• Registrarse
  • Iniciar sesión


    • Resultados 1 al 10 de 10

    se abren ventanas emergentes de publicidad

    Resumen del tema: se abren ventanas emergentes de publicidad - Hola a todos, siento repetir este post pues he visto varios similares, pero no sé exactamente qué pasos seguir con el Hijackthis. He hecho ya los 11 pasos recomendados y el problema sigue igual. Pego ...

    1. 30/11/09, 04:21:25 #1
      Anajj
      Anajj está offline
      Usuario Avatar de Anajj
      Registrado
      nov 2009
      Ubicación
      Valencia
      Mensajes
      11

      se abren ventanas emergentes de publicidad

      Hola a todos, siento repetir este post pues he visto varios similares, pero no sé exactamente qué pasos seguir con el Hijackthis.

      He hecho ya los 11 pasos recomendados y el problema sigue igual.

      Pego aquí el log del HijackThis a ver si por favor podéis echarme una mano pues mis conocimientos de informática no llegan a más y estoy ya un poco desesperada:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:02:01, on 30/11/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16915)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
      C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\arservice.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
      C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
      C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
      C:\Documents and Settings\All Users\Application Data\QuestService\questservice127.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\SYSTEM32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
      C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\ARPWRMSG.EXE
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ps2.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Google\Google Talk\googletalk.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\QuestService\questservice.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
      C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
      k:\083d09c2c85df745ac\dotnetfx35setup.exe
      k:\c676d5d94d33138a16907867e89d75\setup.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\MsiExec.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
      O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll
      O2 - BHO: (no name) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - (no file)
      O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O3 - Toolbar: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
      O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
      O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini"
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
      O4 - HKLM\..\Run: [Install5G] N:\Livebox (E)\Install.exe /SI=1
      O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [i-Handbook] C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe /i
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - Global Startup: Bandeja del sistema de ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
      O8 - Extra context menu item: Abrir con Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_spa.dll /100
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: Anexar al archivo PDF existente - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
      O8 - Extra context menu item: Anexar el contenido de los vínculos seleccionados al archivo PDF existente - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
      O8 - Extra context menu item: Anexar el contenido del vínculo al archivo PDF existente - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
      O8 - Extra context menu item: Crear archivo PDF - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
      O8 - Extra context menu item: Crear archivo PDF del contenido del vínculo - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
      O8 - Extra context menu item: Crear archivos PDF de los vínculos seleccionados - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Ayuda para la conexión - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/50.14/uploader2.cab
      O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
      O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
      O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
      O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
      O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
      O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
      O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
      O23 - Service: QuestService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\QuestService\questservice127.exe
      O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

      --
      End of file - 18670 bytes

      Muchas gracias,
      Ana
      Reply With Quote Registrate para responder
    2. 30/11/09, 09:46:04 #2
      Leosolari
      Leosolari está online ahora.
      Moderador Gral.
       Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.853
      Facebook Google+ Twitter

      Re: se abren ventanas emergentes de publicidad

      Hola Anajj


      Descarga lo siguiente:

      º Ccleaner. Lo instalas según Su Manual

      º Malwarebytes. Lo instalas y actualizas según su manual, PERO NO LO EJECUTES AUN

      º ComboFix.exe y guárdalo en el escritorio.


      Cierra todos los programas, ejecutas HijackThis , tildas las casillas de estas entradas y presionas "FIX Cheked"


      O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

      O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll

      O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll
      O2 - BHO: (no name) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - (no file)



      Ejecuta Ccleaner usando sus opciones "Limpiador" y "Registro".

      Ejecuta Malwarebytes.
      Hacé un "escaneo completo". Una vez finalizado, si te detecta algo eliges " quitar lo seleccionado ".
      Si te pide reiniciar, lo haces.
      Ejecuta ComboFix.exe
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



      PD: No vuelvas a ejecutar ComboFix ni ningun otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.


      En tu próxima respuesta, debes poner lo siguiente:

      º El reporte de malwarebyte´s, que se encuentra en su pestaña REGISTROS
      º El reporte de ComboFix
      º Como funciona tu pc ahora


      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
      Reply With Quote Registrate para responder
    3. 30/11/09, 16:30:33 #3
      Anajj
      Anajj está offline
      Usuario Avatar de Anajj
      Registrado
      nov 2009
      Ubicación
      Valencia
      Mensajes
      11

      Re: se abren ventanas emergentes de publicidad

      Muchas gracias por tu ayuda Leosolari, parece que ahora no se me abren ventanas, aunque sí me he fijado que en la barra de título azul donde debe poner por ejemplo "Google" me sale "I-Google" y tarda en abrirse. Esto ya lo hacía desde que se infectó.

      De momento no he vuelto a instalar el antivirus, sigo así navegando hasta que me contestes de nuevo. Te pongo los informes:

      Malwarebytes' Anti-Malware 1.41
      Versión de la Base de Datos: 3262
      Windows 5.1.2600 Service Pack 3

      30/11/2009 21:24:20
      mbam-log-2009-11-30 (21-24-20).txt

      Tipo de examen : Examen Completo (C:\|D:\|K:\|)
      Objetos examinados: 324246
      Tiempo transcurrido: 1 hour(s), 46 minute(s), 15 second(s)

      Procesos en Memoria Infectados: 0
      Módulos en Memoria Infectados: 0
      Claves del Registro Infectadas: 13
      Valores del Registro Infectados: 0
      Elementos de Datos del Registro Infectados: 0
      Carpetas Infectadas: 28
      Ficheros Infectados: 72

      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Módulos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Claves del Registro Infectadas:
      HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully.

      Valores del Registro Infectados:
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Infectados:
      (No se han detectado elementos maliciosos)

      Carpetas Infectadas:
      C:\Program Files\Internet Today\1.1.0.1090 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\data (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\Data (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\Data (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.

      Ficheros Infectados:
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
      C:\Program Files\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\Microsoft.VC80.CRT.manifest (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\msvcr80.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Today\1.1.0.1090\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Web Search Operator\3.1.0.1800\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Textual Content Provider\1.1.0.1380\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\acepx.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Content Management Wizard\1.1.0.1820\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\cpapx.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.



      ComboFix 09-11-30.02 - HP_Administrator 30/11/2009 21:40.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1120 [GMT 1:00]
      Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\ComboFix.exe
      AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
      .
      ADS - WINDOWS: deleted 24 bytes in 1 streams.

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\HP_Administrator\My Documents\ZbThumbnail.info
      c:\recycler\S-1-5-21-654991984-770132596-3565502964-1007
      c:\windows\kb913800.exe
      c:\windows\system32\ps2.bat
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
      .

      2009-11-30 18:25 . 2009-11-30 18:25 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Malwarebytes
      2009-11-30 18:25 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-11-30 18:25 . 2009-11-30 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-11-30 18:25 . 2009-11-30 18:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-11-30 18:25 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-11-28 23:54 . 2009-11-28 23:54 -------- d-----w- c:\program files\ESET
      2009-11-28 23:44 . 2009-11-28 23:46 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\QuickScan
      2009-11-28 20:17 . 2009-11-28 20:17 -------- d-----w- c:\program files\Trend Micro
      2009-11-28 18:44 . 2009-11-28 18:44 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Panda Security
      2009-11-28 18:43 . 2009-11-28 18:43 249 ----a-w- c:\windows\system32\PavCPL.dat
      2009-11-28 18:43 . 2008-04-28 16:35 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys
      2009-11-28 18:43 . 2003-10-22 17:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
      2009-11-28 18:43 . 2009-03-17 17:07 87296 ----a-w- c:\windows\system32\PavLspHook.dll
      2009-11-28 18:43 . 2008-06-24 13:48 193280 ----a-w- c:\windows\system32\TpUtil.dll
      2009-11-28 18:43 . 2008-06-18 17:03 520448 ----a-w- c:\windows\system32\PavSHook.dll
      2009-11-28 18:43 . 2008-06-18 17:03 55552 ----a-w- c:\windows\system32\pavipc.dll
      2009-11-28 18:43 . 2007-02-08 10:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
      2009-11-28 18:43 . 2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll
      2009-11-28 18:43 . 2009-11-28 18:43 -------- d-----w- c:\windows\system32\PAV
      2009-11-28 18:43 . 2009-11-28 18:43 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Panda Security
      2009-11-28 18:43 . 2009-11-28 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
      2009-11-28 18:42 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2009-11-28 18:41 . 2009-11-28 18:41 -------- d-----w- c:\program files\Common Files\Panda Security
      2009-11-28 18:41 . 2008-03-04 14:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
      2009-11-28 18:41 . 2008-02-07 11:03 179640 ----a-w- c:\windows\system32\drivers\PavProc.sys
      2009-11-27 20:01 . 2009-11-26 14:29 58744 ----a-w- c:\documents and settings\All Users\Application Data\QuestService\questservice127.exe
      2009-11-27 20:00 . 2009-11-27 20:00 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Textual Content Provider
      2009-11-27 19:59 . 2009-11-30 20:24 -------- d-----w- c:\program files\QuestService
      2009-11-27 19:59 . 2009-11-27 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\QuestService
      2009-11-27 19:58 . 2009-11-27 19:58 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Internet Today
      2009-11-27 19:58 . 2009-11-27 19:58 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Customized Platform Advancer
      2009-11-27 19:57 . 2009-11-27 19:57 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Automated Content Enhancer
      2009-11-27 19:57 . 2009-11-27 19:57 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Web Search Operator
      2009-11-27 19:56 . 2009-11-27 20:00 -------- d-----w- c:\program files\Gameztar Toolbar
      2009-11-27 19:56 . 2009-11-27 20:00 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Gameztar Toolbar
      2009-11-17 09:32 . 2009-11-17 09:32 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2009-11-17 09:32 . 2009-11-17 09:32 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
      2009-11-17 09:32 . 2009-11-17 09:32 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
      2009-11-17 09:32 . 2009-11-20 09:32 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
      2009-11-17 09:32 . 2009-11-17 09:32 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
      2009-11-17 09:32 . 2009-11-17 09:32 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
      2009-11-17 09:32 . 2009-11-17 09:32 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
      2009-11-17 09:32 . 2009-11-17 09:32 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
      2009-11-17 09:30 . 2009-11-17 09:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
      2009-11-17 09:30 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
      2009-11-10 23:28 . 2009-11-10 23:28 247280 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Mozilla\plugins\npgoogletalk.dll
      2009-11-05 21:53 . 2009-11-05 21:53 -------- d-----w- c:\program files\Microsoft
      2009-11-04 10:07 . 2009-11-04 10:07 152576 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-30 20:51 . 2009-03-19 00:43 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Skype
      2009-11-30 18:22 . 2009-04-03 09:33 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\HPAppData
      2009-11-30 06:44 . 2009-03-19 02:12 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Roxio
      2009-11-28 21:21 . 2008-02-12 08:26 -------- d-----w- c:\program files\Panda Security
      2009-11-28 21:11 . 2006-03-29 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-11-28 21:10 . 2008-05-06 15:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
      2009-11-28 21:10 . 2006-03-29 08:43 -------- d-----w- c:\program files\SpywareBlaster
      2009-11-27 21:55 . 2006-03-29 08:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-11-27 12:20 . 2009-09-11 05:48 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\HpUpdate
      2009-11-17 09:32 . 2009-06-24 14:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
      2009-11-17 09:32 . 2009-06-24 13:56 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
      2009-11-17 09:31 . 2009-06-24 13:56 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
      2009-11-05 21:55 . 2008-03-27 20:54 -------- d-----w- c:\program files\Windows Live
      2009-11-04 12:00 . 2009-01-22 10:59 -------- d-----w- c:\program files\Microsoft ActiveSync
      2009-11-04 10:08 . 2005-01-03 01:14 -------- d-----w- c:\program files\Java
      2009-10-22 11:47 . 2005-01-02 15:56 -------- d-----w- c:\program files\Common Files\Adobe
      2009-10-22 09:24 . 2009-10-22 09:24 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\XRE
      2009-10-17 14:28 . 2009-10-17 14:28 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
      2009-10-11 03:17 . 2009-04-16 20:53 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
      2009-09-26 17:57 . 2009-09-26 17:57 25768 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
      2009-09-23 12:55 . 2009-06-24 13:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
      2009-09-21 13:57 . 2009-09-21 13:57 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
      2009-09-21 13:57 . 2009-09-21 13:57 68640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
      2009-09-21 13:57 . 2009-09-21 13:57 303976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
      2009-09-21 13:56 . 2009-06-24 13:55 640760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
      2009-09-11 14:18 . 2004-08-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
      2009-09-04 21:03 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
      2006-07-14 08:08 . 2006-07-11 08:07 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
      2006-05-07 16:39 . 2006-05-07 16:42 774144 ----a-w- c:\program files\RngInterstitial.dll
      2007-09-09 08:21 . 2007-08-01 14:02 24 --sh--w- c:\windows\SD6654892.tmp
      2006-03-05 17:40 . 2006-03-05 09:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
      "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-10-19 3087296]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
      "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
      "i-Handbook"="c:\program files\Schlumberger\i-Handbook\i-Handbook.exe" [2009-06-06 9688064]
      "Google Update"="c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-14 133104]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe runtime" [X]
      "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
      "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
      "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-05-04 278528]
      "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
      "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
      "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
      "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-16 868352]
      "RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-02 98304]
      "PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-03-14 795936]
      "PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-03-14 58656]
      "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
      "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
      "Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
      "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
      "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
      "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-20 788880]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920]
      "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]
      "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
      "ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-08 106496]
      "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]

      c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
      Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-13 229376]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bandeja del sistema de ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-10 61440]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
      NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-2-27 241664]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
      2008-03-18 15:58 58672 ----a-w- c:\windows\system32\avldr.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
      @="Service"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Documents and Settings\\HP_Administrator.YOUR-55E5F9E3D2\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
      "c:\\Documents and Settings\\HP_Administrator.YOUR-55E5F9E3D2\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [30/06/2004 5:25 7680]
      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/06/2009 14:56 64288]
      R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [28/11/2009 19:42 28552]
      R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [28/11/2009 19:41 41144]
      R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
      R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [28/11/2009 19:41 179640]
      R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [14/03/2008 2:26 144672]
      R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [28/11/2009 19:43 28928]
      R2 QuestService Service;QuestService Service;c:\documents and settings\All Users\Application Data\QuestService\questservice127.exe [27/11/2009 21:01 58744]
      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2005 2:35 2777472]
      R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
      R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
      R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
      R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [03/01/2005 2:35 449920]
      S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [21/04/2009 17:37 16952]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      panda REG_MULTI_SZ Gwmsrv
      .
      Contents of the 'Scheduled Tasks' folder

      2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:32]

      2009-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2009-11-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 16:04]

      2009-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2256442933-2831743934-756968444-1007Core.job
      - c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-14 10:45]

      2009-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2256442933-2831743934-756968444-1007UA.job
      - c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-14 10:45]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      IE: Abrir con Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_spa.dll /100
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Anexar al archivo PDF existente - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
      IE: Anexar el contenido de los vínculos seleccionados al archivo PDF existente - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
      IE: Anexar el contenido del vínculo al archivo PDF existente - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
      IE: Crear archivo PDF - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
      IE: Crear archivo PDF del contenido del vínculo - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
      IE: Crear archivos PDF de los vínculos seleccionados - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
      DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www5.aeat.es/es13/h/cactivex.cab
      .
      - - - - ORPHANS REMOVED - - - -

      HKLM-Run-Install5G - n:\livebox (e)\Install.exe
      HKLM-Run-PCDrProfiler - (no file)
      AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
      AddRemove-PS2 - c:\windows\system32\ps2.exe uninstall
      AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-30 21:57
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(836)
      c:\windows\SYSTEM32\Ati2evxx.dll
      c:\windows\SYSTEM32\avldr.dll
      .
      Completion time: 2009-11-30 22:01
      ComboFix-quarantined-files.txt 2009-11-30 21:01

      Pre-Run: 122.518.528.000 bytes free
      Post-Run: 123.392.040.960 bytes free

      - - End Of File - - B11A339BA225DDA28516BF2552A6BE90


      Gracias de nuevo por tu ayuda!! un saludo
      Ana
      Reply With Quote Registrate para responder
    4. 30/11/09, 17:32:53 #4
      Leosolari
      Leosolari está online ahora.
      Moderador Gral.
       Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.853
      Facebook Google+ Twitter

      Re: se abren ventanas emergentes de publicidad

      Hola de nuevo

      Desinstala CF de esta manera:

      • Ve a Inicio > Ejecutar
      • Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:
        o
      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")


      Esto realizara las siguientes tareas:


      • Se borraran:
        • ComboFix: sus archivos y carpetas.
        • VundoFix: copias de seguridad (si está presente)
        • La carpeta C:\Deckard (si está presente)
        • La carpeta C: _OtMoveIt (si está presente)
      • Restablece la configuración del reloj.
      • Ocultar extensiones de archivo (si es necesario.)
      • Oculta los archivos que estaban ocultos
      • Reactiva el "Restaurar Sistema"




      Nos comentas como va el ordenador ahora.

      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
      Reply With Quote Registrate para responder
    5. 30/11/09, 17:51:00 #5
      Anajj
      Anajj está offline
      Usuario Avatar de Anajj
      Registrado
      nov 2009
      Ubicación
      Valencia
      Mensajes
      11

      Re: se abren ventanas emergentes de publicidad

      Hola,

      te escribo desde otro pc. He escrito lo que me has dicho pero no está desinstalando el ComboFix sino haciendo de nuevo un scan. Es correcto así? qué hago cuando termine el scan, guardo el log y te lo pego en un mensaje?

      perdona tanta pregunta,
      Ana
      Reply With Quote Registrate para responder
    6. 30/11/09, 19:31:57 #6
      Leosolari
      Leosolari está online ahora.
      Moderador Gral.
       Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.853
      Facebook Google+ Twitter

      Re: se abren ventanas emergentes de publicidad

      Hola de nuevo.....

      Ocurre que hay un problema temporal con la desinstalación de comboFix

      º Descarga OTM by OldTimer en el escritorio.

      º Hace doble clic sobre OTM.exe para ejecutarlo.

      Estando CONECTADA LA PC A INTERNET Ejecuta OTM

      o Presiona el botón CleanUp
      o Confirma el inicio del proceso de limpieza pulsando en "Yes".
      o Aparecerá un listado de las herramientas usadas durante la desinfección.
      o OTMoveIt3 pedira que reinicie el sistema, confirmalo pulsando en "Yes".

      Nos comentas como sigue ahora

      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
      Reply With Quote Registrate para responder
    7. 01/12/09, 04:03:58 #7
      Anajj
      Anajj está offline
      Usuario Avatar de Anajj
      Registrado
      nov 2009
      Ubicación
      Valencia
      Mensajes
      11

      Re: se abren ventanas emergentes de publicidad

      hola,

      he desinstalado el Combo, pero al navegar al cabo de unos cinco minutos se me ha cerrado el explorer repentinamente, como hacía desde que se me infectó.


      También sigo observando lo del título de la barra superior en azul, que a veces no se lee bien, es como si tuviera un resto de otras letras al comienzo del título e incluso la esquiza superior izquierda en alguna ventana está en azul más claro-gris, en lugar del azul intenso....

      muchas gracias por adelantado
      Ana
      Reply With Quote Registrate para responder
    8. 01/12/09, 06:20:29 #8
      Leosolari
      Leosolari está online ahora.
      Moderador Gral.
       Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.853
      Facebook Google+ Twitter

      Re: se abren ventanas emergentes de publicidad

      Hola de nuevo....

      Descargà e instalà Explorer 8. reinicias el ordenador y nos contás como funciona.

      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
      Reply With Quote Registrate para responder
    9. 01/12/09, 18:04:49 #9
      Anajj
      Anajj está offline
      Usuario Avatar de Anajj
      Registrado
      nov 2009
      Ubicación
      Valencia
      Mensajes
      11

      Re: se abren ventanas emergentes de publicidad

      Hola Leosolari,

      el ordenador ya no tiene el problema de las ventanas emergentes, pero cuando estoy un rato navegando se cierra sólo el explorer. He actualizado a IE8

      muchas gracias,
      Ana
      Reply With Quote Registrate para responder
    10. 04/12/09, 17:39:47 #10
      Anajj
      Anajj está offline
      Usuario Avatar de Anajj
      Registrado
      nov 2009
      Ubicación
      Valencia
      Mensajes
      11

      Re: se abren ventanas emergentes de publicidad-muchas gracias, solucionado

      Después de unos días con el explorer 8 pudo actualizarse y ahora tan sólo de vez en cuando se apaga el explorer, pero es ya muy ocasional. Las ventanas de publicidad dejaron también de aparecer totalmente.

      Quería darte las gracias por tu ayuda y toda tu dedicación en este foro a los que somos más inexpertos

      saludos
      Ana
      Reply With Quote Registrate para responder
    « Tema Anterior | Próximo Tema »