Ya le pase hijackthis y este es el log, pero no encontre nada, aca esta:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:35 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application
Launcher.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ScanSoft\PaperPort\xdcla.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Connection Wizard\ConnectionWizard.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and
Settings\Administrator.SM03403\Desktop\hijackthis\ HijackThis.exe

O1 - Hosts: 192.9.200.42 SQL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink
Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [\\Lpg04446\EPSON Stylus C67 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AL.EXE /P34
"\\Lpg04446\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program
Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest
update\Engine\Setup.exe -s
/PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MO TORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program
Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program
Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Image Retriever.lnk = C:\Program
Files\ScanSoft\PaperPort\xdcla.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laprensa.com.sv
O17 - HKLM\Software\..\Telephony: DomainName = laprensa.com.sv
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D7B599A1-369E-49A5-8C4E-ACA76DBF1010}:
NameServer = 168.243.227.194,168.243.227.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laprensa.com.sv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = laprensa.com.sv
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
Files\Symantec AntiVirus\Rtvscan.exe

Ya te envio el archivo con el detalle del monitor process Daniel

"fermu" wrote:

> mi impresión es que sigues envirusado, a parte de lo que te ha comentado
> Dani, pasale el hijackthis a ver que tienes en esa máquina y deja por
> aqui el log.
>
> http://hijackthis.softonic.com/
>
> --
>
> Saludos / Fernando M.
> Fermu's Website - http://www.fermu.com - http://www.teladearana.es
> Registered Linux User #367696 - MS MVP Windows - Shell/User
> La caridad bien entendida comienza por uno mismo (by Moni)
>