macro expert\MacroServiceWnd.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Web Replay BHO - {8B57DF7C-9BF9-4D52-B94E-37ACE3893F7D} - C:\Program Files\Deskperience\Web Replay\inetie.dll (file missing)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Web Replay Toolbar - {756727E5-1E5C-4284-B2DA-C21D3A283A38} - C:\Program Files\Deskperience\Web Replay\inetieui.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Archivos de programa\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Macro Manager] C:\Program Files\GrassSoft\Macro Expert\MacroManager.exe /q
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Archivos de programa\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Archivos de programa\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Replay - {3401B8CC-95A4-4dbe-B73F-00E2D23F2B73} - C:\Program Files\Deskperience\Web Replay\ShowToolbar.dll (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-8f8b02be9397472d.spaces.l...PUpldes-es.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/...ws-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.com/ocx/VUploaderProj1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Monitors macro triggers and scheduler items. (Macro Expert) - Unknown owner - c:\program files\grasssoft\macro expert\MacroService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7081 bytes

Hola pcasfer, descarga ComboFix y nos pones su log.
Un saludo

__________________

Os adjunto el log del Combofix:

ComboFix 08-11-24.03 - Pablo 2008-11-25 12:28:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.3082.18.257 [GMT 1:00]
Se ejecuta desde: c:\users\Pablo\Desktop\ComboFix.exe
.
ADS - system32: deleted 12 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
(((((((((((((((((( Archivos creados desde 2008-10-25 - 2008-11-25 )))))))))))))))))))))))))))))))))
.

2008-11-25 11:29 . 2008-11-25 11:29 <DIR> d-------- c:\users\Pablo\DoctorWeb
2008-11-25 04:45 . 2008-11-25 04:45 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-11-25 04:45 . 2008-11-25 04:45 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-25 04:44 . 2008-11-25 04:48 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-11-25 04:44 . 2008-11-25 04:44 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-25 04:43 . 2008-11-25 04:43 <DIR> d-------- c:\users\All Users\avg8
2008-11-25 04:43 . 2008-11-25 04:43 <DIR> d-------- c:\programdata\avg8
2008-11-25 04:43 . 2008-11-25 04:43 <DIR> d-------- c:\program files\AVG
2008-11-25 02:57 . 2008-11-25 02:57 <DIR> d-------- c:\program files\CCleaner
2008-11-25 02:34 . 2008-11-25 02:34 <DIR> d-------- c:\users\Pablo\AppData\Roaming\Malwarebytes
2008-11-25 02:34 . 2008-11-25 02:34 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-25 02:34 . 2008-11-25 02:34 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-25 02:34 . 2008-11-25 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 02:34 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-25 02:34 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-24 20:22 . 2008-11-24 20:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-24 17:04 . 2008-11-24 17:04 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-11-24 17:04 . 2008-11-24 17:04 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-11-24 17:03 . 2008-11-24 17:03 <DIR> d-------- c:\users\Pablo\AppData\Roaming\SUPERAntiSpyware.co m
2008-11-24 17:03 . 2008-11-24 17:04 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-24 16:48 . 2008-11-24 16:48 <DIR> d-------- C:\!KillBox
2008-11-24 06:11 . 2008-11-24 06:11 <DIR> d-------- c:\program files\uTorrent
2008-11-24 06:10 . 2008-11-24 14:52 <DIR> d-------- c:\users\Pablo\AppData\Roaming\uTorrent
2008-11-24 03:43 . 2008-11-24 03:43 86,005 --a------ c:\windows\System32\Loquo1.msd
2008-11-24 00:57 . 2008-11-24 00:57 <DIR> d-------- c:\users\Pablo\AppData\Roaming\Grasssoft
2008-11-24 00:57 . 2008-11-25 11:55 512 --ahs---- c:\windows\System32\{661379DB-2FD5-499e-BD64-5E82C00459C0}.uid
2008-11-24 00:56 . 2008-11-24 00:56 <DIR> d-------- c:\users\All Users\Grasssoft
2008-11-24 00:56 . 2008-11-24 00:56 <DIR> d-------- c:\programdata\Grasssoft
2008-11-24 00:56 . 2008-11-24 00:56 <DIR> d-------- c:\program files\GrassSoft
2008-11-24 00:51 . 2008-11-24 00:57 <DIR> d-------- c:\users\Pablo\AppData\Roaming\Deskperience
2008-11-22 03:16 . 2008-11-22 03:25 <DIR> d-------- c:\users\Pablo\AppData\Roaming\gtk-2.0
2008-11-22 03:16 . 2008-11-22 03:16 <DIR> d-------- c:\users\Pablo\.thumbnails
2008-11-22 02:55 . 2008-11-22 02:55 <DIR> d-------- c:\program files\Gimp-2.0
2008-11-22 02:51 . 2008-11-22 02:51 <DIR> d-------- c:\program files\Paint.NET
2008-11-22 02:26 . 2008-11-22 02:26 <DIR> d-------- c:\users\All Users\Macrovision
2008-11-22 02:26 . 2008-11-22 02:26 <DIR> d-------- c:\programdata\Macrovision
2008-11-22 02:26 . 2008-11-22 02:26 <DIR> d-------- c:\program files\Vextractor Demo 4.20
2008-11-22 02:24 . 2008-11-22 02:24 <DIR> d-------- c:\program files\Common Files\Macromedia Shared
2008-11-20 19:39 . 2008-11-20 19:40 <DIR> d-------- c:\program files\SWiSH Max2
2008-11-20 02:38 . 2008-11-20 02:38 <DIR> d-------- c:\windows\System32\QuickTime
2008-11-20 02:38 . 2008-11-22 02:24 <DIR> d-------- c:\users\All Users\Macromedia
2008-11-20 02:37 . 2008-11-22 02:23 <DIR> d-------- c:\program files\Macromedia
2008-11-20 02:37 . 2008-11-20 02:43 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-11-19 16:58 . 2008-11-19 16:58 <DIR> d-------- c:\program files\AutoIt3
2008-11-19 05:33 . 2008-11-19 05:33 737,280 --a------ c:\windows\iun6002.exe
2008-11-19 05:11 . 2008-11-19 06:24 <DIR> d-------- c:\users\Pablo\AppData\Roaming\TheEasyBee Free
2008-11-19 05:01 . 2008-11-19 05:01 <DIR> d-------- c:\users\All Users\Insight Software Solutions
2008-11-19 05:01 . 2008-11-19 05:01 <DIR> d-------- c:\users\All Users\Insight Software
2008-11-19 05:01 . 2008-11-19 05:01 <DIR> d-------- c:\programdata\Insight Software Solutions
2008-11-19 05:01 . 2008-11-19 05:01 <DIR> d-------- c:\programdata\Insight Software
2008-11-19 05:00 . 2008-11-19 05:10 <DIR> d-------- c:\program files\Macro Express3
2008-11-19 05:00 . 2008-11-19 05:00 <DIR> d-------- c:\program files\Common Files\Insight Software Solutions
2008-11-19 04:41 . 2008-11-19 04:59 <DIR> d-------- c:\program files\American Systems
2008-11-19 04:41 . 2008-07-01 13:24 302,184 --a------ c:\windows\amuninst.exe
2008-11-19 04:41 . 2008-11-19 04:41 36 --a------ c:\windows\ezmacros.INI
2008-11-19 02:50 . 2008-11-19 02:50 <DIR> d-------- c:\users\All Users\iOpus-i-M
2008-11-19 02:50 . 2008-11-19 02:50 <DIR> d-------- c:\programdata\iOpus-i-M
2008-11-19 02:50 . 2008-11-19 05:50 <DIR> d-------- c:\program files\iMacros
2008-11-19 02:50 . 2006-08-16 18:39 241,016 --a------ c:\windows\System32\imatl.dll
2008-11-19 02:03 . 2008-11-19 02:03 1,634 --a------ c:\users\Pablo\AppData\Roaming\WWB7_32.DAT
2008-11-19 01:58 . 2008-11-19 01:59 <DIR> d-------- c:\users\All Users\Network Automation
2008-11-19 01:58 . 2008-11-19 01:59 <DIR> d-------- c:\programdata\Network Automation
2008-11-19 01:41 . 2008-11-19 01:41 <DIR> d-------- c:\windows\Macro Scheduler Std
2008-11-19 01:41 . 2008-11-19 02:29 <DIR> d-------- c:\program files\Macro Scheduler
2008-11-19 01:24 . 2008-11-19 01:24 <DIR> d-------- c:\users\Pablo\AppData\Roaming\WinBatch
2008-11-19 01:24 . 2008-11-24 05:20 <DIR> d-------- c:\program files\WinBatch
2008-11-19 01:16 . 2008-11-19 02:09 <DIR> d-------- c:\program files\Workspace Macro 4.6
2008-11-19 01:10 . 2008-11-19 01:10 <DIR> d-------- c:\users\All Users\Softomotive
2008-11-19 01:10 . 2008-11-19 01:10 <DIR> d-------- c:\programdata\Softomotive
2008-11-19 01:03 . 2008-11-19 01:03 <DIR> d-------- c:\users\Pablo\AppData\Roaming\iOpus-I-M
2008-11-19 01:02 . 2008-11-19 01:07 <DIR> d-------- c:\program files\InternetMacros3
2008-11-19 01:02 . 2000-08-20 21:00 1,388,544 --a------ c:\windows\System32\temp.005
2008-11-19 01:02 . 2001-03-13 14:47 598,288 --a------ c:\windows\System32\temp.001
2008-11-19 01:02 . 1998-04-24 01:00 368,912 --a------ c:\windows\System32\vbar332.dll
2008-11-19 01:02 . 2001-03-13 14:53 326,656 --a------ c:\windows\System32\temp.006
2008-11-19 01:02 . 2001-03-13 14:47 164,112 --a------ c:\windows\System32\temp.002
2008-11-19 01:02 . 2001-03-13 14:45 147,728 --a------ c:\windows\System32\temp.003
2008-11-19 01:02 . 2001-03-13 14:47 17,920 --a------ c:\windows\System32\temp.004
2008-11-19 00:53 . 2008-11-19 00:55 <DIR> d-------- c:\users\Pablo\AppData\Roaming\Recorder
2008-11-19 00:38 . 2008-11-19 00:38 249,856 --------- c:\windows\Setup1.exe
2008-11-19 00:38 . 2008-11-19 00:38 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-14 02:08 . 2008-11-14 02:08 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-12 06:46 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 06:46 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 06:46 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 06:46 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 06:46 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-08 20:22 . 2008-11-08 20:22 <DIR> d-------- c:\users\Pablo\AppData\Roaming\GibbHill Properties Ltd
2008-10-31 22:56 . 2008-10-31 22:56 0 --a------ c:\windows\nsreg.dat
2008-10-28 23:47 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:47 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll
2008-10-26 22:25 . 2008-10-26 22:25 <DIR> d-------- c:\program files\FotoSketcher

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-11-25 07:37 --------- d-----w c:\program files\ESET
2008-11-25 02:04 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-24 19:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-24 16:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-22 01:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 18:52 --------- d-----w c:\program files\SWiSHmax
2008-11-14 01:09 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:32 --------- d---a-w c:\programdata\TEMP
2008-10-23 15:41 --------- d-----w c:\users\Pablo\AppData\Roaming\FileZilla
2008-10-23 14:26 --------- d-----w c:\users\Pablo\AppData\Roaming\Notepad++
2008-10-23 14:26 --------- d-----w c:\program files\Notepad++
2008-10-23 12:16 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-19 22:56 --------- d-----w c:\program files\SIL
2008-10-18 07:20 --------- d-----w c:\program files\Windows Mail
2008-10-14 14:10 --------- d-----w c:\program files\ITEKSOFT
2008-10-11 10:09 --------- d-----r c:\users\Pablo\AppData\Roaming\Brother
2008-10-08 16:32 --------- d-----w c:\programdata\Brother
2008-10-07 12:20 --------- d-----w c:\users\Pablo\AppData\Roaming\Canon
2008-10-07 01:12 --------- d-----w c:\program files\MSXML 4.0
2008-10-05 22:01 --------- d-----w c:\program files\SWiSH v2.0 ESP
2008-10-05 21:44 --------- d-----w c:\users\Pablo\AppData\Roaming\Ahead
2008-10-05 20:38 --------- d-----w c:\program files\Common Files\Ahead
2008-10-05 20:32 --------- d-----w c:\programdata\Nero
2008-10-05 11:23 --------- d-----w c:\program files\Nero
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-01 15:32 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-01 15:32 --------- d-----w c:\program files\Canon
2008-07-11 06:05 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PCSuiteTrayApplication"="c:\archivos de programa\nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Macro Manager"="c:\program files\GrassSoft\Macro Expert\MacroManager.exe" [2008-10-23 2478080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-25 1234712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="c:\archivos de programa\nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{BB2C4A4C-179B-47FD-900B-69BBFBFA7B33}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{A0AADDF8-E2E4-464D-A229-4905FDB51790}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{BCE8B1F4-67A2-482F-A82C-EA27692667AE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A466F7EE-B8BB-46F5-A473-7142D38F2625}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{700031C8-BC30-4455-9965-33E17C190F95}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{63E78036-4982-462A-866E-722C569B200A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{46523BA8-9A7D-4A4D-92F3-465DF730036D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4432F104-127D-4991-ABB7-C782FE59E42C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8556DB93-651C-4C27-B6BA-96A3B4DEBF29}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{73CED9BF-1D3F-4018-AE23-A8971DC9C13D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{468BA275-B2AA-4E96-A525-6939A6383A10}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{5291B561-B824-4D0A-9458-E3AFF413BA38}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{B3D5E56F-9BFB-450D-8674-75EEEE55D2D7}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{EF884656-42E9-4555-99F7-2B3E5EAEC604}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{52C18F74-56B9-46F0-81F2-6EF11822EC8C}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{85E00027-395B-4CE3-A7BC-8287450EABB6}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{7BFD3A54-386F-491C-972E-B6C085FA3676}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{57F60044-E111-47D0-88F1-48D2D47DCE68}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{97A17424-20F9-4CD9-8680-92B61EF96832}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{834AC6B3-42F5-49B2-A176-8905ABF6ABD0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-25 97928]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-25 69128]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;c:\windows\system32\Drivers\BrSerIf.sys [2006-09-02 53248]
S3 BthAvrcp;Perfil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-01-22 187904]
S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;c:\windows\system32\DRIVERS\usbgx_2.sys [2004-09-06 24080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{24a9a971-3f75-11dd-ac5a-001b38fca392}]
\shell\AutoRun\command - gsxlexd.cmd
\shell\explore\Command - gsxlexd.cmd
\shell\open\Command - gsxlexd.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f7fefeed-1b88-11dd-8b6a-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe

*Newly Created Service* - CATCHME
.
Contenido de carpeta 'Tareas Programadas'

2008-11-25 c:\windows\Tasks\User_Feed_Synchronization-{6727F6FF-AF90-4FB3-8C81-F49889E99F09}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
.
------- Análisis Suplementario -------
.
FireFox -: Profile - c:\users\Pablo\AppData\Roaming\Mozilla\Firefox\Pro files\dyn2aguy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - Google
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 12:33:45
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\avgrsstx.dll
.
Tiempo completado: 2008-11-25 12:36:10
ComboFix-quarantined-files.txt 2008-11-25 11:36:06

Pre-Run: 46.607.499.264 bytes libres
Post-Run: 46,616,268,800 bytes libres

233 --- E O F --- 2008-11-20 00:43:39

Manda a analizar:

c:\windows\System32\Loquo1.msd
c:\windows\nsreg.dat
c:\windows\iun6002.exe
c:\windows\amuninst.exe

a:

Online malware scan
VirusTotal - Servicio online antivirus gratuito
Virus File Scanner


Y sube los resultados

__________________

Con la primera herramienta el archivo nsreg.dat genera el siguiente mensaje:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

En el resto no encuentra nada.

MacroManager.exe env&#237;a a analizar MacroManager.exe, que creo es la culpable, pero no lo tengo seguro.
Un saludo

__________________

nsreg.dat borrado sin problema y MacroManager verificado libre de virus.
El problemas persiste.