Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Tanto en el explorer como en mozilla se me abren pantallas de publicidad, de por ejempl. vueling,edreams y publicidad en general de empresas ""importantes"", al cerrarlas se me queda otra pantalla abierta en blanco.
He utilizado tanto en modo a prueba de fallos como en normal, lo siguiente:
-limpiar con cclleaner , registros archivos etc.etc.
-Le he pasado adaware, el avg antispiware, spybot
-Le ha pasado el avg pro(que tenia instalado), lo desinstalé y le he pasado el Kaspersky, tambien le he pasado un antivirus portable el Clam Win
-He vuelto a limpiar con el ccleaner y con absolute uninstaler que trae una herramienta para limpiar el registro.
Ninguno de los anti spyware y antivirus me ha detectado nada de importancia, y me siguen saliendo las dichosas ventanas. Así como ultima alternativa espero que me ayudeis con el hijackthis. MUCHAS GRACIAS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:37, on 04/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\pacurron\AppData\Local\uogyc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\pacurron\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.ex e
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.es.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.es.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\sw g.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [uogyc] "c:\users\pacurron\appdata\local\uogyc.exe" uogyc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll eNetHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10810 bytes

Hola pacurron,

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

• ComboFix.exe
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [uogyc] "c:\users\pacurron\appdata\local\uogyc.exe" uogyc




Paso 3- Ejecuta estas herramientas, de a una:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• Malwarebytes' Anti-Malware
• C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

Lo primero y antes de nada, darte las gracias por tu ayuda ,
ya he echo todo lo que me has dicho, no me lo indicabas, pero he entendido que habia que hacerlo en modo seguro. Aquí te pongo los reportes de los dos programas

Malwarebytes' Anti-Malware 1.32
Versión de la Base de Datos: 1625
Windows 6.0.6001 Service Pack 1

06/01/2009 20:35:04
mbam-log-2009-01-06 (20-35-04).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 147368
Tiempo transcurrido: 29 minute(s), 13 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


ComboFix 09-01-05.05 - pacurron 2009-01-06 20:37:25.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.2037.1433 [GMT 1:00]
Se ejecuta desde: C:\Users\pacurron\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\pacurron\AppData\Local\uogyc.dat
C:\Users\pacurron\AppData\Local\uogyc.exe
C:\Users\pacurron\AppData\Local\uogyc_nav.dat
C:\Users\pacurron\AppData\Local\uogyc_navps.dat
C:\Windows\system32\x64

.
(((((((((((((((((( Archivos creados desde 2008-12-06 - 2009-01-06 )))))))))))))))))))))))))))))))))
.

2009-01-04 18:13 . 2009-01-04 21:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2009-01-04 17:56 . 2009-01-04 17:56 <DIR> d-------- C:\Users\pacurron\AppData\Roaming\Malwarebytes
2009-01-04 17:56 . 2009-01-04 18:38 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2009-01-04 17:55 . 2009-01-04 17:55 <DIR> d-------- C:\Users\All Users\Malwarebytes
2009-01-04 17:55 . 2009-01-06 19:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-04 17:55 . 2009-01-04 17:55 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2009-01-04 17:55 . 2009-01-04 18:38 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2009-01-04 17:35 . 2009-01-04 17:35 <DIR> d-------- C:\Users\pacurron\AppData\Roaming\Media Player Classic
2009-01-04 12:31 . 2009-01-04 12:31 <DIR> d-------- C:\Program Files\Trend Micro
2009-01-03 23:18 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2009-01-03 22:56 . 2009-01-03 23:17 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2009-01-03 22:56 . 2009-01-03 23:17 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2009-01-03 22:55 . 2009-01-03 22:55 <DIR> d-------- C:\Program Files\Kaspersky Lab
2009-01-03 22:55 . 2009-01-06 19:59 3,109,152 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2009-01-03 22:55 . 2009-01-06 19:59 43,760 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2009-01-03 11:05 . 2009-01-03 11:05 <DIR> d-------- C:\Program Files\Opera
2009-01-01 17:45 . 2009-01-02 20:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2009-01-01 14:56 . 2007-09-28 00:33 <DIR> d-------- C:\Program Files\Wireless_Watch_2.0.1.0
2009-01-01 13:01 . 2009-01-01 13:01 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-01-01 13:01 . 2009-01-01 13:01 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-01-01 13:01 . 2009-01-01 13:01 <DIR> d-------- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-01 13:01 . 2009-01-01 13:01 <DIR> d-------- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-12-30 23:39 . 2008-12-30 23:39 54,123,192 --a------ C:\Windows\System32\avg_ipw_stf_en_8_93a1300.exe
2008-12-30 23:28 . 2008-12-30 23:28 <DIR> d-------- C:\Users\All Users\Made in Indonesia
2008-12-30 23:28 . 2008-12-30 23:28 <DIR> d-------- C:\PROGRA~2\Made in Indonesia
2008-12-30 22:41 . 2009-01-06 19:51 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-12-30 22:41 . 2009-01-06 19:51 <DIR> d-------- C:\PROGRA~2\Kaspersky Lab
2008-12-30 21:04 . 2008-12-30 21:04 <DIR> d-------- C:\Users\pacurron\AppData\Roaming\Thinstall
2008-12-30 20:54 . 2008-12-30 20:54 <DIR> d-------- C:\Users\pacurron\DoctorWeb
2008-12-30 20:21 . 2008-12-30 20:21 <DIR> d-------- C:\Users\pacurron\AppData\Roaming\Lavasoft
2008-12-27 17:08 . 2008-12-27 17:09 <DIR> d-------- C:\Program Files\Microsoft Works
2008-12-27 16:50 . 2008-12-27 16:50 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-12-27 12:52 . 2008-12-27 12:55 <DIR> d-------- C:\Program Files\Unlocker
2008-12-13 11:49 . 2008-10-22 02:22 2,048 --a------ C:\Windows\System32\tzres.dll
2008-12-07 08:55 . 2008-12-07 08:55 <DIR> d-------- C:\Users\All Users\Broderbund Software
2008-12-07 08:55 . 2008-12-07 08:55 <DIR> d-------- C:\Program Files\Web Publish
2008-12-07 08:55 . 2008-12-07 08:55 <DIR> d-------- C:\PROGRA~2\Broderbund Software
2008-12-07 08:47 . 2008-12-07 08:47 <DIR> d-------- C:\Program Files\Common Files\Broderbund
2008-12-07 08:47 . 1999-04-21 04:08 29,184 --------- C:\Windows\System32\Popup.ocx
2008-12-07 08:46 . 2008-12-07 08:46 <DIR> d-------- C:\Program Files\Broderbund

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2009-01-06 18:44 --------- d-----w C:\Users\pacurron\AppData\Roaming\Orbit
2009-01-05 20:40 --------- d---a-w C:\PROGRA~2\TEMP
2009-01-05 20:12 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2009-01-03 22:18 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2009-01-03 21:53 --------- d-----w C:\Program Files\AVG
2009-01-03 21:01 --------- d-----w C:\PROGRA~2\Kaspersky Lab Setup Files
2008-12-28 18:44 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-12-27 15:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-12-27 13:48 --------- d-----w C:\Users\pacurron\AppData\Roaming\uTorrent
2008-12-27 10:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-12-14 10:56 --------- d-----w C:\Program Files\Acer GameZone
2008-12-13 11:07 --------- d-----w C:\Program Files\Windows Mail
2008-12-07 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-06 06:50 --------- d-----w C:\Program Files\Java
2008-11-30 11:14 --------- d-----w C:\Program Files\Panda Security
2008-11-30 11:12 --------- d-----w C:\Program Files\Zone Labs
2008-11-29 15:03 --------- d-----w C:\Users\pacurron\AppData\Roaming\GrabPro
2008-11-29 15:03 --------- d-----w C:\Program Files\Orbitdownloader
2008-11-10 04:43 410,984 ----a-w C:\Windows\System32\deploytk.dll
2008-11-08 18:55 --------- d-----w C:\Program Files\TVUPlayer
2008-11-08 18:55 --------- d-----w C:\PROGRA~2\TVU Networks
2008-11-08 18:45 --------- d-----w C:\Users\pacurron\AppData\Roaming\TVU networks
2008-11-07 21:49 --------- d-----w C:\Program Files\CyberLink
2008-11-01 03:44 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w C:\Windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 296,960 ----a-w C:\Windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w C:\Windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w C:\Windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w C:\Windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w C:\Windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w C:\Windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w C:\Windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w C:\Windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-07-27 14:38 174 --sha-w C:\Program Files\desktop.ini
2008-06-02 21:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-06-02 21:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 21:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 15:05 132392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-10-20 19:55 39408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 15:06 1840424]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp. exe" [2006-11-05 20:48 57344]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 10:41 845360]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 19:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 19:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 19:13 133656]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 08:31 2221352]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 23:01 52168]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 06:51 768520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43 136600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04 39792]
"Skytel"="Skytel.exe" [2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-01 01:26:56 535336]
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\agremind.exe [2008-12-07 08:47:34 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3h ook.dll C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{B870F776-65B0-4BBE-B0AE-79DB87435EAD}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B6023304-D1F5-4BE4-B6FE-5328DFA54E5F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E29F6893-7584-48E4-8099-F5920B729174}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{42E803D4-F4D0-40C9-BE4E-A943D05728FE}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{BD128C5C-808F-4A62-938E-61E28748650F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{CD469F24-2746-420F-9D3E-4B9492CD32A4}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent
"{1AF9A611-0714-4E58-A523-C0779711FCA4}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSf su
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled: encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled: decryption
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

S0 pavboot;pavboot;C:\Windows\System32\drivers\pavboo t.sys [2008-10-25 14:45:29 28544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2007-04-04 14:59:16 20760]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60x.sys [2007-08-01 08:47:02 179712]
S4 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-08-01 02:11:47 50688]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b1762383-8276-11dd-a57d-001b38d2c23b}]
\shell\AutoRun\command - F:\SETUP.EXE
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE
.
- - - - HUÉRFANOS ELIMINADOS - - - -

HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe


.
------- Análisis Suplementario -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://es.es.acer.yahoo.com
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Agregar al componente Anti-Banners
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel
IE: E&xportar a Microsoft Excel

C:\Windows\bdoscandellang.ini - C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - C:\Users\pacurron\AppData\Roaming\Mozilla\Firefox\ Profiles\6w2yrdeo.default\
FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Users\pacurron\AppData\Roaming\Mozilla\Firefox\ Profiles\6w2yrdeo.default\extensions\firefox@tvune tworks.com\plugins\npTVUAx.dll
.

Bueno, a ver si está todo bien, muchas gracias de nuevo

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ?

Salu2

En principio todo va bien, ya no me han vuelto a aparecer ventanas de publicidad y el sistema trabaja correctamente, muchas gracias de nuevo, creo que se puede dar el tema por solucionado, si tuviera algún problema lo volveria a comentar en el foro, muchas gracias de nuevo.