• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 14

    Ayuda con spyware (Solucionado)

    Resumen del tema: Ayuda con spyware (Solucionado) - Hola, llevo unos días con problemas con el pc. Por ejemplo me está pasando que en los resultados de Google en ocasiones me redirige a otras páginas distintas a las que debería llevarme. También me ...

      
    1. #1
      Usuario Avatar de bulldog82
      Registrado
      sep 2009
      Ubicación
      spain
      Mensajes
      22

      Pregunta Ayuda con spyware (Solucionado)

      Hola,

      llevo unos días con problemas con el pc. Por ejemplo me está pasando que en los resultados de Google en ocasiones me redirige a otras páginas distintas a las que debería llevarme.

      También me dejo de funcionar Chrome y ahora lo he desintalado.

      He pasado varias veces el Malwarebytes pero no consigo eliminar todos los problemas.

      Un saludo y gracias por anticipado

    2. #2
      Ex-Colaborador Avatar de Rollinguit
      Registrado
      sep 2009
      Ubicación
      Argentina
      Mensajes
      6.229

      Re: Ayuda con spyware

      Hola bulldog82.




      Realiza lo siguiente:
      Si utilizas Spybot Search & Destroy desactivas el Tea Timer

      1.-
      Descarga, instala y/o actualiza (fundamental):


      2.-
      Ejecuta:

      Ccleaner, usando sus opciones:
      • Limpiador: para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos;
      • Registro: para limpiar todo el Registro de Windows haciendo Copia de Seguridad.
      Malwarebytes' Anti-Malware
      • Realizar un "Análisis Completo".
      • Una vez finalizado, pulsa sobre " Mostrar los Resultados " y " Eliminar Seleccionadas ". Si te pide reiniciar, lo haces.


      3.-
      Ejecuta TDSSKiller como detalla su manual. Al finalizar pegas el reporte en tu próxima respuesta.


      En tu próxima respuesta pega los reportes:
      Malwarebytes (pestaña "Registros")
      TDSSKiller
      Comentanos como te fue y como funciona el sistema ...

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de bulldog82
      Registrado
      sep 2009
      Ubicación
      spain
      Mensajes
      22

      Re: Ayuda con spyware

      Hola,

      he seguido los pasos pero parece que sigue en algunas búsquedas en Google me sigue redirijiendo a otras páginas.

      Pego el log de TDSSKiller:

      Código:
      2011/04/02 12:09:44.0703 3688	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
      2011/04/02 12:09:45.0171 3688	================================================================================
      2011/04/02 12:09:45.0171 3688	SystemInfo:
      2011/04/02 12:09:45.0171 3688	
      2011/04/02 12:09:45.0171 3688	OS Version: 5.1.2600 ServicePack: 3.0
      2011/04/02 12:09:45.0171 3688	Product type: Workstation
      2011/04/02 12:09:45.0171 3688	ComputerName: JON
      2011/04/02 12:09:45.0171 3688	UserName: jonp
      2011/04/02 12:09:45.0171 3688	Windows directory: C:\WINDOWS
      2011/04/02 12:09:45.0171 3688	System windows directory: C:\WINDOWS
      2011/04/02 12:09:45.0171 3688	Processor architecture: Intel x86
      2011/04/02 12:09:45.0171 3688	Number of processors: 1
      2011/04/02 12:09:45.0171 3688	Page size: 0x1000
      2011/04/02 12:09:45.0171 3688	Boot type: Normal boot
      2011/04/02 12:09:45.0171 3688	================================================================================
      2011/04/02 12:09:45.0421 3688	Initialize success
      2011/04/02 12:09:49.0156 2000	================================================================================
      2011/04/02 12:09:49.0156 2000	Scan started
      2011/04/02 12:09:49.0156 2000	Mode: Manual; 
      2011/04/02 12:09:49.0156 2000	================================================================================
      2011/04/02 12:09:50.0203 2000	ACPI            (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2011/04/02 12:09:50.0312 2000	ACPIEC          (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
      2011/04/02 12:09:50.0578 2000	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      2011/04/02 12:09:50.0671 2000	AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
      2011/04/02 12:09:50.0718 2000	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
      2011/04/02 12:09:50.0921 2000	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2011/04/02 12:09:50.0953 2000	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2011/04/02 12:09:51.0156 2000	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2011/04/02 12:09:51.0218 2000	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2011/04/02 12:09:51.0234 2000	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2011/04/02 12:09:51.0312 2000	BoiHwsetup      (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
      2011/04/02 12:09:51.0343 2000	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2011/04/02 12:09:51.0390 2000	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
      2011/04/02 12:09:51.0484 2000	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2011/04/02 12:09:51.0515 2000	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      2011/04/02 12:09:51.0687 2000	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2011/04/02 12:09:51.0734 2000	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
      2011/04/02 12:09:51.0796 2000	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
      2011/04/02 12:09:51.0890 2000	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      2011/04/02 12:09:51.0953 2000	DLABOIOM        (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
      2011/04/02 12:09:51.0968 2000	DLACDBHM        (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
      2011/04/02 12:09:51.0984 2000	DLADResN        (4bc6fb5d5159813adfbe584564f378c3) C:\WINDOWS\system32\DLA\DLADResN.SYS
      2011/04/02 12:09:52.0015 2000	DLAIFS_M        (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
      2011/04/02 12:09:52.0046 2000	DLAOPIOM        (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
      2011/04/02 12:09:52.0093 2000	DLAPoolM        (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
      2011/04/02 12:09:52.0125 2000	DLARTL_N        (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
      2011/04/02 12:09:52.0171 2000	DLAUDFAM        (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
      2011/04/02 12:09:52.0234 2000	DLAUDF_M        (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
      2011/04/02 12:09:52.0343 2000	dmboot          (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
      2011/04/02 12:09:52.0515 2000	dmio            (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
      2011/04/02 12:09:52.0593 2000	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2011/04/02 12:09:52.0625 2000	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      2011/04/02 12:09:52.0671 2000	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      2011/04/02 12:09:52.0734 2000	DRVMCDB         (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
      2011/04/02 12:09:52.0765 2000	DRVNDDM         (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
      2011/04/02 12:09:52.0890 2000	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      2011/04/02 12:09:52.0921 2000	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
      2011/04/02 12:09:53.0078 2000	Fips            (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
      2011/04/02 12:09:53.0140 2000	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
      2011/04/02 12:09:53.0187 2000	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
      2011/04/02 12:09:53.0265 2000	fssfltr         (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
      2011/04/02 12:09:53.0296 2000	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2011/04/02 12:09:53.0359 2000	Ftdisk          (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2011/04/02 12:09:53.0390 2000	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2011/04/02 12:09:53.0437 2000	HdAudAddService (a8bccb6ab8e43c39f4ef1bc4db8d6165) C:\WINDOWS\system32\drivers\CHDAud.sys
      2011/04/02 12:09:53.0468 2000	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
      2011/04/02 12:09:53.0609 2000	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      2011/04/02 12:09:53.0734 2000	HSFHWAZL        (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
      2011/04/02 12:09:53.0796 2000	HSF_DPV         (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
      2011/04/02 12:09:53.0937 2000	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      2011/04/02 12:09:54.0015 2000	i8042prt        (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2011/04/02 12:09:54.0078 2000	ialm            (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
      2011/04/02 12:09:54.0312 2000	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2011/04/02 12:09:54.0421 2000	intelppm        (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
      2011/04/02 12:09:54.0453 2000	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
      2011/04/02 12:09:54.0484 2000	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2011/04/02 12:09:54.0531 2000	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2011/04/02 12:09:54.0609 2000	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2011/04/02 12:09:54.0656 2000	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2011/04/02 12:09:54.0687 2000	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2011/04/02 12:09:54.0859 2000	isapnp          (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2011/04/02 12:09:54.0921 2000	Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
      2011/04/02 12:09:54.0953 2000	Kbdclass        (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2011/04/02 12:09:55.0000 2000	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      2011/04/02 12:09:55.0156 2000	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      2011/04/02 12:09:55.0296 2000	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
      2011/04/02 12:09:55.0328 2000	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2011/04/02 12:09:55.0375 2000	Modem           (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
      2011/04/02 12:09:55.0437 2000	Mouclass        (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2011/04/02 12:09:55.0500 2000	mouhid          (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
      2011/04/02 12:09:55.0609 2000	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      2011/04/02 12:09:55.0750 2000	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      2011/04/02 12:09:55.0859 2000	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2011/04/02 12:09:55.0921 2000	mrxyjrbn        (e1136fd877ef290b7e2f3ec1f2eb6a85) C:\WINDOWS\system32\drivers\mrxyjrbn.sys
      2011/04/02 12:09:55.0921 2000	Suspicious file (Forged): C:\WINDOWS\system32\drivers\mrxyjrbn.sys. Real md5: e1136fd877ef290b7e2f3ec1f2eb6a85, Fake md5: d5ad8fc4c1ab629fdd7a7333dfc4b761
      2011/04/02 12:09:55.0937 2000	mrxyjrbn - detected Forged file (1)
      2011/04/02 12:09:56.0046 2000	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      2011/04/02 12:09:56.0093 2000	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2011/04/02 12:09:56.0125 2000	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2011/04/02 12:09:56.0156 2000	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      2011/04/02 12:09:56.0218 2000	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2011/04/02 12:09:56.0296 2000	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
      2011/04/02 12:09:56.0328 2000	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
      2011/04/02 12:09:56.0390 2000	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
      2011/04/02 12:09:56.0484 2000	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      2011/04/02 12:09:56.0562 2000	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
      2011/04/02 12:09:56.0593 2000	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2011/04/02 12:09:56.0625 2000	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2011/04/02 12:09:56.0687 2000	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2011/04/02 12:09:56.0734 2000	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
      2011/04/02 12:09:56.0781 2000	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2011/04/02 12:09:56.0921 2000	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2011/04/02 12:09:57.0015 2000	Netdevio        (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
      2011/04/02 12:09:57.0109 2000	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      2011/04/02 12:09:57.0156 2000	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      2011/04/02 12:09:57.0359 2000	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2011/04/02 12:09:57.0406 2000	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2011/04/02 12:09:57.0468 2000	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2011/04/02 12:09:57.0500 2000	Parport         (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\drivers\Parport.sys
      2011/04/02 12:09:57.0531 2000	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      2011/04/02 12:09:57.0562 2000	ParVdm          (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
      2011/04/02 12:09:57.0609 2000	PCI             (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
      2011/04/02 12:09:57.0656 2000	PCIIde          (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
      2011/04/02 12:09:57.0671 2000	Pcmcia          (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
      2011/04/02 12:09:57.0828 2000	Pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
      2011/04/02 12:09:57.0875 2000	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2011/04/02 12:09:58.0000 2000	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      2011/04/02 12:09:58.0156 2000	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2011/04/02 12:09:58.0312 2000	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
      2011/04/02 12:09:58.0578 2000	QCDonner        (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
      2011/04/02 12:09:58.0656 2000	qkbfiltr        (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
      2011/04/02 12:09:59.0000 2000	qmofiltr        (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
      2011/04/02 12:09:59.0015 2000	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2011/04/02 12:09:59.0078 2000	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2011/04/02 12:09:59.0125 2000	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2011/04/02 12:09:59.0140 2000	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2011/04/02 12:09:59.0187 2000	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2011/04/02 12:09:59.0203 2000	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2011/04/02 12:09:59.0265 2000	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      2011/04/02 12:09:59.0390 2000	redbook         (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2011/04/02 12:09:59.0562 2000	RTL8023xp       (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
      2011/04/02 12:09:59.0609 2000	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
      2011/04/02 12:09:59.0671 2000	s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
      2011/04/02 12:09:59.0750 2000	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2011/04/02 12:09:59.0843 2000	Serial          (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys
      2011/04/02 12:10:00.0015 2000	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      2011/04/02 12:10:00.0078 2000	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
      2011/04/02 12:10:00.0125 2000	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      2011/04/02 12:10:00.0171 2000	sr              (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
      2011/04/02 12:10:00.0234 2000	Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
      2011/04/02 12:10:00.0281 2000	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
      2011/04/02 12:10:00.0359 2000	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2011/04/02 12:10:00.0406 2000	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      2011/04/02 12:10:00.0656 2000	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      2011/04/02 12:10:00.0718 2000	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2011/04/02 12:10:00.0750 2000	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2011/04/02 12:10:00.0781 2000	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      2011/04/02 12:10:00.0828 2000	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2011/04/02 12:10:00.0937 2000	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      2011/04/02 12:10:01.0031 2000	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      2011/04/02 12:10:01.0234 2000	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      2011/04/02 12:10:01.0265 2000	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      2011/04/02 12:10:01.0312 2000	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2011/04/02 12:10:01.0375 2000	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
      2011/04/02 12:10:01.0453 2000	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2011/04/02 12:10:01.0484 2000	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      2011/04/02 12:10:01.0515 2000	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      2011/04/02 12:10:01.0578 2000	VolSnap         (997d0f5beca254c9a77d1bc05b97e74c) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/04/02 12:10:01.0593 2000	VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
      2011/04/02 12:10:01.0703 2000	w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
      2011/04/02 12:10:01.0906 2000	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2011/04/02 12:10:02.0000 2000	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
      2011/04/02 12:10:02.0125 2000	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      2011/04/02 12:10:02.0203 2000	winachsf        (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
      2011/04/02 12:10:02.0437 2000	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
      2011/04/02 12:10:02.0500 2000	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
      2011/04/02 12:10:02.0546 2000	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
      2011/04/02 12:10:02.0593 2000	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
      2011/04/02 12:10:02.0687 2000	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2011/04/02 12:10:02.0718 2000	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2011/04/02 12:10:02.0781 2000	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
      2011/04/02 12:10:02.0781 2000	================================================================================
      2011/04/02 12:10:02.0781 2000	Scan finished
      2011/04/02 12:10:02.0781 2000	================================================================================
      2011/04/02 12:10:02.0796 1604	Detected object count: 3
      2011/04/02 12:10:31.0000 1604	Forged file(mrxyjrbn) - User select action: Skip 
      2011/04/02 12:10:31.0046 1604	VolSnap         (997d0f5beca254c9a77d1bc05b97e74c) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/04/02 12:10:39.0734 1604	Backup copy found, using it..
      2011/04/02 12:10:39.0765 1604	C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
      2011/04/02 12:10:39.0765 1604	Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure 
      2011/04/02 12:10:39.0843 1604	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
      2011/04/02 12:10:39.0843 1604	\HardDisk0 - ok
      2011/04/02 12:10:39.0843 1604	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
      2011/04/02 12:10:55.0984 4068	Deinitialize success

    4. #4
      Ex-Colaborador Avatar de Rollinguit
      Registrado
      sep 2009
      Ubicación
      Argentina
      Mensajes
      6.229

      Re: Ayuda con spyware

      Falta el reporte de Malwarebytes que te he solicitado en el post anterior.

      Además, vuelve a repetir el análisis con TDSSKiller y cuando te indique el siguiente servicio marcado en negrita:
      Forged file(mrxyjrbn) - User select action: Skip
      Selecciona la acción Cure o Delete. En el caso de no poder curarse (Cure) procede a eliminarlo (Delete).


      En tu próxima respuesta pega el reporte de Malwarebytes y TDSSKiller, comentando como funciona el Sistema.
      Última edición por Rollinguit fecha: 02/04/11 a las 08:48:53

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de bulldog82
      Registrado
      sep 2009
      Ubicación
      spain
      Mensajes
      22

      Re: Ayuda con spyware

      He hecho delete sobre mrxyjrbn.

      Tras navegar un poco, al principio parecía que se había solucionado, pero me ha vuelto a hacer redirecciones en los resultados de Google.

      También he vuelto a instalar Google Chrome (lo desinstalé el otro día) pero no llega a abrirse.

      Log de Malwarebytes:
      Código:
      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org
      
      Versión de la Base de Datos: 6245
      
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702
      
      02/04/2011 12:04:23
      mbam-log-2011-04-02 (12-04-23).txt
      
      Tipos de Análisis: Análisis Completo (C:\|)
      Objetos examinados: 257713
      Tiempo transcurrido: 52 minuto(s), 22 segundo(s)
      
      Procesos en Memoria Infectados: 0
      Módulos de Memoria Infectados: 0
      Claves del Registro Infectadas: 0
      Valores del Registro Infectados: 0
      Elementos de Datos del Registro Infectados: 0
      Carpetas Infectadas: 0
      Archivos Infectados: 1
      
      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)
      
      Módulos de Memoria Infectados:
      (No se han detectado elementos maliciosos)
      
      Claves del Registro Infectadas:
      (No se han detectado elementos maliciosos)
      
      Valores del Registro Infectados:
      (No se han detectado elementos maliciosos)
      
      Elementos de Datos del Registro Infectados:
      (No se han detectado elementos maliciosos)
      
      Carpetas Infectadas:
      (No se han detectado elementos maliciosos)
      
      Archivos Infectados:
      c:\system volume information\_restore{a045e5b5-8a4f-4bef-a2f1-7c06cceb77d3}\RP37\A0011193.exe (Trojan.Agent) -> Quarantined and deleted successfully.

      Log de TDSSKiller:
      Código:
      2011/04/02 17:47:03.0328 3716	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
      2011/04/02 17:47:03.0843 3716	================================================================================
      2011/04/02 17:47:03.0843 3716	SystemInfo:
      2011/04/02 17:47:03.0843 3716	
      2011/04/02 17:47:03.0843 3716	OS Version: 5.1.2600 ServicePack: 3.0
      2011/04/02 17:47:03.0843 3716	Product type: Workstation
      2011/04/02 17:47:03.0843 3716	ComputerName: JON
      2011/04/02 17:47:03.0843 3716	UserName: jonp
      2011/04/02 17:47:03.0843 3716	Windows directory: C:\WINDOWS
      2011/04/02 17:47:03.0843 3716	System windows directory: C:\WINDOWS
      2011/04/02 17:47:03.0843 3716	Processor architecture: Intel x86
      2011/04/02 17:47:03.0843 3716	Number of processors: 1
      2011/04/02 17:47:03.0843 3716	Page size: 0x1000
      2011/04/02 17:47:03.0843 3716	Boot type: Normal boot
      2011/04/02 17:47:03.0843 3716	================================================================================
      2011/04/02 17:47:04.0343 3716	Initialize success
      2011/04/02 17:47:06.0781 3748	================================================================================
      2011/04/02 17:47:06.0781 3748	Scan started
      2011/04/02 17:47:06.0781 3748	Mode: Manual; 
      2011/04/02 17:47:06.0781 3748	================================================================================
      2011/04/02 17:47:08.0000 3748	ACPI            (cf2a07e1751a2d612d7e13aa431ab057) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2011/04/02 17:47:08.0062 3748	ACPIEC          (1c905333c0b9f3d7c68ddf25e54b00f9) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
      2011/04/02 17:47:08.0125 3748	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      2011/04/02 17:47:08.0187 3748	AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
      2011/04/02 17:47:08.0234 3748	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
      2011/04/02 17:47:08.0640 3748	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2011/04/02 17:47:08.0671 3748	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2011/04/02 17:47:08.0718 3748	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2011/04/02 17:47:08.0734 3748	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2011/04/02 17:47:08.0765 3748	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2011/04/02 17:47:08.0796 3748	BoiHwsetup      (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
      2011/04/02 17:47:08.0828 3748	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2011/04/02 17:47:09.0031 3748	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
      2011/04/02 17:47:09.0328 3748	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2011/04/02 17:47:09.0515 3748	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      2011/04/02 17:47:09.0546 3748	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2011/04/02 17:47:09.0609 3748	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
      2011/04/02 17:47:09.0656 3748	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
      2011/04/02 17:47:09.0796 3748	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      2011/04/02 17:47:09.0843 3748	DLABOIOM        (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
      2011/04/02 17:47:09.0906 3748	DLACDBHM        (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
      2011/04/02 17:47:10.0000 3748	DLADResN        (4bc6fb5d5159813adfbe584564f378c3) C:\WINDOWS\system32\DLA\DLADResN.SYS
      2011/04/02 17:47:10.0046 3748	DLAIFS_M        (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
      2011/04/02 17:47:10.0093 3748	DLAOPIOM        (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
      2011/04/02 17:47:10.0140 3748	DLAPoolM        (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
      2011/04/02 17:47:10.0296 3748	DLARTL_N        (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
      2011/04/02 17:47:10.0359 3748	DLAUDFAM        (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
      2011/04/02 17:47:10.0390 3748	DLAUDF_M        (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
      2011/04/02 17:47:10.0468 3748	dmboot          (c252a99c0a78b39faa2e2d1d048b1050) C:\WINDOWS\system32\drivers\dmboot.sys
      2011/04/02 17:47:10.0546 3748	dmio            (33b4d4039cd2cb25351a7bf13b2988d9) C:\WINDOWS\system32\drivers\dmio.sys
      2011/04/02 17:47:10.0562 3748	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2011/04/02 17:47:10.0625 3748	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      2011/04/02 17:47:10.0796 3748	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      2011/04/02 17:47:10.0859 3748	DRVMCDB         (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
      2011/04/02 17:47:10.0875 3748	DRVNDDM         (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
      2011/04/02 17:47:11.0015 3748	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      2011/04/02 17:47:11.0062 3748	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
      2011/04/02 17:47:11.0093 3748	Fips            (e5e61f2c07344e91dbfb7eafde549ab4) C:\WINDOWS\system32\drivers\Fips.sys
      2011/04/02 17:47:11.0250 3748	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
      2011/04/02 17:47:11.0281 3748	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
      2011/04/02 17:47:11.0375 3748	fssfltr         (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
      2011/04/02 17:47:11.0453 3748	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2011/04/02 17:47:11.0484 3748	Ftdisk          (cc5f3af5711a1c7c8fa1d43bb16b401a) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2011/04/02 17:47:11.0515 3748	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2011/04/02 17:47:11.0593 3748	HdAudAddService (a8bccb6ab8e43c39f4ef1bc4db8d6165) C:\WINDOWS\system32\drivers\CHDAud.sys
      2011/04/02 17:47:11.0640 3748	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
      2011/04/02 17:47:11.0703 3748	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      2011/04/02 17:47:11.0875 3748	HSFHWAZL        (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
      2011/04/02 17:47:11.0937 3748	HSF_DPV         (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
      2011/04/02 17:47:12.0078 3748	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      2011/04/02 17:47:12.0156 3748	i8042prt        (4a2490a66e8271901e89dd5fb79748ae) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2011/04/02 17:47:12.0265 3748	ialm            (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
      2011/04/02 17:47:12.0468 3748	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2011/04/02 17:47:12.0562 3748	intelppm        (49a060498c09db18c3ea9939789005ab) C:\WINDOWS\system32\DRIVERS\intelppm.sys
      2011/04/02 17:47:12.0593 3748	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
      2011/04/02 17:47:12.0625 3748	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2011/04/02 17:47:12.0656 3748	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2011/04/02 17:47:12.0703 3748	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2011/04/02 17:47:12.0765 3748	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2011/04/02 17:47:12.0796 3748	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2011/04/02 17:47:12.0953 3748	isapnp          (0f3d281b0410fe5d482aada37d20524b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2011/04/02 17:47:13.0031 3748	Iviaspi         (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
      2011/04/02 17:47:13.0046 3748	Kbdclass        (188ddd286bc0daea6984858c6a4d7bbf) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2011/04/02 17:47:13.0078 3748	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      2011/04/02 17:47:13.0140 3748	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      2011/04/02 17:47:13.0234 3748	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
      2011/04/02 17:47:13.0265 3748	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2011/04/02 17:47:13.0312 3748	Modem           (9024556e739b8469d2b8f5f0e4c9bc9f) C:\WINDOWS\system32\drivers\Modem.sys
      2011/04/02 17:47:13.0328 3748	Mouclass        (6fd36b4994a2363659a65c9f970cfdb7) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2011/04/02 17:47:13.0390 3748	mouhid          (8ee532e516b2d23d686cfc1cc0a15c25) C:\WINDOWS\system32\DRIVERS\mouhid.sys
      2011/04/02 17:47:13.0578 3748	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      2011/04/02 17:47:13.0609 3748	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      2011/04/02 17:47:13.0687 3748	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2011/04/02 17:47:13.0750 3748	mrxyjrbn        (e1136fd877ef290b7e2f3ec1f2eb6a85) C:\WINDOWS\system32\drivers\mrxyjrbn.sys
      2011/04/02 17:47:13.0750 3748	Suspicious file (Forged): C:\WINDOWS\system32\drivers\mrxyjrbn.sys. Real md5: e1136fd877ef290b7e2f3ec1f2eb6a85, Fake md5: d5ad8fc4c1ab629fdd7a7333dfc4b761
      2011/04/02 17:47:13.0765 3748	mrxyjrbn - detected Forged file (1)
      2011/04/02 17:47:13.0828 3748	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      2011/04/02 17:47:13.0875 3748	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2011/04/02 17:47:13.0890 3748	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2011/04/02 17:47:13.0937 3748	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      2011/04/02 17:47:14.0000 3748	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2011/04/02 17:47:14.0140 3748	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
      2011/04/02 17:47:14.0187 3748	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
      2011/04/02 17:47:14.0218 3748	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
      2011/04/02 17:47:14.0250 3748	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      2011/04/02 17:47:14.0296 3748	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
      2011/04/02 17:47:14.0328 3748	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2011/04/02 17:47:14.0343 3748	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2011/04/02 17:47:14.0437 3748	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2011/04/02 17:47:14.0562 3748	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
      2011/04/02 17:47:14.0609 3748	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2011/04/02 17:47:14.0656 3748	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2011/04/02 17:47:14.0765 3748	Netdevio        (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
      2011/04/02 17:47:14.0843 3748	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      2011/04/02 17:47:15.0031 3748	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      2011/04/02 17:47:15.0093 3748	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2011/04/02 17:47:15.0125 3748	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2011/04/02 17:47:15.0140 3748	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2011/04/02 17:47:15.0187 3748	Parport         (e7855cbd8bd1fda085a3f92cff7906e2) C:\WINDOWS\system32\drivers\Parport.sys
      2011/04/02 17:47:15.0218 3748	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      2011/04/02 17:47:15.0281 3748	ParVdm          (fad44d704ecd7d39ad01415b8bb34204) C:\WINDOWS\system32\drivers\ParVdm.sys
      2011/04/02 17:47:15.0312 3748	PCI             (f11bc84ae6c7b003b5e0c8eeb4a1f444) C:\WINDOWS\system32\DRIVERS\pci.sys
      2011/04/02 17:47:15.0406 3748	PCIIde          (33d63f0a9021acb4d75d83b646b93a30) C:\WINDOWS\system32\DRIVERS\pciide.sys
      2011/04/02 17:47:15.0515 3748	Pcmcia          (f50c27cca56dc97b3a45e7f0059bd2ba) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
      2011/04/02 17:47:15.0656 3748	Pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
      2011/04/02 17:47:15.0703 3748	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2011/04/02 17:47:15.0734 3748	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      2011/04/02 17:47:15.0765 3748	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2011/04/02 17:47:15.0796 3748	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
      2011/04/02 17:47:15.0843 3748	QCDonner        (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
      2011/04/02 17:47:15.0890 3748	qkbfiltr        (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
      2011/04/02 17:47:16.0265 3748	qmofiltr        (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
      2011/04/02 17:47:16.0281 3748	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2011/04/02 17:47:16.0328 3748	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2011/04/02 17:47:16.0359 3748	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2011/04/02 17:47:16.0390 3748	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2011/04/02 17:47:16.0437 3748	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2011/04/02 17:47:16.0484 3748	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2011/04/02 17:47:16.0531 3748	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      2011/04/02 17:47:16.0625 3748	redbook         (20950948970a0ea329b4254052bcf093) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2011/04/02 17:47:16.0828 3748	RTL8023xp       (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
      2011/04/02 17:47:16.0859 3748	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
      2011/04/02 17:47:16.0921 3748	s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
      2011/04/02 17:47:17.0000 3748	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2011/04/02 17:47:17.0078 3748	Serial          (f41b42b92ae9c1191858c3f80cc24a9c) C:\WINDOWS\system32\drivers\Serial.sys
      2011/04/02 17:47:17.0109 3748	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      2011/04/02 17:47:17.0187 3748	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
      2011/04/02 17:47:17.0281 3748	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      2011/04/02 17:47:17.0328 3748	sr              (ccb3065c3ee63a4515fe84af9e78d1dd) C:\WINDOWS\system32\DRIVERS\sr.sys
      2011/04/02 17:47:17.0468 3748	Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
      2011/04/02 17:47:17.0515 3748	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
      2011/04/02 17:47:17.0546 3748	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2011/04/02 17:47:17.0593 3748	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      2011/04/02 17:47:17.0718 3748	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      2011/04/02 17:47:17.0796 3748	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2011/04/02 17:47:17.0890 3748	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2011/04/02 17:47:18.0015 3748	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      2011/04/02 17:47:18.0046 3748	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2011/04/02 17:47:18.0140 3748	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      2011/04/02 17:47:18.0218 3748	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      2011/04/02 17:47:18.0296 3748	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      2011/04/02 17:47:18.0359 3748	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      2011/04/02 17:47:18.0453 3748	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2011/04/02 17:47:18.0578 3748	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
      2011/04/02 17:47:18.0609 3748	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2011/04/02 17:47:18.0640 3748	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      2011/04/02 17:47:18.0671 3748	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      2011/04/02 17:47:18.0718 3748	VolSnap         (c41ffdc191e6c832e2e53c967eae0a16) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/04/02 17:47:18.0843 3748	w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
      2011/04/02 17:47:19.0031 3748	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2011/04/02 17:47:19.0218 3748	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
      2011/04/02 17:47:19.0406 3748	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      2011/04/02 17:47:19.0578 3748	winachsf        (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
      2011/04/02 17:47:19.0703 3748	WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
      2011/04/02 17:47:19.0843 3748	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
      2011/04/02 17:47:19.0890 3748	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
      2011/04/02 17:47:20.0031 3748	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
      2011/04/02 17:47:20.0093 3748	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2011/04/02 17:47:20.0125 3748	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2011/04/02 17:47:20.0375 3748	================================================================================
      2011/04/02 17:47:20.0375 3748	Scan finished
      2011/04/02 17:47:20.0375 3748	================================================================================
      2011/04/02 17:47:20.0390 3736	Detected object count: 1
      2011/04/02 17:47:59.0500 3736	HKLM\SYSTEM\ControlSet001\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0515 3736	HKLM\SYSTEM\ControlSet002\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0515 3736	HKLM\SYSTEM\ControlSet003\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0515 3736	HKLM\SYSTEM\ControlSet004\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0531 3736	HKLM\SYSTEM\ControlSet005\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0531 3736	HKLM\SYSTEM\ControlSet006\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0531 3736	HKLM\SYSTEM\ControlSet007\services\mrxyjrbn - will be deleted after reboot
      2011/04/02 17:47:59.0546 3736	C:\WINDOWS\system32\drivers\mrxyjrbn.sys - will be deleted after reboot
      2011/04/02 17:47:59.0546 3736	Forged file(mrxyjrbn) - User select action: Delete 
      2011/04/02 17:48:06.0468 3648	Deinitialize success
      Muchas gracias por la ayuda que me estás prestando. Un saludo

    6. #6
      Ex-Colaborador Avatar de Rollinguit
      Registrado
      sep 2009
      Ubicación
      Argentina
      Mensajes
      6.229

      Re: Ayuda con spyware

      Realiza lo siguiente:

      1.-


      2.-


      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Si te pide actualizar "Aceptas".
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones. Importante instalar Recovery Console.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje. Comentando como esta funcionado tu sistema.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de bulldog82
      Registrado
      sep 2009
      Ubicación
      spain
      Mensajes
      22

      Re: Ayuda con spyware

      Parece que ya no hace cosas raras el PC. Y ha vuelto a funcionar Google Chrome.

      ¿Una última pregunta, qué antivirus y/o anti-spyware me recomiendas tener instalado?

      Pego el log de Combofix:


      ComboFix 11-04-02.01 - jonp 02/04/2011 20:36:56.2.1 - x86
      Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1014.685 [GMT 2:00]
      Running from: c:\documents and settings\jonp\Mis documentos\Descargas\ComboFix.exe
      FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\jonp\Datos de programa\Apybyt
      c:\documents and settings\jonp\Datos de programa\Apybyt\ifudu.hiv
      c:\windows\system32\drivers\lrjevlcp.sys
      c:\windows\system32\ejznwrcx.dll
      c:\windows\system32\pst.dat
      c:\windows\system32\tmp.tmp . . . . Failed to delete
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_CDNWPWRF
      -------\Service_cdnwpwrf
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
      .
      .
      2011-04-02 18:41 . 2011-04-02 18:41 0 ----a-w- c:\windows\system32\tmp.tmp
      2011-04-02 09:09 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-04-02 09:09 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-04-02 09:09 . 2011-04-02 09:09 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
      2011-03-29 12:15 . 2011-03-29 12:15 60416 ---ha-w- c:\windows\system32\netider.dll
      2011-03-29 12:14 . 2011-03-29 20:13 -------- d-----w- c:\documents and settings\All Users\Datos de programa\iGmDfJiFjGe21500
      2011-03-26 14:30 . 2011-03-26 14:30 -------- d-----w- c:\documents and settings\jonp\sextante
      2011-03-26 14:12 . 2011-03-29 20:24 -------- d-----w- c:\documents and settings\jonp\gvSIG
      2011-03-26 14:12 . 2011-03-29 20:26 -------- d-----w- c:\archivos de programa\gvSIG_1.10
      2011-03-26 13:23 . 2011-03-29 19:25 -------- d-----w- c:\documents and settings\jonp\Configuración local\Datos de programa\Conduit
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-04-02 10:11 . 2006-02-15 10:40 53248 ----a-w- c:\windows\system32\drivers\volsnap.sys
      2011-01-31 18:03 . 2011-01-31 18:03 47616 ----a-w- c:\windows\system32\matsvwbc.dll
      2011-01-31 17:27 . 2011-01-31 10:36 0 ----a-w- c:\windows\system32\drivers\zivhgewecakdh.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TOSCDSPD"="c:\archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
      "Google Update"="c:\documents and settings\jonp\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
      "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
      "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
      "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
      "Toshiba Hotkey Utility"="c:\archivos de programa\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
      "TPSMain"="TPSMain.exe" [2005-08-04 266240]
      "SmoothView"="c:\archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
      "PadTouch"="c:\archivos de programa\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077330]
      "IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
      "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
      "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
      "QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-05-26 413696]
      "googletalk"="c:\archivos de programa\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
      "SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\jonp\Men£ Inicio\Programas\Inicio\
      Iniciador r*pido de Microsoft Office OneNote 2003.lnk - c:\archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
      .
      c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
      Adobe Gamma Loader.exe.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 110592]
      Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 110592]
      Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, matsvwbc.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Archivos de programa\\Grisoft\\AVG7\\avgamsvr.exe"=
      "c:\\Archivos de programa\\Grisoft\\AVG7\\avgemc.exe"=
      "c:\\Archivos de programa\\Spotify\\spotify.exe"=
      "c:\\Archivos de programa\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
      "c:\\Archivos de programa\\Intel\\Wireless\\Bin\\EvtEng.exe"=
      "c:\\Documents and Settings\\jonp\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
      "c:\\Documents and Settings\\jonp\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
      "c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
      "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
      "c:\\Documents and Settings\\jonp\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
      "c:\\Archivos de programa\\Google\\Google Talk\\googletalk.exe"=
      .
      S0 dupgfpg;dupgfpg;c:\windows\system32\drivers\tgfcarw.sys --> c:\windows\system32\drivers\tgfcarw.sys [?]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = about:blank
      TCP: {D3DB1D8A-9E2D-4F34-8BD8-7D440D8AEC00} = 62.151.2.8,62.151.8.100
      FF - ProfilePath - c:\documents and settings\jonp\Datos de programa\Mozilla\Firefox\Profiles\lvdq9du0.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - about:blank
      FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
      FF - Ext: Operator: {95C9A302-8557-4052-91B7-2BB6BA33C885} - %profile%\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
      FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
      FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
      FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
      FF - Ext: apcquality Community Toolbar: {129f6ae9-ffcd-4dea-933d-4c0a124ed1c1} - %profile%\extensions\{129f6ae9-ffcd-4dea-933d-4c0a124ed1c1}
      FF - Ext: Java Quick Starter: [email protected] - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF - user.js: network.cookie.cookieBehavior - 0
      FF - user.js: privacy.clearOnShutdown.cookies - false
      FF - user.js: security.warn_viewing_mixed - false
      FF - user.js: security.warn_viewing_mixed.show_once - false
      FF - user.js: security.warn_submit_insecure - false
      FF - user.js: security.warn_submit_insecure.show_once - false
      .
      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{E64804F7-D754-2B96-8920-F7A435164EF0} - c:\windows\system32\ejznwrcx.dll
      Toolbar-Locked - (no file)
      ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
      Notify-!SASWinLogon - c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
      SafeBoot-klmdb.sys
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-04-02 20:42
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
      @DACL=(02 0000)
      "Installed"="1"
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
      @DACL=(02 0000)
      "Installed"="1"
      "NoChange"="1"
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
      @DACL=(02 0000)
      "Installed"="1"
      @=""
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'explorer.exe'(3412)
      c:\windows\system32\WININET.dll
      c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      c:\windows\system32\TPwrCfg.DLL
      c:\windows\system32\TPwrReg.dll
      c:\windows\system32\TPSTrace.DLL
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
      c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
      c:\archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
      c:\archivos de programa\Java\jre6\bin\jqs.exe
      c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
      c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\windows\system32\igfxsrvc.exe
      c:\windows\system32\igfxext.exe
      c:\archiv~1\Intel\Wireless\Bin\Dot1XCfg.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\system32\TPSBattM.exe
      c:\windows\system32\wbem\wmiapsrv.exe
      .
      **************************************************************************
      .
      Completion time: 2011-04-02 20:47:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-04-02 18:47
      ComboFix2.txt 2009-09-05 16:14
      .
      Pre-Run: 16.869.011.456 bytes libres
      Post-Run: 16.882.528.256 bytes libres
      .
      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
      .
      - - End Of File - - 45C4B7A3C54B515171E1F5C2B21A16FC
      Última edición por Anoika fecha: 02/04/11 a las 17:49:26

    8. #8
      Ex-Colaborador Avatar de Rollinguit
      Registrado
      sep 2009
      Ubicación
      Argentina
      Mensajes
      6.229

      Re: Ayuda con spyware

      Haz ejecutado ComboFix desde una ubicación incorrecta, esto puede provocar problemas en el Sistema. Es necesario que hagas los pasos tal cual te solicito. Por lo cual continua con lo siguiente:

      Botón Derecho sobre el ejecutable de ComboFix en:
      c:\documents and settings\jonp\Mis documentos\Descargas\ComboFix.exe
      ...>>> eliminar>>> vaciás la papelera.


      Vuelves a descargarlo y a correrlo de la siguiente manera:



      - Descarga la herramienta ComboFix.exe y guárdala en el Escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje, comentando como funciona el Sistema.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de bulldog82
      Registrado
      sep 2009
      Ubicación
      spain
      Mensajes
      22

      Re: Ayuda con spyware

      Ok, ya corregí e hice como me dijiste.

      Pego el log:

      ComboFix 11-04-02.03 - jonp 03/04/2011 9:18.3.1 - x86
      Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1014.699 [GMT 2:00]
      Running from: c:\documents and settings\jonp\Escritorio\ComboFix.exe
      FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\windows\system32\tmp.tmp . . . . Failed to delete
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
      .
      .
      2011-04-03 07:23 . 2011-04-03 07:23 0 ----a-w- c:\windows\system32\tmp.tmp
      2011-04-02 09:09 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-04-02 09:09 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-04-02 09:09 . 2011-04-02 09:09 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
      2011-03-29 12:15 . 2011-03-29 12:15 60416 ---ha-w- c:\windows\system32\netider.dll
      2011-03-29 12:14 . 2011-03-29 20:13 -------- d-----w- c:\documents and settings\All Users\Datos de programa\iGmDfJiFjGe21500
      2011-03-26 14:30 . 2011-03-26 14:30 -------- d-----w- c:\documents and settings\jonp\sextante
      2011-03-26 14:12 . 2011-03-29 20:24 -------- d-----w- c:\documents and settings\jonp\gvSIG
      2011-03-26 14:12 . 2011-03-29 20:26 -------- d-----w- c:\archivos de programa\gvSIG_1.10
      2011-03-26 13:23 . 2011-03-29 19:25 -------- d-----w- c:\documents and settings\jonp\Configuración local\Datos de programa\Conduit
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-04-02 10:11 . 2006-02-15 10:40 53248 ----a-w- c:\windows\system32\drivers\volsnap.sys
      2011-01-31 18:03 . 2011-01-31 18:03 47616 ----a-w- c:\windows\system32\matsvwbc.dll
      2011-01-31 17:27 . 2011-01-31 10:36 0 ----a-w- c:\windows\system32\drivers\zivhgewecakdh.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2009-12-09 01:19 94208 ----a-w- c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TOSCDSPD"="c:\archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
      "Google Update"="c:\documents and settings\jonp\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
      "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
      "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
      "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
      "Toshiba Hotkey Utility"="c:\archivos de programa\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
      "TPSMain"="TPSMain.exe" [2005-08-04 266240]
      "SmoothView"="c:\archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
      "PadTouch"="c:\archivos de programa\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077330]
      "IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
      "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "IntelZeroConfig"="c:\archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
      "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
      "QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-05-26 413696]
      "googletalk"="c:\archivos de programa\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
      "SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\jonp\Men£ Inicio\Programas\Inicio\
      Iniciador r*pido de Microsoft Office OneNote 2003.lnk - c:\archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
      .
      c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
      Adobe Gamma Loader.exe.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 110592]
      Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-19 110592]
      Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, matsvwbc.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Archivos de programa\\Grisoft\\AVG7\\avgamsvr.exe"=
      "c:\\Archivos de programa\\Grisoft\\AVG7\\avgemc.exe"=
      "c:\\Archivos de programa\\Spotify\\spotify.exe"=
      "c:\\Archivos de programa\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
      "c:\\Archivos de programa\\Intel\\Wireless\\Bin\\EvtEng.exe"=
      "c:\\Documents and Settings\\jonp\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
      "c:\\Documents and Settings\\jonp\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
      "c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
      "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Documents and Settings\\jonp\\Datos de programa\\Dropbox\\bin\\Dropbox.exe"=
      "c:\\Archivos de programa\\Google\\Google Talk\\googletalk.exe"=
      "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
      .
      S0 dupgfpg;dupgfpg;c:\windows\system32\drivers\tgfcarw.sys --> c:\windows\system32\drivers\tgfcarw.sys [?]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = about:blank
      TCP: {D3DB1D8A-9E2D-4F34-8BD8-7D440D8AEC00} = 62.151.2.8,62.151.8.100
      FF - ProfilePath - c:\documents and settings\jonp\Datos de programa\Mozilla\Firefox\Profiles\lvdq9du0.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - about:blank
      FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
      FF - Ext: Operator: {95C9A302-8557-4052-91B7-2BB6BA33C885} - %profile%\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
      FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
      FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
      FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
      FF - Ext: apcquality Community Toolbar: {129f6ae9-ffcd-4dea-933d-4c0a124ed1c1} - %profile%\extensions\{129f6ae9-ffcd-4dea-933d-4c0a124ed1c1}
      FF - Ext: Java Quick Starter: [email protected] - c:\archivos de programa\Java\jre6\lib\deploy\jqs\ff
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF - user.js: network.cookie.cookieBehavior - 0
      FF - user.js: privacy.clearOnShutdown.cookies - false
      FF - user.js: security.warn_viewing_mixed - false
      FF - user.js: security.warn_viewing_mixed.show_once - false
      FF - user.js: security.warn_submit_insecure - false
      FF - user.js: security.warn_submit_insecure.show_once - false
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-04-03 09:24
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
      @DACL=(02 0000)
      "Installed"="1"
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
      @DACL=(02 0000)
      "Installed"="1"
      "NoChange"="1"
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
      @DACL=(02 0000)
      "Installed"="1"
      @=""
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'explorer.exe'(3284)
      c:\windows\system32\WININET.dll
      c:\documents and settings\jonp\Datos de programa\Dropbox\bin\DropboxExt.13.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      c:\windows\system32\TPwrCfg.DLL
      c:\windows\system32\TPwrReg.dll
      c:\windows\system32\TPSTrace.DLL
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
      c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
      c:\archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
      c:\archivos de programa\Java\jre6\bin\jqs.exe
      c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
      c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\windows\system32\igfxsrvc.exe
      c:\windows\system32\igfxext.exe
      c:\archiv~1\Intel\Wireless\Bin\Dot1XCfg.exe
      c:\windows\system32\TPSBattM.exe
      c:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2011-04-03 09:29:07 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-04-03 07:29
      ComboFix2.txt 2011-04-02 18:47
      ComboFix3.txt 2009-09-05 16:14
      .
      Pre-Run: 16.832.409.600 bytes libres
      Post-Run: 16.822.861.824 bytes libres
      .
      - - End Of File - - 032664A2C778AAF33D21E942BB80F674

    10. #10
      Ex-Colaborador Avatar de Rollinguit
      Registrado
      sep 2009
      Ubicación
      Argentina
      Mensajes
      6.229

      Re: Ayuda con spyware

      Realiza lo siguiente:

      A.-
      • Desinstala desde Panel de Control // Agregar o Quitar Programas, lo siguiente:

      Conduit

      B.-


      1.-Abrir el Notepad (Bloc de Notas)

      • Ir a INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR


      2.-Ahora copia y pega estos archivos dentro del Notepad

      Código:
      KillAll::
      
      File::
      c:\windows\system32\netider.dll
      c:\windows\system32\matsvwbc.dll
      c:\windows\system32\drivers\tgfcarw.sys
      c:\windows\system32\tmp.tmp
      c:\windows\system32\drivers\zivhgewecakdh.sys
      
      
      Folder:: 
      c:\documents and settings\All Users\Datos de programa\iGmDfJiFjGe21500
      c:\documents and settings\jonp\Configuración local\Datos de programa\Conduit
      
      Driver::
      dupgfpg
      
      Firefox:: 
      FF - ProfilePath - c:\documents and settings\jonp\Datos de programa\Mozilla\Firefox\Profiles\lvdq9du0.default\
      FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
      FF - Ext: apcquality Community Toolbar: {129f6ae9-ffcd-4dea-933d-4c0a124ed1c1} - %profile%\extensions\{129f6ae9-ffcd-4dea-933d-4c0a124ed1c1}
      3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

      4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.


      • Reinicia tu PC y nos dejas el nuevo reporte de ComboFix, comentándonos ¿Cómo esta funcionado todo actualmente?


      Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo