• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    Se abre el explorer solo con publicidad

    Resumen del tema: Se abre el explorer solo con publicidad - Hola a todos, Es la primera vez que pido ayuda en un foro asique espero hacerlo bien Creo que se me ha infectado el ordenador con algun spyware que no soy capaz de eliminar. e ...

      
    1. #1
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Se abre el explorer solo con publicidad

      Hola a todos,

      Es la primera vez que pido ayuda en un foro asique espero hacerlo bien

      Creo que se me ha infectado el ordenador con algun spyware que no soy capaz de eliminar. e visto algunos casos de este foro y he hecho lo siguiente:

      Descarga y ejecuta Ccleaner.
      Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
      Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware.
      En la pestaña Escáner marcas "Realizar un Examen Completo".
      Con la opción de "quitar lo seleccionado" lo mandas todo a la cuarentena y reinicia el sistema.

      Descargar DDS.pif desde aquí y guardarla en su escritorio de Windows.
      Si no funciona la descarga anterior puede descargar la herramienta desde aquí
      Deshabilite cualquier bloqueador de script y a continuación, haga doble clic en dds.pif para ejecutar la herramienta y espere pacientemente el reporte.


      Pero me sigue pasando lo mismo....

      Pego aqui los log:

      Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.org

      Database version: 6863

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      15/06/2011 20:09:05
      mbam-log-2011-06-15 (20-09-05).txt

      Scan type: Full scan (C:\|D:\|)
      Objects scanned: 273743
      Time elapsed: 56 minute(s), 55 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 4
      Folders Infected: 0
      Files Infected: 3

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      c:\program files\juniper networks\odyssey access client\Init.reg (Extension.Mismatch) -> Quarantined and deleted successfully.
      d:\documents and settings\100027982\local settings\Temp\nsi72.tmp\NSISdl.dll (Trojan.Banker) -> Quarantined and deleted successfully.
      d:\documents and settings\100027982\local settings\Temp\nsy74.tmp\NSISdl.dll (Trojan.Banker) -> Quarantined and deleted successfully.


      DDS.TXT

      .
      DDS (Ver_2011-06-12.02) - NTFSx86
      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_15
      Run by 100027982 at 20:12:55 on 2011-06-15
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.350 [GMT 2:00]
      .
      AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
      FW: Sophos Client Firewall *Enabled*
      FW: Proventia Desktop *Enabled*
      .
      ============== Running Processes ===============
      .
      C:\Program Files\SafeBoot\SBMGRNT.EXE
      C:\WINDOWS\system32\svchost -k DcomLaunch
      svchost.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
      svchost.exe
      svchost.exe
      C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
      C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
      C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\Application Updater\ApplicationUpdater.exe
      C:\Program Files\ISS\Proventia Desktop\blackd.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\CA\SC\CAM\bin\cam.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\WINDOWS\system32\NMSAccess32.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\Program Files\ISS\Proventia Desktop\RapApp.exe
      C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
      C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
      C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
      C:\Program Files\Sophos\Remote Management System\RouterNT.exe
      C:\Program Files\Sophos\NAC\AgentAPI.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\Program Files\UPHClean\uphclean.exe
      C:\Program Files\VMware\VMware Player\vmware-authd.exe
      C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
      C:\WINDOWS\system32\vmnat.exe
      C:\Program Files\ISS\Proventia Desktop\vpatch.exe
      C:\Program Files\CA\DSM\bin\caf.exe
      C:\WINDOWS\system32\vmnetdhcp.exe
      C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\CA\DSM\Bin\ccnfagent.exe
      C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
      C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
      C:\Program Files\CA\DSM\Bin\amswmagt.exe
      C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
      C:\Program Files\CA\DSM\Bin\cfftplugin.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\AESTFltr.exe
      C:\Program Files\CA\DSM\bin\cfSysTray.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\DellTPad\Apoint.exe
      C:\Program Files\IDT\WDM\sttray.exe
      C:\Program Files\Sophos\NAC\AgntTray.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\DellTPad\ApMsgFwd.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
      C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      C:\Program Files\DellTPad\HidFind.exe
      C:\Program Files\DellTPad\Apntex.exe
      C:\Program Files\VMware\VMware Player\hqtray.exe
      C:\Program Files\Tutoriales100\tutoriales100.exe
      D:\Documents and Settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\ISS\Proventia Desktop\blackice.exe
      C:\Program Files\Sophos\AutoUpdate\ALMon.exe
      C:\WINDOWS\System32\svchost.exe -k HTTPFilter
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\regedit.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.es/
      uDefault_Page_URL = hxxp://healthcare.home.ge.com
      uInternet Connection Wizard,ShellNext = hxxp://medinternational.home.ge.com/
      uInternet Settings,ProxyOverride = <local>
      mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
      uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: T100BHO Class: {2f2cc692-d1b6-433e-beff-745ce8087980} - c:\program files\tutoriales100\tutoriales100BHO.dll
      BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
      BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
      BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
      BHO: SignoIEHelper.SignoIEHelp: {c5323d86-13b6-4b06-a27e-3d19e2954017} - c:\program files\signotec\dll\SignoIEHelper.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: SupportCentral: {e5ca3fcb-32f0-4602-a3fd-0785e3f0f5bf} - c:\windows\system32\SCTOOL~1.DLL
      TB: {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - No File
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
      uRun: [Google Update] "d:\documents and settings\100027982\local settings\application data\google\update\GoogleUpdate.exe" /c
      uRun: [Calendario]
      mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
      mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
      mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
      mRun: [TempRemove] "c:\program files\crystal ball\cb predictor\terminator.exe"
      mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
      mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
      mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
      mRun: [Persistence] c:\windows\system32\igfxpers.exe
      mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      mRun: [SBMGRNT.EXE] c:\progra~1\safeboot\SBMGRNT.EXE -WinLogon
      mRun: [<NO NAME>]
      mRun: [Apoint] c:\program files\delltpad\Apoint.exe
      mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
      mRun: [SophosNAC_Agent] "c:\program files\sophos\nac\AgntTray.exe"
      mRun: [GEvpnPacCheck] c:\program files\juniper networks\VPN_PAC_CHECK.vbs
      mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe"
      mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
      mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
      mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
      mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
      mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
      mRun: [Tutoriales100] "c:\program files\tutoriales100\tutoriales100.exe"
      mRun: [UpdateTutoriales100] d:\documents and settings\100027982\application data\tutoriales100\update tutoriales 100\UpdateTutoriales100HP.exe
      mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
      mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
      mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
      mExplorerRun: [1] \\euro.med.ge.com\netlogon\Unicenter\DSMSDAMV3.EXE
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\PROVEN~1.LNK -
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
      mPolicies-explorer: NoActiveDesktop = 1 (0x1)
      IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
      IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
      LSP: bmnet.dll
      LSP: c:\program files\vmware\vmware player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
      DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288812680608
      DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://cincinnati.connectge.com/dana-cached/setup/JuniperSetupSP1.cab
      DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
      DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
      DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
      TCP: DhcpNameServer = 192.168.2.1
      TCP: Interfaces\{D628129B-3B61-454D-B82F-96C5C0C93BF3} : DhcpNameServer = 192.168.2.1
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
      Notify: CAF - c:\program files\ca\dsm\bin\cfwlogon.dll
      Notify: igfxcui - igfxdev.dll
      Notify: OdysseyClient - odyEvent.dll
      Notify: PCANotify - PCANotify.dll
      AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      mASetup: OutlookProfile.vbs - "c:\program files\microsoft office\OutlookProfile.vbs"
      mASetup: PitchBuilderAS.EXE - "c:\program files\microsoft office\wizkit\PitchBuilderAS.EXE" /EXE:ge_pitch_builder_2010_v8
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-14 64512]
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2009-8-12 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [2009-8-12 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [2009-12-2 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [2009-12-2 44848]
      R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
      R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-12-2 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-11-20 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-11-20 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [2009-12-2 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [2009-12-2 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [2009-11-20 100136]
      R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
      R2 BlackICE;BlackICE;c:\program files\iss\proventia desktop\blackd.exe [2009-11-20 2011473]
      R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2009-11-20 147456]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\ca\dsm\bin\CAF.exe [2007-3-3 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-8-11 132392]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151128]
      R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-15 366640]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [2009-1-12 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\safeboot\sbmgrnt.exe [2009-12-2 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-20 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-10-20 93736]
      R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-10-20 278528]
      R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-10-20 175144]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\sophos\sophos client firewall\SCFManager.exe [2010-10-20 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\sophos\sophos client firewall\SCFService.exe [2010-10-20 30248]
      R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-10-20 802816]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\sophos\nac\AgentAPI.exe [2009-5-1 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\iss\proventia desktop\vpatch.exe [2009-11-20 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-19 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-19 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-2 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2009-8-12 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [2009-11-26 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [2009-11-26 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [2009-11-26 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-20 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2009-6-13 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [2009-6-13 29312]
      R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [2009-11-20 76849]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [2009-11-20 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-3-1 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [2009-11-20 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [2009-4-2 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [2009-4-2 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [2009-4-2 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [2009-4-2 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [2009-4-2 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [2009-4-2 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [2009-4-2 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [2009-4-2 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [2009-4-2 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-12-29 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-7-20 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [2009-6-13 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 39984]
      S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-10-20 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-12-29 150528]
      S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]
      S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
      S4 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-1 106496]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-11-20 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]
      .
      =============== Created Last 30 ================
      .
      2011-06-15 18:09:33 54016 ----a-w- c:\windows\system32\drivers\jabovu.sys
      2011-06-15 16:33:39 -------- d-----w- d:\documents and settings\100027982\application data\Malwarebytes
      2011-06-15 16:33:32 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-06-15 16:33:31 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
      2011-06-15 16:33:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-06-15 16:33:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2011-06-15 16:32:08 287048 ----a-w- c:\temp\limpiar malware\SoftonicDownloader_para_malwarebytes-anti-malware.exe
      2011-06-15 16:25:04 -------- d-----w- c:\program files\CCleaner
      2011-06-15 16:23:42 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-15 07:18:32 30267 ----a-w- c:\windows\system32\drivers\LKD83.tmp
      2011-06-15 06:02:05 30267 ----a-w- c:\windows\system32\drivers\LKD82.tmp
      2011-06-14 21:34:25 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:37:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
      2011-06-14 20:37:33 -------- d-----w- c:\program files\Lavasoft
      2011-06-14 20:20:39 -------- d-----w- d:\documents and settings\100027982\application data\Calendario
      2011-06-14 20:19:11 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19:11 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18:53 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13:43 -------- d-----w- d:\documents and settings\100027982\application data\Tutoriales100
      2011-06-14 20:13:40 -------- d-----w- d:\documents and settings\100027982\local settings\application data\Tutoriales100
      2011-06-14 20:13:40 -------- d-----w- c:\program files\Tutoriales100
      2011-06-14 20:12:30 12 ----a-w- C:\wpg32.dll
      2011-06-14 20:12:01 -------- d-----w- c:\program files\Object
      2011-06-14 06:38:57 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37:23 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37:22 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09:37 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09:32 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09:32 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09:19 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09:03 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-10 11:32:37 30267 ----a-w- c:\windows\system32\drivers\LKD1F9.tmp
      2011-06-10 03:20:56 30267 ----a-w- c:\windows\system32\drivers\LKD154.tmp
      2011-06-09 18:29:39 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29:38 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26:03 -------- d-----w- d:\documents and settings\100027982\application data\Softplicity
      2011-06-09 18:25:52 -------- d-----w- c:\program files\TotalAudioConverter
      2011-06-09 15:03:43 30267 ----a-w- c:\windows\system32\drivers\LKDCB.tmp
      2011-06-09 10:56:31 30267 ----a-w- c:\windows\system32\drivers\LKD81.tmp
      2011-06-09 07:54:11 30267 ----a-w- c:\windows\system32\drivers\LKDEE.tmp
      2011-06-08 15:29:47 30267 ----a-w- c:\windows\system32\drivers\LKD80.tmp
      2011-06-07 13:13:53 30267 ----a-w- c:\windows\system32\drivers\LKD7F.tmp
      2011-06-06 14:21:32 30267 ----a-w- c:\windows\system32\drivers\LKD7E.tmp
      2011-06-06 07:00:38 30267 ----a-w- c:\windows\system32\drivers\LKD8E.tmp
      2011-06-03 02:09:29 30267 ----a-w- c:\windows\system32\drivers\LKD156.tmp
      2011-06-02 17:59:39 30267 ----a-w- c:\windows\system32\drivers\LKDC3.tmp
      2011-06-02 13:53:32 30267 ----a-w- c:\windows\system32\drivers\LKD7C.tmp
      2011-06-02 07:31:29 30267 ----a-w- c:\windows\system32\drivers\LKD7D.tmp
      2011-05-31 08:01:36 30267 ----a-w- c:\windows\system32\drivers\LKD7B.tmp
      2011-05-27 11:39:57 30267 ----a-w- c:\windows\system32\drivers\LKD7A.tmp
      2011-05-26 07:27:27 30267 ----a-w- c:\windows\system32\drivers\LKD79.tmp
      2011-05-25 11:21:19 30267 ----a-w- c:\windows\system32\drivers\LKDCD.tmp
      2011-05-25 07:20:34 30267 ----a-w- c:\windows\system32\drivers\LKD78.tmp
      2011-05-24 17:05:23 -------- d-----w- d:\documents and settings\100027982\local settings\application data\VMware
      2011-05-24 13:58:59 94208 ----a-w- c:\temp\ccc training\ccc70sp3\70sp3\deio\program\criticalcareclinisoft\pdev\DDPB840.dll
      2011-05-24 11:17:25 30267 ----a-w- c:\windows\system32\drivers\LKDD1.tmp
      2011-05-24 07:16:31 30267 ----a-w- c:\windows\system32\drivers\LKD77.tmp
      2011-05-23 12:23:30 30267 ----a-w- c:\windows\system32\drivers\LKDC2.tmp
      2011-05-23 08:22:41 30267 ----a-w- c:\windows\system32\drivers\LKD76.tmp
      2011-05-20 11:33:20 30267 ----a-w- c:\windows\system32\drivers\LKDE0.tmp
      2011-05-20 11:01:09 30267 ----a-w- c:\windows\system32\drivers\LKD75.tmp
      2011-05-19 07:29:03 30267 ----a-w- c:\windows\system32\drivers\LKD74.tmp
      2011-05-18 07:18:27 30267 ----a-w- c:\windows\system32\drivers\LKD73.tmp
      2011-05-17 12:30:36 -------- d-----w- C:\drivers
      2011-05-17 12:07:05 36577960 ----a-w- c:\temp\lexmark para vista\cjrX1100EN.exe
      2011-05-17 07:18:54 30267 ----a-w- c:\windows\system32\drivers\LKD72.tmp
      .
      ==================== Find3M ====================
      .
      2011-06-15 11:23:37 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-15 11:23:37 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-15 11:23:37 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-15 11:23:37 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-15 11:23:36 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      2011-06-15 11:23:36 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-05-16 08:24:03 30267 ----a-w- c:\windows\system32\drivers\LKD71.tmp
      2011-05-13 09:05:57 30267 ----a-w- c:\windows\system32\drivers\LKD70.tmp
      2011-05-12 15:17:58 30267 ----a-w- c:\windows\system32\drivers\LKD106.tmp
      2011-05-12 07:16:52 30267 ----a-w- c:\windows\system32\drivers\LKD6F.tmp
      2011-05-11 11:26:56 30267 ----a-w- c:\windows\system32\drivers\LKDD6.tmp
      2011-05-11 07:26:04 30267 ----a-w- c:\windows\system32\drivers\LKD6E.tmp
      2011-05-10 11:31:23 30267 ----a-w- c:\windows\system32\drivers\LKDCC.tmp
      2011-05-10 07:30:06 30267 ----a-w- c:\windows\system32\drivers\LKD6D.tmp
      2011-05-09 12:39:12 30267 ----a-w- c:\windows\system32\drivers\LKD6B.tmp
      2011-05-05 13:11:15 30267 ----a-w- c:\windows\system32\drivers\LKD6A.tmp
      2011-05-04 16:42:53 30267 ----a-w- c:\windows\system32\drivers\LKD69.tmp
      2011-05-03 18:57:07 30267 ----a-w- c:\windows\system32\drivers\LKDF7.tmp
      2011-05-03 10:46:07 30267 ----a-w- c:\windows\system32\drivers\LKD68.tmp
      2011-05-03 02:32:40 30267 ----a-w- c:\windows\system32\drivers\LKD146.tmp
      2011-04-29 11:38:41 30267 ----a-w- c:\windows\system32\drivers\LKD1DD.tmp
      2011-04-29 07:37:21 30267 ----a-w- c:\windows\system32\drivers\LKD6C.tmp
      2011-04-28 15:25:37 30267 ----a-w- c:\windows\system32\drivers\LKDB0.tmp
      2011-04-28 11:24:39 30267 ----a-w- c:\windows\system32\drivers\LKD67.tmp
      2011-04-27 16:02:58 30267 ----a-w- c:\windows\system32\drivers\LKDB4.tmp
      2011-04-27 11:57:39 30267 ----a-w- c:\windows\system32\drivers\LKD66.tmp
      2011-04-27 06:33:52 30267 ----a-w- c:\windows\system32\drivers\LKD65.tmp
      2011-04-26 10:33:36 30267 ----a-w- c:\windows\system32\drivers\LKD8B1.tmp
      2011-04-25 14:18:31 30267 ----a-w- c:\windows\system32\drivers\LKD114.tmp
      2011-04-25 06:14:16 30267 ----a-w- c:\windows\system32\drivers\LKD64.tmp
      2011-04-20 07:47:29 30267 ----a-w- c:\windows\system32\drivers\LKD1D1.tmp
      2011-04-19 23:37:37 30267 ----a-w- c:\windows\system32\drivers\LKD150.tmp
      2011-04-19 15:27:12 30267 ----a-w- c:\windows\system32\drivers\LKDCA.tmp
      2011-04-19 11:21:59 30267 ----a-w- c:\windows\system32\drivers\LKD88.tmp
      2011-04-15 10:32:01 30267 ----a-w- c:\windows\system32\drivers\LKD2EF.tmp
      2011-04-15 02:22:45 30267 ----a-w- c:\windows\system32\drivers\LKD12A.tmp
      2011-04-14 15:28:25 30267 ----a-w- c:\windows\system32\drivers\LKD176D.tmp
      2011-04-14 07:19:10 30267 ----a-w- c:\windows\system32\drivers\LKD13C0.tmp
      2011-04-13 2313 30267 ----a-w- c:\windows\system32\drivers\LKD12AA.tmp
      2011-04-13 15:00:29 30267 ----a-w- c:\windows\system32\drivers\LKD11B9.tmp
      2011-04-13 06:51:17 30267 ----a-w- c:\windows\system32\drivers\LKDE15.tmp
      2011-04-12 10:23:02 30267 ----a-w- c:\windows\system32\drivers\LKD5F4.tmp
      2011-04-12 06:18:00 30267 ----a-w- c:\windows\system32\drivers\LKD3E2.tmp
      2011-04-08 09:16:47 30267 ----a-w- c:\windows\system32\drivers\LKDB6.tmp
      2011-04-07 00:22:35 30267 ----a-w- c:\windows\system32\drivers\LKD397.tmp
      2011-04-06 16:12:39 30267 ----a-w- c:\windows\system32\drivers\LKD310.tmp
      2011-04-06 08:02:52 30267 ----a-w- c:\windows\system32\drivers\LKD28A.tmp
      2011-04-05 23:52:05 30267 ----a-w- c:\windows\system32\drivers\LKD203.tmp
      2011-04-04 16:42:44 30267 ----a-w- c:\windows\system32\drivers\LKD100.tmp
      2011-03-25 07:18:46 30267 ----a-w- c:\windows\system32\drivers\LKD62.tmp
      2011-03-24 09:05:47 30267 ----a-w- c:\windows\system32\drivers\LKD8F4.tmp
      2011-03-24 00:54:43 30267 ----a-w- c:\windows\system32\drivers\LKD872.tmp
      2011-03-23 16:44:42 30267 ----a-w- c:\windows\system32\drivers\LKD7ED.tmp
      2011-03-23 08:34:29 30267 ----a-w- c:\windows\system32\drivers\LKD765.tmp
      2011-03-23 00:23:22 30267 ----a-w- c:\windows\system32\drivers\LKD6DE.tmp
      2011-03-22 16:13:09 30267 ----a-w- c:\windows\system32\drivers\LKD659.tmp
      2011-03-22 08:02:48 30267 ----a-w- c:\windows\system32\drivers\LKD5CF.tmp
      2011-03-21 23:52:41 30267 ----a-w- c:\windows\system32\drivers\LKD54C.tmp
      2011-03-21 15:42:48 30267 ----a-w- c:\windows\system32\drivers\LKD4C9.tmp
      2011-03-21 07:32:34 30267 ----a-w- c:\windows\system32\drivers\LKD432.tmp
      2011-03-18 09:53:37 30267 ----a-w- c:\windows\system32\drivers\LKD345.tmp
      .
      ============= FINISH: 20:13:43.40 ===============
      Muchas gracias por vuestra ayuda de antemano.

      Un saludo

    2. #2
      Colaborador Avatar de RiaGuel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      7.770

      Re: Se abre el explorer solo con publicidad

      Hola scialfa. al Foro de InfoSpyware.

      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      Desactiva temporalmente el Antivirus y/o Antispyware.
      Cierra todas las ventanas abiertas.
      • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
      o *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
      o *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje. Me comentas también que tal es el funcionamiento del equipo después de ejecutar ComboFix.

      PD: No vuelvas a ejecutar ComboFix ni ningun otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.
      Saludos
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Re: Se abre el explorer solo con publicidad

      Hola RiaGuel,

      Muchas gracias por tu respuesta.
      He seguido los pasos, y te cuento:
      - rendimiento del equipo, todo bien, no he notado demasiada diferencia ni para bien ni para mal (con el tema este de las ventans de publicidad no se me ha relentizado),
      - pero se me siguen abriendo ventanas de explorer con publicidad

      Te pego aqui el log de combofix:

      ComboFix 11-06-15.02 - 100027982 16/06/2011 18:35:32.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.1009 [GMT 2:00]
      Running from: d:\documents and settings\100027982\Desktop\ComboFix.exe
      AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
      AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      FW: Proventia Desktop *Enabled* {E1EC88C6-49C8-4599-8097-09F7E1CB6A15}
      FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Search Settings
      c:\program files\Search Settings\SeARchsettings.dll
      c:\program files\Search Settings\SearchSettings.exe
      c:\program files\Search Settings\SearchSettingsRes409.dll
      c:\windows\system32\paradise.dll
      d:\documents and settings\100027982.HCE-1X80J4J\WINDOWS
      d:\documents and settings\100027982\WINDOWS
      d:\documents and settings\Default User\WINDOWS
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
      .
      .
      2011-06-16 16:03 . 2011-06-16 16:03 4128845 ----a-w- c:\temp\limpiar malware\ComboFix.exe
      2011-06-16 10:58 . 2011-06-16 10:58 30267 ----a-w- c:\windows\system32\drivers\LKD84.tmp
      2011-06-15 18:46 . 2011-06-15 16:33 9435312 ----a-w- c:\temp\limpiar malware\mbam-setup-1.51.0.1200.exe
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\100027982\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2011-06-15 16:25 . 2011-06-15 16:25 -------- d-----w- c:\program files\CCleaner
      2011-06-15 16:23 . 2011-06-15 16:23 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-15 07:18 . 2011-06-15 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD83.tmp
      2011-06-15 06:02 . 2011-06-15 06:02 30267 ----a-w- c:\windows\system32\drivers\LKD82.tmp
      2011-06-14 21:34 . 2011-06-14 21:34 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40 . 2011-06-14 20:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:38 . 2011-06-14 20:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
      2011-06-14 20:37 . 2011-05-25 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- c:\program files\Lavasoft
      2011-06-14 20:20 . 2011-06-14 20:21 -------- d-----w- d:\documents and settings\100027982\Application Data\Calendario
      2011-06-14 20:19 . 2011-06-14 20:19 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19 . 2011-06-14 20:19 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18 . 2011-06-14 20:18 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Application Data\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- c:\program files\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      2011-06-14 20:12 . 2011-06-14 20:12 12 ----a-w- C:\wpg32.dll
      2011-06-14 20:12 . 2011-06-14 20:17 -------- d-----w- c:\program files\Object
      2011-06-14 06:38 . 2011-06-14 06:39 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37 . 2011-06-09 18:25 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37 . 2011-06-09 18:29 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09 . 2010-08-01 10:38 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09 . 2010-08-01 10:38 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09 . 2010-08-01 10:36 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09 . 2010-08-01 10:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09 . 2010-08-01 10:37 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-10 11:32 . 2011-06-10 11:32 30267 ----a-w- c:\windows\system32\drivers\LKD1F9.tmp
      2011-06-10 03:20 . 2011-06-10 03:20 30267 ----a-w- c:\windows\system32\drivers\LKD154.tmp
      2011-06-09 18:29 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29 . 2011-06-09 18:29 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26 . 2011-06-09 18:26 -------- d-----w- d:\documents and settings\100027982\Application Data\Softplicity
      2011-06-09 18:25 . 2011-06-09 18:28 -------- d-----w- c:\program files\TotalAudioConverter
      2011-06-09 15:03 . 2011-06-09 15:03 30267 ----a-w- c:\windows\system32\drivers\LKDCB.tmp
      2011-06-09 10:56 . 2011-06-09 10:56 30267 ----a-w- c:\windows\system32\drivers\LKD81.tmp
      2011-06-09 07:54 . 2011-06-09 07:54 30267 ----a-w- c:\windows\system32\drivers\LKDEE.tmp
      2011-06-08 15:29 . 2011-06-08 15:29 30267 ----a-w- c:\windows\system32\drivers\LKD80.tmp
      2011-06-07 13:13 . 2011-06-07 13:13 30267 ----a-w- c:\windows\system32\drivers\LKD7F.tmp
      2011-06-06 14:21 . 2011-06-06 14:21 30267 ----a-w- c:\windows\system32\drivers\LKD7E.tmp
      2011-06-06 07:00 . 2011-06-06 07:00 30267 ----a-w- c:\windows\system32\drivers\LKD8E.tmp
      2011-06-03 02:09 . 2011-06-03 02:09 30267 ----a-w- c:\windows\system32\drivers\LKD156.tmp
      2011-06-02 17:59 . 2011-06-02 17:59 30267 ----a-w- c:\windows\system32\drivers\LKDC3.tmp
      2011-06-02 13:53 . 2011-06-02 13:53 30267 ----a-w- c:\windows\system32\drivers\LKD7C.tmp
      2011-06-02 07:31 . 2011-06-02 07:31 30267 ----a-w- c:\windows\system32\drivers\LKD7D.tmp
      2011-05-31 08:01 . 2011-05-31 08:01 30267 ----a-w- c:\windows\system32\drivers\LKD7B.tmp
      2011-05-27 11:39 . 2011-05-27 11:39 30267 ----a-w- c:\windows\system32\drivers\LKD7A.tmp
      2011-05-26 07:27 . 2011-05-26 07:27 30267 ----a-w- c:\windows\system32\drivers\LKD79.tmp
      2011-05-25 11:21 . 2011-05-25 11:21 30267 ----a-w- c:\windows\system32\drivers\LKDCD.tmp
      2011-05-25 07:20 . 2011-05-25 07:20 30267 ----a-w- c:\windows\system32\drivers\LKD78.tmp
      2011-05-24 17:05 . 2011-06-15 15:37 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\VMware
      2011-05-24 13:58 . 2011-04-13 13:34 94208 ----a-w- c:\temp\CCC TRaining\CCC70SP3\70sp3\Deio\Program\CriticalCareClinisoft\PDEV\DDPB840.dll
      2011-05-24 11:17 . 2011-05-24 11:17 30267 ----a-w- c:\windows\system32\drivers\LKDD1.tmp
      2011-05-24 07:16 . 2011-05-24 07:16 30267 ----a-w- c:\windows\system32\drivers\LKD77.tmp
      2011-05-23 12:23 . 2011-05-23 12:23 30267 ----a-w- c:\windows\system32\drivers\LKDC2.tmp
      2011-05-23 08:22 . 2011-05-23 08:22 30267 ----a-w- c:\windows\system32\drivers\LKD76.tmp
      2011-05-20 11:33 . 2011-05-20 11:33 30267 ----a-w- c:\windows\system32\drivers\LKDE0.tmp
      2011-05-20 11:01 . 2011-05-20 11:01 30267 ----a-w- c:\windows\system32\drivers\LKD75.tmp
      2011-05-19 07:29 . 2011-05-19 07:29 30267 ----a-w- c:\windows\system32\drivers\LKD74.tmp
      2011-05-18 07:18 . 2011-05-18 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD73.tmp
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-16 15:05 . 2009-12-02 13:07 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-16 15:04 . 2009-12-02 13:06 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-16 15:04 . 2009-12-02 13:06 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-16 15:04 . 2009-12-02 13:06 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-16 15:04 . 2009-12-02 13:06 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      2011-06-16 15:04 . 2009-12-02 13:07 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-05-17 07:18 . 2011-05-17 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD72.tmp
      2011-05-16 08:24 . 2011-05-16 08:24 30267 ----a-w- c:\windows\system32\drivers\LKD71.tmp
      2011-05-13 09:05 . 2011-05-13 09:05 30267 ----a-w- c:\windows\system32\drivers\LKD70.tmp
      2011-05-12 15:17 . 2011-05-12 15:17 30267 ----a-w- c:\windows\system32\drivers\LKD106.tmp
      2011-05-12 07:16 . 2011-05-12 07:16 30267 ----a-w- c:\windows\system32\drivers\LKD6F.tmp
      2011-05-11 11:26 . 2011-05-11 11:26 30267 ----a-w- c:\windows\system32\drivers\LKDD6.tmp
      2011-05-11 07:26 . 2011-05-11 07:26 30267 ----a-w- c:\windows\system32\drivers\LKD6E.tmp
      2011-05-10 11:31 . 2011-05-10 11:31 30267 ----a-w- c:\windows\system32\drivers\LKDCC.tmp
      2011-05-10 07:30 . 2011-05-10 07:30 30267 ----a-w- c:\windows\system32\drivers\LKD6D.tmp
      2011-05-09 12:39 . 2011-05-09 12:39 30267 ----a-w- c:\windows\system32\drivers\LKD6B.tmp
      2011-05-05 13:11 . 2011-05-05 13:11 30267 ----a-w- c:\windows\system32\drivers\LKD6A.tmp
      2011-05-04 16:42 . 2011-05-04 16:42 30267 ----a-w- c:\windows\system32\drivers\LKD69.tmp
      2011-05-03 18:57 . 2011-05-03 18:57 30267 ----a-w- c:\windows\system32\drivers\LKDF7.tmp
      2011-05-03 10:46 . 2011-05-03 10:46 30267 ----a-w- c:\windows\system32\drivers\LKD68.tmp
      2011-05-03 02:32 . 2011-05-03 02:32 30267 ----a-w- c:\windows\system32\drivers\LKD146.tmp
      2011-04-29 11:38 . 2011-04-29 11:38 30267 ----a-w- c:\windows\system32\drivers\LKD1DD.tmp
      2011-04-29 07:37 . 2011-04-29 07:37 30267 ----a-w- c:\windows\system32\drivers\LKD6C.tmp
      2011-04-28 15:25 . 2011-04-28 15:25 30267 ----a-w- c:\windows\system32\drivers\LKDB0.tmp
      2011-04-28 11:24 . 2011-04-28 11:24 30267 ----a-w- c:\windows\system32\drivers\LKD67.tmp
      2011-04-27 16:02 . 2011-04-27 16:02 30267 ----a-w- c:\windows\system32\drivers\LKDB4.tmp
      2011-04-27 11:57 . 2011-04-27 11:57 30267 ----a-w- c:\windows\system32\drivers\LKD66.tmp
      2011-04-27 06:33 . 2011-04-27 06:33 30267 ----a-w- c:\windows\system32\drivers\LKD65.tmp
      2011-04-26 10:33 . 2011-04-26 10:33 30267 ----a-w- c:\windows\system32\drivers\LKD8B1.tmp
      2011-04-25 14:18 . 2011-04-25 14:18 30267 ----a-w- c:\windows\system32\drivers\LKD114.tmp
      2011-04-25 06:14 . 2011-04-25 06:14 30267 ----a-w- c:\windows\system32\drivers\LKD64.tmp
      2011-04-20 07:47 . 2011-04-20 07:47 30267 ----a-w- c:\windows\system32\drivers\LKD1D1.tmp
      2011-04-19 23:37 . 2011-04-19 23:37 30267 ----a-w- c:\windows\system32\drivers\LKD150.tmp
      2011-04-19 15:27 . 2011-04-19 15:27 30267 ----a-w- c:\windows\system32\drivers\LKDCA.tmp
      2011-04-19 11:21 . 2011-04-19 11:21 30267 ----a-w- c:\windows\system32\drivers\LKD88.tmp
      2011-04-15 10:32 . 2011-04-15 10:32 30267 ----a-w- c:\windows\system32\drivers\LKD2EF.tmp
      2011-04-15 02:22 . 2011-04-15 02:22 30267 ----a-w- c:\windows\system32\drivers\LKD12A.tmp
      2011-04-14 15:28 . 2011-04-14 15:28 30267 ----a-w- c:\windows\system32\drivers\LKD176D.tmp
      2011-04-14 07:19 . 2011-04-14 07:19 30267 ----a-w- c:\windows\system32\drivers\LKD13C0.tmp
      2011-04-13 23:10 . 2011-04-13 23:10 30267 ----a-w- c:\windows\system32\drivers\LKD12AA.tmp
      2011-04-13 15:00 . 2011-04-13 15:00 30267 ----a-w- c:\windows\system32\drivers\LKD11B9.tmp
      2011-04-13 06:51 . 2011-04-13 06:51 30267 ----a-w- c:\windows\system32\drivers\LKDE15.tmp
      2011-04-12 10:23 . 2011-04-12 10:23 30267 ----a-w- c:\windows\system32\drivers\LKD5F4.tmp
      2011-04-12 06:18 . 2011-04-12 06:18 30267 ----a-w- c:\windows\system32\drivers\LKD3E2.tmp
      2011-04-08 09:16 . 2011-04-08 09:16 30267 ----a-w- c:\windows\system32\drivers\LKDB6.tmp
      2011-04-07 00:22 . 2011-04-07 00:22 30267 ----a-w- c:\windows\system32\drivers\LKD397.tmp
      2011-04-06 16:12 . 2011-04-06 16:12 30267 ----a-w- c:\windows\system32\drivers\LKD310.tmp
      2011-04-06 08:02 . 2011-04-06 08:02 30267 ----a-w- c:\windows\system32\drivers\LKD28A.tmp
      2011-04-05 23:52 . 2011-04-05 23:52 30267 ----a-w- c:\windows\system32\drivers\LKD203.tmp
      2011-04-04 16:42 . 2011-04-04 16:42 30267 ----a-w- c:\windows\system32\drivers\LKD100.tmp
      2011-03-25 07:18 . 2011-03-25 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD62.tmp
      2011-03-24 09:05 . 2011-03-24 09:05 30267 ----a-w- c:\windows\system32\drivers\LKD8F4.tmp
      2011-03-24 00:54 . 2011-03-24 00:54 30267 ----a-w- c:\windows\system32\drivers\LKD872.tmp
      2011-03-23 16:44 . 2011-03-23 16:44 30267 ----a-w- c:\windows\system32\drivers\LKD7ED.tmp
      2011-03-23 08:34 . 2011-03-23 08:34 30267 ----a-w- c:\windows\system32\drivers\LKD765.tmp
      2011-03-23 00:23 . 2011-03-23 00:23 30267 ----a-w- c:\windows\system32\drivers\LKD6DE.tmp
      2011-03-22 16:13 . 2011-03-22 16:13 30267 ----a-w- c:\windows\system32\drivers\LKD659.tmp
      2011-03-22 08:02 . 2011-03-22 08:02 30267 ----a-w- c:\windows\system32\drivers\LKD5CF.tmp
      2011-03-21 23:52 . 2011-03-21 23:52 30267 ----a-w- c:\windows\system32\drivers\LKD54C.tmp
      2011-03-21 15:42 . 2011-03-21 15:42 30267 ----a-w- c:\windows\system32\drivers\LKD4C9.tmp
      2011-03-21 07:32 . 2011-03-21 07:32 30267 ----a-w- c:\windows\system32\drivers\LKD432.tmp
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2CC692-D1B6-433e-BEFF-745CE8087980}]
      2011-05-17 14:31 221184 ----a-w- c:\program files\Tutoriales100\tutoriales100BHO.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-21 466944]
      "DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2007-03-03 24592]
      "CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2007-03-03 124432]
      "TempRemove"="c:\program files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 7680]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-24 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-24 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-24 136192]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2011-06-16 49212]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-09 483420]
      "SophosNAC_Agent"="c:\program files\Sophos\NAC\AgntTray.exe" [2009-05-01 1373792]
      "GEvpnPacCheck"="c:\program files\Juniper Networks\VPN_PAC_CHECK.vbs" [2009-04-06 1747]
      "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2009-08-12 955688]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-08-01 64048]
      "Tutoriales100"="c:\program files\Tutoriales100\tutoriales100.exe" [2011-06-06 978544]
      "UpdateTutoriales100"="d:\documents and settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe" [2011-05-17 655360]
      "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776]
      Proventia Desktop Agent.lnk - [N/A]
      Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-10-20 429096]
      VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-20 6144]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2007-03-03 12:30 27664 ----a-w- c:\program files\CA\DSM\Bin\cfWlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
      2010-07-13 06:48 202024 ----a-w- c:\windows\system32\odyEvent.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-01 11:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
      2010-07-07 20:39 3677496 ----a-w- c:\program files\WebEx\Connect\connect.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-10-16 09:04 136176 ----atw- d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
      2003-08-19 10:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
      2006-08-11 07:45 712704 ----a-w- c:\program files\Maxtor\ManagerApp\OneTouch.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2010-04-28 18:26 252928 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
      2006-08-11 10:15 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
      2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NTService1"=2 (0x2)
      "MaxBackServiceInt"=2 (0x2)
      "gusvc"=3 (0x3)
      "gupdate"=2 (0x2)
      "awhost32"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)
      "VmbService"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=
      "c:\\Program Files\\WebEx\\Connect\\widget.exe"=
      "c:\\Program Files\\WebEx\\Connect\\connect.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5556:TCP"= 5556:TCP:SafeBoot
      .
      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/14/2011 10:37 PM 64512]
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [8/12/2009 4:15 AM 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [8/12/2009 4:15 AM 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [12/2/2009 3:07 PM 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [12/2/2009 3:06 PM 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/2/2009 3:06 PM 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/20/2009 5:00 AM 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/20/2009 5:00 AM 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [12/2/2009 3:06 PM 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [12/2/2009 3:06 PM 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [11/20/2009 5:02 AM 100136]
      R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
      R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [11/20/2009 4:36 AM 2011473]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\Bin\CAF.exe [3/3/2007 2:30 PM 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [8/11/2009 9:14 PM 132392]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/25/2011 2:00 AM 2151128]
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/15/2011 6:33 PM 366640]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [1/12/2009 7:15 AM 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\sbmgrnt.exe [12/2/2009 3:07 PM 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/20/2010 9:36 AM 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/20/2010 9:36 AM 93736]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [10/20/2010 9:36 AM 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [10/20/2010 9:36 AM 30248]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\Sophos\NAC\AgentAPI.exe [5/1/2009 1:07 PM 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/1/2010 12:39 PM 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/1/2010 11:39 AM 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [11/20/2009 4:36 AM 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/19/2009 6:23 PM 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/19/2009 6:23 PM 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/2/2009 1:52 PM 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [8/12/2009 4:30 AM 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11/26/2009 10:44 AM 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/20/2009 5:30 AM 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/13/2009 6:18 PM 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [6/13/2009 6:18 PM 29312]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [11/20/2009 4:36 AM 76849]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/15/2011 6:33 PM 22712]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [11/20/2009 4:36 AM 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [3/1/2010 6:35 PM 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [11/20/2009 4:36 AM 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [4/2/2009 1:38 PM 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [4/2/2009 1:38 PM 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [4/2/2009 1:38 PM 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [4/2/2009 1:38 PM 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [4/2/2009 1:38 PM 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [4/2/2009 1:38 PM 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [4/2/2009 1:38 PM 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [4/2/2009 1:38 PM 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [4/2/2009 1:38 PM 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/29/2010 6:43 PM 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [7/20/2010 1:30 PM 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [6/13/2009 6:18 PM 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/15/2011 6:33 PM 39984]
      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [10/20/2010 9:36 AM 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/29/2010 6:37 PM 150528]
      S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/20/2009 5:00 AM 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [4/28/2010 8:26 PM 9216]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - BMLoad
      *Deregistered* - uphcleanhlp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookProfile.vbs]
      2010-12-10 11:31 9276 ----a-w- c:\program files\Microsoft Office\OutlookProfile.vbs
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PitchBuilderAS.EXE]
      2010-12-09 11:06 150280 ----a-w- c:\program files\Microsoft Office\Wizkit\PitchBuilderAS.EXE
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
      .
      2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      2011-04-01 c:\windows\Tasks\At1.job
      - d:\support\TOOLS\DiskTidyUp.exe [2009-11-19 11:50]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722Core.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722UA.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\New scheduled scan.job
      - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-10-20 07:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Connection Wizard,ShellNext = hxxp://medinternational.home.ge.com/
      uInternet Settings,ProxyOverride = <local>
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      LSP: bmnet.dll
      LSP: c:\program files\VMware\VMware Player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      TCP: DhcpNameServer = 192.168.2.1
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      HKCU-Run-Calendario - (no file)
      HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
      SafeBoot-WudfPf
      SafeBoot-WudfRd
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-06-16 18:45
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
      "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1336)
      c:\program files\CA\DSM\Bin\cfwlogon.dll
      c:\windows\system32\odyEvent.dll
      .
      - - - - - - - > 'lsass.exe'(1400)
      c:\windows\system32\bmnet.dll
      .
      - - - - - - - > 'explorer.exe'(5596)
      c:\windows\system32\WININET.dll
      c:\windows\system32\btmmhook.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
      c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
      c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
      c:\windows\system32\LEXBCES.EXE
      c:\windows\system32\LEXPPS.EXE
      c:\windows\system32\wbem\unsecapp.exe
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\CA\SC\CAM\bin\cam.exe
      c:\program files\Cisco Systems\VPN Client\cvpnd.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\ISS\Proventia Desktop\RapApp.exe
      c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
      c:\program files\Sophos\AutoUpdate\ALsvc.exe
      c:\program files\Sophos\Remote Management System\RouterNT.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\UPHClean\uphclean.exe
      c:\program files\VMware\VMware Player\vmware-authd.exe
      c:\windows\system32\vmnat.exe
      c:\windows\system32\vmnetdhcp.exe
      c:\program files\CA\DSM\Bin\cfsmsmd.exe
      c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      c:\program files\CA\DSM\Bin\ccnfagent.exe
      c:\program files\CA\DSM\Bin\cfnotsrvd.exe
      c:\program files\CA\DSM\Bin\ccsmagtd.exe
      c:\program files\CA\DSM\Bin\amswmagt.exe
      c:\program files\CA\DSM\PMAgent\capmuamagt.exe
      c:\program files\CA\DSM\Bin\cfftplugin.exe
      c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\program files\DellTPad\HidFind.exe
      c:\program files\DellTPad\Apntex.exe
      c:\program files\ISS\Proventia Desktop\blackice.exe
      c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      c:\windows\System32\wudfhost.exe
      .
      **************************************************************************
      .
      Completion time: 2011-06-16 18:53:42 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-06-16 16:53
      .
      Pre-Run: 6.524.923.904 bytes free
      Post-Run: 6.192.603.136 bytes free
      .
      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
      .
      - - End Of File - - FB329CA328B710BC6D8FB80D2810A588

      Un saludo
      Amara

    4. #4
      Moderador Gral.
      Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      23.072

      Re: Se abre el explorer solo con publicidad

      Hola scialfa: RiaGuel tuvo que viajar, por lo cual voy a continuar con el problema.


      Descarga ATF Cleaner + Manual con los navegadores cerrados, usa las pestañas en las opciones Firefox u Opera, de tener dichos navegadores, marca la casilla select all.
      Ejecuta ATF-Cleaner en tu escritorio.
      Marca la opción "Select All"
      Pulsa sobre el botón "Empty Selected".
      realiza lo mismo pero en la pestaña Firefox y Opera respectivamente.

      Desconectate de la red de internet y ejecuta ATF Cleaner.


      Realiza estos pasos

      • Clic en INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR
      • Ahora copia y pega estos archivos dentro del Notepad (menos la palabra código)





      Código:
      KillAll::
      
      
      File::
      C:\wpg32.dll
      c:\windows\system32\drivers\LKD84.tmp
      c:\windows\system32\drivers\LKD83.tmp
      c:\windows\system32\drivers\LKD82.tmp
      c:\windows\system32\drivers\LKD1F9.tmp
      c:\windows\system32\drivers\LKD154.tmp
      c:\windows\system32\drivers\LKDCB.tmp
      c:\windows\system32\drivers\LKD81.tmp
      c:\windows\system32\drivers\LKDEE.tmp
      c:\windows\system32\drivers\LKD80.tmp
      c:\windows\system32\drivers\LKD7F.tmp
      c:\windows\system32\drivers\LKD7E.tmp
      c:\windows\system32\drivers\LKD8E.tmp
      c:\windows\system32\drivers\LKD156.tmp
      c:\windows\system32\drivers\LKDC3.tmp
      c:\windows\system32\drivers\LKD7C.tmp
      c:\windows\system32\drivers\LKD7D.tmp
      c:\windows\system32\drivers\LKD7B.tmp
      c:\windows\system32\drivers\LKD7A.tmp
      c:\windows\system32\drivers\LKD79.tmp
      c:\windows\system32\drivers\LKDCD.tmp
      c:\windows\system32\drivers\LKD78.tmp
      c:\windows\system32\drivers\LKDD1.tmp
      c:\windows\system32\drivers\LKD77.tmp
      c:\windows\system32\drivers\LKDC2.tmp
      c:\windows\system32\drivers\LKD76.tmp
      c:\windows\system32\drivers\LKDE0.tmp
      c:\windows\system32\drivers\LKD75.tmp
      c:\windows\system32\drivers\LKD74.tmp
      c:\windows\system32\drivers\LKD73.tmp
      c:\windows\system32\drivers\LKD72.tmp
      c:\windows\system32\drivers\LKD71.tmp
      c:\windows\system32\drivers\LKD70.tmp
      c:\windows\system32\drivers\LKD106.tmp
      c:\windows\system32\drivers\LKD6F.tmp
      c:\windows\system32\drivers\LKDD6.tmp
      c:\windows\system32\drivers\LKD6E.tmp
      c:\windows\system32\drivers\LKDCC.tmp
      c:\windows\system32\drivers\LKD6D.tmp
      c:\windows\system32\drivers\LKD6B.tmp
      c:\windows\system32\drivers\LKD6A.tmp
      c:\windows\system32\drivers\LKD69.tmp
      c:\windows\system32\drivers\LKDF7.tmp
      c:\windows\system32\drivers\LKD68.tmp
      c:\windows\system32\drivers\LKD146.tmp
      c:\windows\system32\drivers\LKD1DD.tmp
      c:\windows\system32\drivers\LKD6C.tmp
      c:\windows\system32\drivers\LKDB0.tmp
      c:\windows\system32\drivers\LKD67.tmp
      c:\windows\system32\drivers\LKDB4.tmp
      c:\windows\system32\drivers\LKD66.tmp
      c:\windows\system32\drivers\LKD65.tmp
      c:\windows\system32\drivers\LKD8B1.tmp
      c:\windows\system32\drivers\LKD114.tmp
      c:\windows\system32\drivers\LKD64.tmp
      c:\windows\system32\drivers\LKD1D1.tmp
      c:\windows\system32\drivers\LKD150.tmp
      c:\windows\system32\drivers\LKDCA.tmp
      c:\windows\system32\drivers\LKD88.tmp
      c:\windows\system32\drivers\LKD12A.tmp
      c:\windows\system32\drivers\LKD176D.tmp
      c:\windows\system32\drivers\LKD13C0.tmp
      c:\windows\system32\drivers\LKD12AA.tmp
      c:\windows\system32\drivers\LKD11B9.tmp
      c:\windows\system32\drivers\LKDE15.tmp
      c:\windows\system32\drivers\LKD5F4.tmp
      c:\windows\system32\drivers\LKD3E2.tmp
      c:\windows\system32\drivers\LKDB6.tmp
      c:\windows\system32\drivers\LKD397.tmp
      c:\windows\system32\drivers\LKD310.tmp
      c:\windows\system32\drivers\LKD28A.tmp
      c:\windows\system32\drivers\LKD203.tmp
      c:\windows\system32\drivers\LKD100.tmp
      c:\windows\system32\drivers\LKD62.tmp
      c:\windows\system32\drivers\LKD8F4.tmp
      c:\windows\system32\drivers\LKD872.tmp
      c:\windows\system32\drivers\LKD7ED.tmp
      c:\windows\system32\drivers\LKD765.tmp
      c:\windows\system32\drivers\LKD6DE.tmp
      c:\windows\system32\drivers\LKD659.tmp
      c:\windows\system32\drivers\LKD5CF.tmp
      c:\windows\system32\drivers\LKD54C.tmp
      c:\windows\system32\drivers\LKD4C9.tmp
      c:\windows\system32\drivers\LKD432.tmp
      
      Folder::
      c:\program files\Application Updater
      
      Driver::
      Application Updater
      TSClient
      
      Registry::
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5556:TCP"=-
      
      DDS::
      uInternet Connection Wizard,ShellNext = hxxp://medinternational.home.ge.com/
      uInternet Settings,ProxyOverride = <local>



      • Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
      • Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware..
      • Cierra todas las ventanas abiertas. Arrastras el block de notas al icono de ComboFix que tenes en el escritorio, como muestra la imagen de abajo.



      • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Re: Se abre el explorer solo con publicidad

      Hola Damianl_77

      Lo primero de todo, gracias por tu ayuda.

      He seguido los pasos y se me siguen abriendo los explorar de publicidad. Te pego el reporte de combofix

      ComboFix 11-06-15.02 - 100027982 18/06/2011 19:52:38.2.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.1142 [GMT 2:00]
      Running from: d:\documents and settings\100027982\Desktop\ComboFix.exe
      Command switches used :: d:\documents and settings\100027982\Desktop\CFScript.txt
      AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      FW: Proventia Desktop *Enabled* {E1EC88C6-49C8-4599-8097-09F7E1CB6A15}
      FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
      .
      FILE ::
      "c:\windows\system32\drivers\LKD100.tmp"
      "c:\windows\system32\drivers\LKD106.tmp"
      "c:\windows\system32\drivers\LKD114.tmp"
      "c:\windows\system32\drivers\LKD11B9.tmp"
      "c:\windows\system32\drivers\LKD12A.tmp"
      "c:\windows\system32\drivers\LKD12AA.tmp"
      "c:\windows\system32\drivers\LKD13C0.tmp"
      "c:\windows\system32\drivers\LKD146.tmp"
      "c:\windows\system32\drivers\LKD150.tmp"
      "c:\windows\system32\drivers\LKD154.tmp"
      "c:\windows\system32\drivers\LKD156.tmp"
      "c:\windows\system32\drivers\LKD176D.tmp"
      "c:\windows\system32\drivers\LKD1D1.tmp"
      "c:\windows\system32\drivers\LKD1DD.tmp"
      "c:\windows\system32\drivers\LKD1F9.tmp"
      "c:\windows\system32\drivers\LKD203.tmp"
      "c:\windows\system32\drivers\LKD28A.tmp"
      "c:\windows\system32\drivers\LKD310.tmp"
      "c:\windows\system32\drivers\LKD397.tmp"
      "c:\windows\system32\drivers\LKD3E2.tmp"
      "c:\windows\system32\drivers\LKD432.tmp"
      "c:\windows\system32\drivers\LKD4C9.tmp"
      "c:\windows\system32\drivers\LKD54C.tmp"
      "c:\windows\system32\drivers\LKD5CF.tmp"
      "c:\windows\system32\drivers\LKD5F4.tmp"
      "c:\windows\system32\drivers\LKD62.tmp"
      "c:\windows\system32\drivers\LKD64.tmp"
      "c:\windows\system32\drivers\LKD65.tmp"
      "c:\windows\system32\drivers\LKD659.tmp"
      "c:\windows\system32\drivers\LKD66.tmp"
      "c:\windows\system32\drivers\LKD67.tmp"
      "c:\windows\system32\drivers\LKD68.tmp"
      "c:\windows\system32\drivers\LKD69.tmp"
      "c:\windows\system32\drivers\LKD6A.tmp"
      "c:\windows\system32\drivers\LKD6B.tmp"
      "c:\windows\system32\drivers\LKD6C.tmp"
      "c:\windows\system32\drivers\LKD6D.tmp"
      "c:\windows\system32\drivers\LKD6DE.tmp"
      "c:\windows\system32\drivers\LKD6E.tmp"
      "c:\windows\system32\drivers\LKD6F.tmp"
      "c:\windows\system32\drivers\LKD70.tmp"
      "c:\windows\system32\drivers\LKD71.tmp"
      "c:\windows\system32\drivers\LKD72.tmp"
      "c:\windows\system32\drivers\LKD73.tmp"
      "c:\windows\system32\drivers\LKD74.tmp"
      "c:\windows\system32\drivers\LKD75.tmp"
      "c:\windows\system32\drivers\LKD76.tmp"
      "c:\windows\system32\drivers\LKD765.tmp"
      "c:\windows\system32\drivers\LKD77.tmp"
      "c:\windows\system32\drivers\LKD78.tmp"
      "c:\windows\system32\drivers\LKD79.tmp"
      "c:\windows\system32\drivers\LKD7A.tmp"
      "c:\windows\system32\drivers\LKD7B.tmp"
      "c:\windows\system32\drivers\LKD7C.tmp"
      "c:\windows\system32\drivers\LKD7D.tmp"
      "c:\windows\system32\drivers\LKD7E.tmp"
      "c:\windows\system32\drivers\LKD7ED.tmp"
      "c:\windows\system32\drivers\LKD7F.tmp"
      "c:\windows\system32\drivers\LKD80.tmp"
      "c:\windows\system32\drivers\LKD81.tmp"
      "c:\windows\system32\drivers\LKD82.tmp"
      "c:\windows\system32\drivers\LKD83.tmp"
      "c:\windows\system32\drivers\LKD84.tmp"
      "c:\windows\system32\drivers\LKD872.tmp"
      "c:\windows\system32\drivers\LKD88.tmp"
      "c:\windows\system32\drivers\LKD8B1.tmp"
      "c:\windows\system32\drivers\LKD8E.tmp"
      "c:\windows\system32\drivers\LKD8F4.tmp"
      "c:\windows\system32\drivers\LKDB0.tmp"
      "c:\windows\system32\drivers\LKDB4.tmp"
      "c:\windows\system32\drivers\LKDB6.tmp"
      "c:\windows\system32\drivers\LKDC2.tmp"
      "c:\windows\system32\drivers\LKDC3.tmp"
      "c:\windows\system32\drivers\LKDCA.tmp"
      "c:\windows\system32\drivers\LKDCB.tmp"
      "c:\windows\system32\drivers\LKDCC.tmp"
      "c:\windows\system32\drivers\LKDCD.tmp"
      "c:\windows\system32\drivers\LKDD1.tmp"
      "c:\windows\system32\drivers\LKDD6.tmp"
      "c:\windows\system32\drivers\LKDE0.tmp"
      "c:\windows\system32\drivers\LKDE15.tmp"
      "c:\windows\system32\drivers\LKDEE.tmp"
      "c:\windows\system32\drivers\LKDF7.tmp"
      "C:\wpg32.dll"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Application Updater
      c:\program files\Application Updater\ApplicationUpdater.exe
      c:\program files\Application Updater\config.ini
      c:\windows\system32\drivers\LKD100.tmp
      c:\windows\system32\drivers\LKD106.tmp
      c:\windows\system32\drivers\LKD114.tmp
      c:\windows\system32\drivers\LKD11B9.tmp
      c:\windows\system32\drivers\LKD12A.tmp
      c:\windows\system32\drivers\LKD12AA.tmp
      c:\windows\system32\drivers\LKD13C0.tmp
      c:\windows\system32\drivers\LKD146.tmp
      c:\windows\system32\drivers\LKD150.tmp
      c:\windows\system32\drivers\LKD154.tmp
      c:\windows\system32\drivers\LKD156.tmp
      c:\windows\system32\drivers\LKD176D.tmp
      c:\windows\system32\drivers\LKD1D1.tmp
      c:\windows\system32\drivers\LKD1DD.tmp
      c:\windows\system32\drivers\LKD1F9.tmp
      c:\windows\system32\drivers\LKD203.tmp
      c:\windows\system32\drivers\LKD28A.tmp
      c:\windows\system32\drivers\LKD310.tmp
      c:\windows\system32\drivers\LKD397.tmp
      c:\windows\system32\drivers\LKD3E2.tmp
      c:\windows\system32\drivers\LKD432.tmp
      c:\windows\system32\drivers\LKD4C9.tmp
      c:\windows\system32\drivers\LKD54C.tmp
      c:\windows\system32\drivers\LKD5CF.tmp
      c:\windows\system32\drivers\LKD5F4.tmp
      c:\windows\system32\drivers\LKD62.tmp
      c:\windows\system32\drivers\LKD64.tmp
      c:\windows\system32\drivers\LKD65.tmp
      c:\windows\system32\drivers\LKD659.tmp
      c:\windows\system32\drivers\LKD66.tmp
      c:\windows\system32\drivers\LKD67.tmp
      c:\windows\system32\drivers\LKD68.tmp
      c:\windows\system32\drivers\LKD69.tmp
      c:\windows\system32\drivers\LKD6A.tmp
      c:\windows\system32\drivers\LKD6B.tmp
      c:\windows\system32\drivers\LKD6C.tmp
      c:\windows\system32\drivers\LKD6D.tmp
      c:\windows\system32\drivers\LKD6DE.tmp
      c:\windows\system32\drivers\LKD6E.tmp
      c:\windows\system32\drivers\LKD6F.tmp
      c:\windows\system32\drivers\LKD70.tmp
      c:\windows\system32\drivers\LKD71.tmp
      c:\windows\system32\drivers\LKD72.tmp
      c:\windows\system32\drivers\LKD73.tmp
      c:\windows\system32\drivers\LKD74.tmp
      c:\windows\system32\drivers\LKD75.tmp
      c:\windows\system32\drivers\LKD76.tmp
      c:\windows\system32\drivers\LKD765.tmp
      c:\windows\system32\drivers\LKD77.tmp
      c:\windows\system32\drivers\LKD78.tmp
      c:\windows\system32\drivers\LKD79.tmp
      c:\windows\system32\drivers\LKD7A.tmp
      c:\windows\system32\drivers\LKD7B.tmp
      c:\windows\system32\drivers\LKD7C.tmp
      c:\windows\system32\drivers\LKD7D.tmp
      c:\windows\system32\drivers\LKD7E.tmp
      c:\windows\system32\drivers\LKD7ED.tmp
      c:\windows\system32\drivers\LKD7F.tmp
      c:\windows\system32\drivers\LKD80.tmp
      c:\windows\system32\drivers\LKD81.tmp
      c:\windows\system32\drivers\LKD82.tmp
      c:\windows\system32\drivers\LKD83.tmp
      c:\windows\system32\drivers\LKD84.tmp
      c:\windows\system32\drivers\LKD872.tmp
      c:\windows\system32\drivers\LKD88.tmp
      c:\windows\system32\drivers\LKD8B1.tmp
      c:\windows\system32\drivers\LKD8E.tmp
      c:\windows\system32\drivers\LKD8F4.tmp
      c:\windows\system32\drivers\LKDB0.tmp
      c:\windows\system32\drivers\LKDB4.tmp
      c:\windows\system32\drivers\LKDB6.tmp
      c:\windows\system32\drivers\LKDC2.tmp
      c:\windows\system32\drivers\LKDC3.tmp
      c:\windows\system32\drivers\LKDCA.tmp
      c:\windows\system32\drivers\LKDCB.tmp
      c:\windows\system32\drivers\LKDCC.tmp
      c:\windows\system32\drivers\LKDCD.tmp
      c:\windows\system32\drivers\LKDD1.tmp
      c:\windows\system32\drivers\LKDD6.tmp
      c:\windows\system32\drivers\LKDE0.tmp
      c:\windows\system32\drivers\LKDE15.tmp
      c:\windows\system32\drivers\LKDEE.tmp
      c:\windows\system32\drivers\LKDF7.tmp
      C:\wpg32.dll
      F:\Autorun.inf
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_APPLICATION_UPDATER
      -------\Legacy_TSCLIENT
      -------\Service_Application Updater
      -------\Service_TSClient
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
      .
      .
      2011-06-17 07:13 . 2011-06-17 07:13 30267 ----a-w- c:\windows\system32\drivers\LKD85.tmp
      2011-06-16 16:03 . 2011-06-16 16:03 4128845 ----a-w- c:\temp\limpiar malware\ComboFix.exe
      2011-06-15 18:46 . 2011-06-15 16:33 9435312 ----a-w- c:\temp\limpiar malware\mbam-setup-1.51.0.1200.exe
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\100027982\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2011-06-15 16:23 . 2011-06-15 16:23 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-14 21:34 . 2011-06-14 21:34 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40 . 2011-06-14 20:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:38 . 2011-06-14 20:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
      2011-06-14 20:20 . 2011-06-14 20:21 -------- d-----w- d:\documents and settings\100027982\Application Data\Calendario
      2011-06-14 20:19 . 2011-06-14 20:19 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19 . 2011-06-14 20:19 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18 . 2011-06-14 20:18 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Application Data\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- c:\program files\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      2011-06-14 20:12 . 2011-06-14 20:17 -------- d-----w- c:\program files\Object
      2011-06-14 06:38 . 2011-06-17 06:36 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37 . 2011-06-09 18:25 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37 . 2011-06-09 18:29 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09 . 2010-08-01 10:38 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09 . 2010-08-01 10:38 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09 . 2010-08-01 10:36 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09 . 2010-08-01 10:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09 . 2010-08-01 10:37 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-09 18:29 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29 . 2011-06-09 18:29 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26 . 2011-06-09 18:26 -------- d-----w- d:\documents and settings\100027982\Application Data\Softplicity
      2011-06-09 18:25 . 2011-06-09 18:28 -------- d-----w- c:\program files\TotalAudioConverter
      2011-05-24 17:05 . 2011-06-15 15:37 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\VMware
      2011-05-24 13:58 . 2011-04-13 13:34 94208 ----a-w- c:\temp\CCC TRaining\CCC70SP3\70sp3\Deio\Program\CriticalCareClinisoft\PDEV\DDPB840.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-17 11:19 . 2009-12-02 13:07 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-17 11:19 . 2009-12-02 13:06 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-17 11:19 . 2009-12-02 13:06 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-17 11:19 . 2009-12-02 13:06 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-17 11:19 . 2009-12-02 13:07 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-06-17 11:19 . 2009-12-02 13:06 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      2011-04-15 10:32 . 2011-04-15 10:32 30267 ----a-w- c:\windows\system32\drivers\LKD2EF.tmp
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2CC692-D1B6-433e-BEFF-745CE8087980}]
      2011-05-17 14:31 221184 ----a-w- c:\program files\Tutoriales100\tutoriales100BHO.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-21 466944]
      "DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2007-03-03 24592]
      "CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2007-03-03 124432]
      "TempRemove"="c:\program files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 7680]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-24 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-24 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-24 136192]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2011-06-17 49212]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-09 483420]
      "SophosNAC_Agent"="c:\program files\Sophos\NAC\AgntTray.exe" [2009-05-01 1373792]
      "GEvpnPacCheck"="c:\program files\Juniper Networks\VPN_PAC_CHECK.vbs" [2009-04-06 1747]
      "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2009-08-12 955688]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-08-01 64048]
      "Tutoriales100"="c:\program files\Tutoriales100\tutoriales100.exe" [2011-06-06 978544]
      "UpdateTutoriales100"="d:\documents and settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe" [2011-05-17 655360]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776]
      Proventia Desktop Agent.lnk - [N/A]
      Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-10-20 429096]
      VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-20 6144]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2007-03-03 12:30 27664 ----a-w- c:\program files\CA\DSM\Bin\cfWlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
      2010-07-13 06:48 202024 ----a-w- c:\windows\system32\odyEvent.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-01 11:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
      2010-07-07 20:39 3677496 ----a-w- c:\program files\WebEx\Connect\connect.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-10-16 09:04 136176 ----atw- d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
      2003-08-19 10:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
      2006-08-11 07:45 712704 ----a-w- c:\program files\Maxtor\ManagerApp\OneTouch.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2010-04-28 18:26 252928 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
      2006-08-11 10:15 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
      2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NTService1"=2 (0x2)
      "MaxBackServiceInt"=2 (0x2)
      "gusvc"=3 (0x3)
      "gupdate"=2 (0x2)
      "awhost32"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)
      "VmbService"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=
      "c:\\Program Files\\WebEx\\Connect\\widget.exe"=
      "c:\\Program Files\\WebEx\\Connect\\connect.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
      .
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [8/12/2009 4:15 AM 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [8/12/2009 4:15 AM 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [12/2/2009 3:07 PM 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [12/2/2009 3:06 PM 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/2/2009 3:06 PM 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/20/2009 5:00 AM 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/20/2009 5:00 AM 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [12/2/2009 3:06 PM 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [12/2/2009 3:06 PM 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [11/20/2009 5:02 AM 100136]
      R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [11/20/2009 4:36 AM 2011473]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\Bin\CAF.exe [3/3/2007 2:30 PM 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [8/11/2009 9:14 PM 132392]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [1/12/2009 7:15 AM 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\sbmgrnt.exe [12/2/2009 3:07 PM 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/20/2010 9:36 AM 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/20/2010 9:36 AM 93736]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [10/20/2010 9:36 AM 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [10/20/2010 9:36 AM 30248]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\Sophos\NAC\AgentAPI.exe [5/1/2009 1:07 PM 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/1/2010 12:39 PM 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/1/2010 11:39 AM 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [11/20/2009 4:36 AM 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/19/2009 6:23 PM 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/19/2009 6:23 PM 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/2/2009 1:52 PM 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [8/12/2009 4:30 AM 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11/26/2009 10:44 AM 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/20/2009 5:30 AM 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/13/2009 6:18 PM 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [6/13/2009 6:18 PM 29312]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [11/20/2009 4:36 AM 76849]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [11/20/2009 4:36 AM 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [3/1/2010 6:35 PM 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [11/20/2009 4:36 AM 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [4/2/2009 1:38 PM 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [4/2/2009 1:38 PM 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [4/2/2009 1:38 PM 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [4/2/2009 1:38 PM 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [4/2/2009 1:38 PM 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [4/2/2009 1:38 PM 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [4/2/2009 1:38 PM 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [4/2/2009 1:38 PM 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [4/2/2009 1:38 PM 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/29/2010 6:43 PM 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [7/20/2010 1:30 PM 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [6/13/2009 6:18 PM 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [10/20/2010 9:36 AM 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/29/2010 6:37 PM 150528]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/20/2009 5:00 AM 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [4/28/2010 8:26 PM 9216]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - BMLoad
      *Deregistered* - uphcleanhlp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookProfile.vbs]
      2010-12-10 11:31 9276 ----a-w- c:\program files\Microsoft Office\OutlookProfile.vbs
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PitchBuilderAS.EXE]
      2010-12-09 11:06 150280 ----a-w- c:\program files\Microsoft Office\Wizkit\PitchBuilderAS.EXE
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      2011-04-01 c:\windows\Tasks\At1.job
      - d:\support\TOOLS\DiskTidyUp.exe [2009-11-19 11:50]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722Core.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722UA.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\New scheduled scan.job
      - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-10-20 07:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = <local>
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      LSP: bmnet.dll
      LSP: c:\program files\VMware\VMware Player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-06-18 20:04
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
      "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1260)
      c:\program files\SafeBoot\SBGINA.DLL
      c:\program files\SafeBoot\SBIPC.DLL
      c:\program files\CA\DSM\Bin\cfwlogon.dll
      c:\windows\system32\odyEvent.dll
      .
      - - - - - - - > 'lsass.exe'(1336)
      c:\windows\system32\bmnet.dll
      .
      - - - - - - - > 'explorer.exe'(4976)
      c:\windows\system32\WININET.dll
      c:\windows\system32\btmmhook.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
      c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
      c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
      c:\windows\system32\LEXBCES.EXE
      c:\windows\system32\LEXPPS.EXE
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\CA\SC\CAM\bin\cam.exe
      c:\program files\Cisco Systems\VPN Client\cvpnd.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\msiexec.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\ISS\Proventia Desktop\RapApp.exe
      c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
      c:\program files\Sophos\AutoUpdate\ALsvc.exe
      c:\program files\Sophos\Remote Management System\RouterNT.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\UPHClean\uphclean.exe
      c:\program files\VMware\VMware Player\vmware-authd.exe
      c:\windows\system32\vmnat.exe
      c:\windows\system32\vmnetdhcp.exe
      c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      c:\program files\CA\DSM\Bin\cfsmsmd.exe
      c:\program files\CA\DSM\Bin\ccnfagent.exe
      c:\program files\CA\DSM\Bin\cfnotsrvd.exe
      c:\program files\CA\DSM\Bin\ccsmagtd.exe
      c:\program files\CA\DSM\Bin\amswmagt.exe
      c:\program files\CA\DSM\PMAgent\capmuamagt.exe
      c:\program files\CA\DSM\Bin\cfftplugin.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\program files\DellTPad\HidFind.exe
      c:\program files\DellTPad\Apntex.exe
      c:\program files\ISS\Proventia Desktop\blackice.exe
      c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      c:\windows\System32\wudfhost.exe
      .
      **************************************************************************
      .
      Completion time: 2011-06-18 2007 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-06-18 18:09
      ComboFix2.txt 2011-06-16 16:53
      .
      Pre-Run: 6.198.497.280 bytes free
      Post-Run: 6.153.826.304 bytes free
      .
      - - End Of File - - 0035D3969B33FA4B3D9EA0320287AC3A


      Un saludo
      scialfa

    6. #6
      Moderador Gral.
      Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      23.072

      Re: Se abre el explorer solo con publicidad

      Realiza estos pasos

      • Clic en INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR
      • Ahora copia y pega estos archivos dentro del Notepad (menos la palabra código)





      Código:
      KillAll::
      
      
      File::
      c:\windows\system32\drivers\LKD85.tmp
      c:\windows\system32\drivers\LKD2EF.tmp
      
      Folder::
      c:\program files\Tutoriales100
      
      Registry::
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2CC692-D1B6-433e-BEFF-745CE8087980}]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Tutoriales100"=-


      • Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
      • Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware..
      • Cierra todas las ventanas abiertas. Arrastras el block de notas al icono de ComboFix que tenes en el escritorio, como muestra la imagen de abajo.



      • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.


      Me comentas si pararon las ventanas de publicidad.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Re: Se abre el explorer solo con publicidad

      Hola DamianL_77,

      Muchas gracias, el tema ha mejorado muchiiiiiiiiiiiiiiisimo...de unas 20 que se me abrian en unos minutos, hemos pasado a una cada cierto tiempo...
      te adjunto el log:

      ComboFix 11-06-15.02 - 100027982 19/06/2011 21:34:24.3.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.1217 [GMT 2:00]
      Running from: d:\documents and settings\100027982\Desktop\ComboFix.exe
      Command switches used :: d:\documents and settings\100027982\Desktop\CFScript.txt
      AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      FW: Proventia Desktop *Enabled* {E1EC88C6-49C8-4599-8097-09F7E1CB6A15}
      FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
      .
      FILE ::
      "c:\windows\system32\drivers\LKD2EF.tmp"
      "c:\windows\system32\drivers\LKD85.tmp"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Tutoriales100
      c:\program files\Tutoriales100\avast.exe
      c:\program files\Tutoriales100\confmedia.cyp
      c:\program files\Tutoriales100\desinstall.exe
      c:\program files\Tutoriales100\tutoriales100.exe
      c:\program files\Tutoriales100\tutoriales100BHO.dll
      c:\program files\Tutoriales100\unins000.dat
      c:\program files\Tutoriales100\unins000.exe
      c:\program files\Tutoriales100\unins001.dat
      c:\program files\Tutoriales100\unins001.exe
      c:\windows\system32\drivers\LKD2EF.tmp
      c:\windows\system32\drivers\LKD85.tmp
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
      .
      .
      2011-06-16 16:03 . 2011-06-16 16:03 4128845 ----a-w- c:\temp\limpiar malware\ComboFix.exe
      2011-06-15 18:46 . 2011-06-15 16:33 9435312 ----a-w- c:\temp\limpiar malware\mbam-setup-1.51.0.1200.exe
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\100027982\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2011-06-15 16:23 . 2011-06-15 16:23 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-14 21:34 . 2011-06-14 21:34 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40 . 2011-06-14 20:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:38 . 2011-06-14 20:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
      2011-06-14 20:20 . 2011-06-14 20:21 -------- d-----w- d:\documents and settings\100027982\Application Data\Calendario
      2011-06-14 20:19 . 2011-06-14 20:19 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19 . 2011-06-14 20:19 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18 . 2011-06-14 20:18 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Application Data\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      2011-06-14 20:12 . 2011-06-14 20:17 -------- d-----w- c:\program files\Object
      2011-06-14 06:38 . 2011-06-17 06:36 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37 . 2011-06-09 18:25 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37 . 2011-06-09 18:29 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09 . 2010-08-01 10:38 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09 . 2010-08-01 10:38 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09 . 2010-08-01 10:36 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09 . 2010-08-01 10:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09 . 2010-08-01 10:37 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-09 18:29 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29 . 2011-06-09 18:29 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26 . 2011-06-09 18:26 -------- d-----w- d:\documents and settings\100027982\Application Data\Softplicity
      2011-06-09 18:25 . 2011-06-09 18:28 -------- d-----w- c:\program files\TotalAudioConverter
      2011-05-24 17:05 . 2011-06-15 15:37 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\VMware
      2011-05-24 13:58 . 2011-04-13 13:34 94208 ----a-w- c:\temp\CCC TRaining\CCC70SP3\70sp3\Deio\Program\CriticalCareClinisoft\PDEV\DDPB840.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-17 11:19 . 2009-12-02 13:07 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-17 11:19 . 2009-12-02 13:06 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-17 11:19 . 2009-12-02 13:06 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-17 11:19 . 2009-12-02 13:06 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-17 11:19 . 2009-12-02 13:07 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-06-17 11:19 . 2009-12-02 13:06 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-21 466944]
      "DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2007-03-03 24592]
      "CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2007-03-03 124432]
      "TempRemove"="c:\program files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 7680]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-24 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-24 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-24 136192]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2011-06-17 49212]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-09 483420]
      "SophosNAC_Agent"="c:\program files\Sophos\NAC\AgntTray.exe" [2009-05-01 1373792]
      "GEvpnPacCheck"="c:\program files\Juniper Networks\VPN_PAC_CHECK.vbs" [2009-04-06 1747]
      "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2009-08-12 955688]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-08-01 64048]
      "UpdateTutoriales100"="d:\documents and settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe" [2011-05-17 655360]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776]
      Proventia Desktop Agent.lnk - [N/A]
      Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-10-20 429096]
      VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-20 6144]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2007-03-03 12:30 27664 ----a-w- c:\program files\CA\DSM\Bin\cfWlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
      2010-07-13 06:48 202024 ----a-w- c:\windows\system32\odyEvent.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-01 11:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
      2010-07-07 20:39 3677496 ----a-w- c:\program files\WebEx\Connect\connect.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-10-16 09:04 136176 ----atw- d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
      2003-08-19 10:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
      2006-08-11 07:45 712704 ----a-w- c:\program files\Maxtor\ManagerApp\OneTouch.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2010-04-28 18:26 252928 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
      2006-08-11 10:15 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
      2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NTService1"=2 (0x2)
      "MaxBackServiceInt"=2 (0x2)
      "gusvc"=3 (0x3)
      "gupdate"=2 (0x2)
      "awhost32"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)
      "VmbService"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=
      "c:\\Program Files\\WebEx\\Connect\\widget.exe"=
      "c:\\Program Files\\WebEx\\Connect\\connect.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
      .
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [8/12/2009 4:15 AM 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [8/12/2009 4:15 AM 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [12/2/2009 3:07 PM 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [12/2/2009 3:06 PM 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/2/2009 3:06 PM 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/20/2009 5:00 AM 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/20/2009 5:00 AM 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [12/2/2009 3:06 PM 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [12/2/2009 3:06 PM 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [11/20/2009 5:02 AM 100136]
      R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [11/20/2009 4:36 AM 2011473]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\Bin\CAF.exe [3/3/2007 2:30 PM 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [8/11/2009 9:14 PM 132392]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [1/12/2009 7:15 AM 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\sbmgrnt.exe [12/2/2009 3:07 PM 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/20/2010 9:36 AM 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/20/2010 9:36 AM 93736]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [10/20/2010 9:36 AM 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [10/20/2010 9:36 AM 30248]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\Sophos\NAC\AgentAPI.exe [5/1/2009 1:07 PM 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/1/2010 12:39 PM 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/1/2010 11:39 AM 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [11/20/2009 4:36 AM 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/19/2009 6:23 PM 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/19/2009 6:23 PM 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/2/2009 1:52 PM 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [8/12/2009 4:30 AM 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11/26/2009 10:44 AM 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/20/2009 5:30 AM 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/13/2009 6:18 PM 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [6/13/2009 6:18 PM 29312]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [11/20/2009 4:36 AM 76849]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [11/20/2009 4:36 AM 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [3/1/2010 6:35 PM 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [11/20/2009 4:36 AM 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [4/2/2009 1:38 PM 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [4/2/2009 1:38 PM 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [4/2/2009 1:38 PM 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [4/2/2009 1:38 PM 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [4/2/2009 1:38 PM 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [4/2/2009 1:38 PM 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [4/2/2009 1:38 PM 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [4/2/2009 1:38 PM 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [4/2/2009 1:38 PM 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/29/2010 6:43 PM 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [7/20/2010 1:30 PM 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [6/13/2009 6:18 PM 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [10/20/2010 9:36 AM 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/29/2010 6:37 PM 150528]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/20/2009 5:00 AM 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [4/28/2010 8:26 PM 9216]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - BMLoad
      *Deregistered* - uphcleanhlp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookProfile.vbs]
      2010-12-10 11:31 9276 ----a-w- c:\program files\Microsoft Office\OutlookProfile.vbs
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PitchBuilderAS.EXE]
      2010-12-09 11:06 150280 ----a-w- c:\program files\Microsoft Office\Wizkit\PitchBuilderAS.EXE
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      2011-04-01 c:\windows\Tasks\At1.job
      - d:\support\TOOLS\DiskTidyUp.exe [2009-11-19 11:50]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722Core.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722UA.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\New scheduled scan.job
      - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-10-20 07:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = <local>
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      LSP: bmnet.dll
      LSP: c:\program files\VMware\VMware Player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      AddRemove-Tutoriales 100_is1 - c:\program files\Tutoriales100\unins000.exe
      AddRemove-Tutoriales100 Avast_is1 - c:\program files\Tutoriales100\unins001.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-06-19 22:14
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
      "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1432)
      c:\program files\SafeBoot\SBGINA.DLL
      c:\program files\SafeBoot\SBIPC.DLL
      c:\program files\CA\DSM\Bin\cfwlogon.dll
      c:\windows\system32\odyEvent.dll
      .
      - - - - - - - > 'lsass.exe'(1444)
      c:\windows\system32\bmnet.dll
      .
      - - - - - - - > 'explorer.exe'(2440)
      c:\windows\system32\WININET.dll
      c:\windows\system32\btmmhook.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
      c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
      c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
      c:\windows\system32\LEXBCES.EXE
      c:\windows\system32\LEXPPS.EXE
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\CA\SC\CAM\bin\cam.exe
      c:\program files\Cisco Systems\VPN Client\cvpnd.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\msiexec.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\ISS\Proventia Desktop\RapApp.exe
      c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
      c:\program files\Sophos\AutoUpdate\ALsvc.exe
      c:\program files\Sophos\Remote Management System\RouterNT.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\UPHClean\uphclean.exe
      c:\program files\VMware\VMware Player\vmware-authd.exe
      c:\windows\system32\vmnat.exe
      c:\windows\system32\vmnetdhcp.exe
      c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      c:\program files\CA\DSM\Bin\cfsmsmd.exe
      c:\program files\CA\DSM\Bin\ccnfagent.exe
      c:\program files\CA\DSM\Bin\cfnotsrvd.exe
      c:\program files\CA\DSM\Bin\ccsmagtd.exe
      c:\program files\CA\DSM\Bin\amswmagt.exe
      c:\program files\CA\DSM\PMAgent\capmuamagt.exe
      c:\program files\CA\DSM\Bin\cfftplugin.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\program files\DellTPad\HidFind.exe
      c:\program files\DellTPad\Apntex.exe
      c:\program files\ISS\Proventia Desktop\blackice.exe
      c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      c:\windows\System32\wudfhost.exe
      .
      **************************************************************************
      .
      Completion time: 2011-06-19 22:18:15 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-06-19 20:18
      ComboFix2.txt 2011-06-18 18:10
      ComboFix3.txt 2011-06-16 16:53
      .
      Pre-Run: 6.804.713.472 bytes free
      Post-Run: 6.747.254.784 bytes free
      .
      - - End Of File - - 15EC694C7381ED3249A606135B8B364A


      Un saludo
      Amara

    8. #8
      Moderador Gral.
      Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      23.072

      Re: Se abre el explorer solo con publicidad

      Realiza estos pasos

      • Clic en INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR
      • Ahora copia y pega estos archivos dentro del Notepad (menos la palabra código)




      Código:
      KillAll::
      
      Folder::
      d:\documents and settings\100027982\Application Data\Tutoriales100
      d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      c:\program files\Object
      
      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UpdateTutoriales100"=-
      
      DDS::
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab



      • Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
      • Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware..
      • Cierra todas las ventanas abiertas. Arrastras el block de notas al icono de ComboFix que tenes en el escritorio, como muestra la imagen de abajo.



      • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.