• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    Se abre el explorer solo con publicidad

    Resumen del tema: Se abre el explorer solo con publicidad - Hola a todos, Es la primera vez que pido ayuda en un foro asique espero hacerlo bien Creo que se me ha infectado el ordenador con algun spyware que no soy capaz de eliminar. e ...

      
    1. #1
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Se abre el explorer solo con publicidad

      Hola a todos,

      Es la primera vez que pido ayuda en un foro asique espero hacerlo bien

      Creo que se me ha infectado el ordenador con algun spyware que no soy capaz de eliminar. e visto algunos casos de este foro y he hecho lo siguiente:

      Descarga y ejecuta Ccleaner.
      Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
      Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware.
      En la pestaña Escáner marcas "Realizar un Examen Completo".
      Con la opción de "quitar lo seleccionado" lo mandas todo a la cuarentena y reinicia el sistema.

      Descargar DDS.pif desde aquí y guardarla en su escritorio de Windows.
      Si no funciona la descarga anterior puede descargar la herramienta desde aquí
      Deshabilite cualquier bloqueador de script y a continuación, haga doble clic en dds.pif para ejecutar la herramienta y espere pacientemente el reporte.


      Pero me sigue pasando lo mismo....

      Pego aqui los log:

      Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.org

      Database version: 6863

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      15/06/2011 20:09:05
      mbam-log-2011-06-15 (20-09-05).txt

      Scan type: Full scan (C:\|D:\|)
      Objects scanned: 273743
      Time elapsed: 56 minute(s), 55 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 4
      Folders Infected: 0
      Files Infected: 3

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      c:\program files\juniper networks\odyssey access client\Init.reg (Extension.Mismatch) -> Quarantined and deleted successfully.
      d:\documents and settings\100027982\local settings\Temp\nsi72.tmp\NSISdl.dll (Trojan.Banker) -> Quarantined and deleted successfully.
      d:\documents and settings\100027982\local settings\Temp\nsy74.tmp\NSISdl.dll (Trojan.Banker) -> Quarantined and deleted successfully.


      DDS.TXT

      .
      DDS (Ver_2011-06-12.02) - NTFSx86
      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_15
      Run by 100027982 at 20:12:55 on 2011-06-15
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.350 [GMT 2:00]
      .
      AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
      FW: Sophos Client Firewall *Enabled*
      FW: Proventia Desktop *Enabled*
      .
      ============== Running Processes ===============
      .
      C:\Program Files\SafeBoot\SBMGRNT.EXE
      C:\WINDOWS\system32\svchost -k DcomLaunch
      svchost.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
      svchost.exe
      svchost.exe
      C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
      C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
      C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\Application Updater\ApplicationUpdater.exe
      C:\Program Files\ISS\Proventia Desktop\blackd.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\CA\SC\CAM\bin\cam.exe
      C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\WINDOWS\system32\NMSAccess32.exe
      C:\WINDOWS\System32\svchost.exe -k HPZ12
      C:\Program Files\ISS\Proventia Desktop\RapApp.exe
      C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
      C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
      C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
      C:\Program Files\Sophos\Remote Management System\RouterNT.exe
      C:\Program Files\Sophos\NAC\AgentAPI.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\Program Files\UPHClean\uphclean.exe
      C:\Program Files\VMware\VMware Player\vmware-authd.exe
      C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
      C:\WINDOWS\system32\vmnat.exe
      C:\Program Files\ISS\Proventia Desktop\vpatch.exe
      C:\Program Files\CA\DSM\bin\caf.exe
      C:\WINDOWS\system32\vmnetdhcp.exe
      C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\CA\DSM\Bin\ccnfagent.exe
      C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
      C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
      C:\Program Files\CA\DSM\Bin\amswmagt.exe
      C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
      C:\Program Files\CA\DSM\Bin\cfftplugin.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\AESTFltr.exe
      C:\Program Files\CA\DSM\bin\cfSysTray.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\DellTPad\Apoint.exe
      C:\Program Files\IDT\WDM\sttray.exe
      C:\Program Files\Sophos\NAC\AgntTray.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\DellTPad\ApMsgFwd.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
      C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      C:\Program Files\DellTPad\HidFind.exe
      C:\Program Files\DellTPad\Apntex.exe
      C:\Program Files\VMware\VMware Player\hqtray.exe
      C:\Program Files\Tutoriales100\tutoriales100.exe
      D:\Documents and Settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\ISS\Proventia Desktop\blackice.exe
      C:\Program Files\Sophos\AutoUpdate\ALMon.exe
      C:\WINDOWS\System32\svchost.exe -k HTTPFilter
      C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\regedit.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.es/
      uDefault_Page_URL = hxxp://healthcare.home.ge.com
      uInternet Connection Wizard,ShellNext = hxxp://medinternational.home.ge.com/
      uInternet Settings,ProxyOverride = <local>
      mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
      uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: T100BHO Class: {2f2cc692-d1b6-433e-beff-745ce8087980} - c:\program files\tutoriales100\tutoriales100BHO.dll
      BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
      BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
      BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
      BHO: SignoIEHelper.SignoIEHelp: {c5323d86-13b6-4b06-a27e-3d19e2954017} - c:\program files\signotec\dll\SignoIEHelper.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: SupportCentral: {e5ca3fcb-32f0-4602-a3fd-0785e3f0f5bf} - c:\windows\system32\SCTOOL~1.DLL
      TB: {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - No File
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
      uRun: [Google Update] "d:\documents and settings\100027982\local settings\application data\google\update\GoogleUpdate.exe" /c
      uRun: [Calendario]
      mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
      mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
      mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
      mRun: [TempRemove] "c:\program files\crystal ball\cb predictor\terminator.exe"
      mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
      mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
      mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
      mRun: [Persistence] c:\windows\system32\igfxpers.exe
      mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      mRun: [SBMGRNT.EXE] c:\progra~1\safeboot\SBMGRNT.EXE -WinLogon
      mRun: [<NO NAME>]
      mRun: [Apoint] c:\program files\delltpad\Apoint.exe
      mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
      mRun: [SophosNAC_Agent] "c:\program files\sophos\nac\AgntTray.exe"
      mRun: [GEvpnPacCheck] c:\program files\juniper networks\VPN_PAC_CHECK.vbs
      mRun: [OdTray.exe] "c:\program files\juniper networks\odyssey access client\OdTray.exe"
      mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
      mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
      mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
      mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
      mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
      mRun: [Tutoriales100] "c:\program files\tutoriales100\tutoriales100.exe"
      mRun: [UpdateTutoriales100] d:\documents and settings\100027982\application data\tutoriales100\update tutoriales 100\UpdateTutoriales100HP.exe
      mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
      mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
      mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
      mExplorerRun: [1] \\euro.med.ge.com\netlogon\Unicenter\DSMSDAMV3.EXE
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\PROVEN~1.LNK -
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
      StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
      mPolicies-explorer: NoActiveDesktop = 1 (0x1)
      IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
      IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
      LSP: bmnet.dll
      LSP: c:\program files\vmware\vmware player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
      DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288812680608
      DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://cincinnati.connectge.com/dana-cached/setup/JuniperSetupSP1.cab
      DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
      DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
      DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
      TCP: DhcpNameServer = 192.168.2.1
      TCP: Interfaces\{D628129B-3B61-454D-B82F-96C5C0C93BF3} : DhcpNameServer = 192.168.2.1
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
      Notify: CAF - c:\program files\ca\dsm\bin\cfwlogon.dll
      Notify: igfxcui - igfxdev.dll
      Notify: OdysseyClient - odyEvent.dll
      Notify: PCANotify - PCANotify.dll
      AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      mASetup: OutlookProfile.vbs - "c:\program files\microsoft office\OutlookProfile.vbs"
      mASetup: PitchBuilderAS.EXE - "c:\program files\microsoft office\wizkit\PitchBuilderAS.EXE" /EXE:ge_pitch_builder_2010_v8
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-14 64512]
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2009-8-12 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [2009-8-12 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [2009-12-2 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [2009-12-2 44848]
      R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
      R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-12-2 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-11-20 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-11-20 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [2009-12-2 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [2009-12-2 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [2009-11-20 100136]
      R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
      R2 BlackICE;BlackICE;c:\program files\iss\proventia desktop\blackd.exe [2009-11-20 2011473]
      R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2009-11-20 147456]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\ca\dsm\bin\CAF.exe [2007-3-3 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-8-11 132392]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151128]
      R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-15 366640]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [2009-1-12 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\safeboot\sbmgrnt.exe [2009-12-2 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-20 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-10-20 93736]
      R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-10-20 278528]
      R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-10-20 175144]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\sophos\sophos client firewall\SCFManager.exe [2010-10-20 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\sophos\sophos client firewall\SCFService.exe [2010-10-20 30248]
      R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-10-20 802816]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\sophos\nac\AgentAPI.exe [2009-5-1 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\iss\proventia desktop\vpatch.exe [2009-11-20 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-19 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-19 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-4-2 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2009-8-12 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [2009-11-26 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [2009-11-26 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [2009-11-26 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-20 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2009-6-13 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [2009-6-13 29312]
      R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [2009-11-20 76849]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [2009-11-20 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-3-1 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [2009-11-20 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [2009-4-2 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [2009-4-2 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [2009-4-2 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [2009-4-2 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [2009-4-2 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [2009-4-2 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [2009-4-2 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [2009-4-2 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [2009-4-2 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-12-29 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-7-20 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [2009-6-13 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 39984]
      S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-10-20 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-12-29 150528]
      S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]
      S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
      S4 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-1 106496]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-11-20 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]
      .
      =============== Created Last 30 ================
      .
      2011-06-15 18:09:33 54016 ----a-w- c:\windows\system32\drivers\jabovu.sys
      2011-06-15 16:33:39 -------- d-----w- d:\documents and settings\100027982\application data\Malwarebytes
      2011-06-15 16:33:32 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-06-15 16:33:31 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
      2011-06-15 16:33:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-06-15 16:33:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2011-06-15 16:32:08 287048 ----a-w- c:\temp\limpiar malware\SoftonicDownloader_para_malwarebytes-anti-malware.exe
      2011-06-15 16:25:04 -------- d-----w- c:\program files\CCleaner
      2011-06-15 16:23:42 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-15 07:18:32 30267 ----a-w- c:\windows\system32\drivers\LKD83.tmp
      2011-06-15 06:02:05 30267 ----a-w- c:\windows\system32\drivers\LKD82.tmp
      2011-06-14 21:34:25 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40:52 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:37:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
      2011-06-14 20:37:33 -------- d-----w- c:\program files\Lavasoft
      2011-06-14 20:20:39 -------- d-----w- d:\documents and settings\100027982\application data\Calendario
      2011-06-14 20:19:11 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19:11 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18:53 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13:43 -------- d-----w- d:\documents and settings\100027982\application data\Tutoriales100
      2011-06-14 20:13:40 -------- d-----w- d:\documents and settings\100027982\local settings\application data\Tutoriales100
      2011-06-14 20:13:40 -------- d-----w- c:\program files\Tutoriales100
      2011-06-14 20:12:30 12 ----a-w- C:\wpg32.dll
      2011-06-14 20:12:01 -------- d-----w- c:\program files\Object
      2011-06-14 06:38:57 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37:23 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37:22 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09:37 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09:32 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09:32 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09:19 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09:03 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-10 11:32:37 30267 ----a-w- c:\windows\system32\drivers\LKD1F9.tmp
      2011-06-10 03:20:56 30267 ----a-w- c:\windows\system32\drivers\LKD154.tmp
      2011-06-09 18:29:39 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29:38 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26:03 -------- d-----w- d:\documents and settings\100027982\application data\Softplicity
      2011-06-09 18:25:52 -------- d-----w- c:\program files\TotalAudioConverter
      2011-06-09 15:03:43 30267 ----a-w- c:\windows\system32\drivers\LKDCB.tmp
      2011-06-09 10:56:31 30267 ----a-w- c:\windows\system32\drivers\LKD81.tmp
      2011-06-09 07:54:11 30267 ----a-w- c:\windows\system32\drivers\LKDEE.tmp
      2011-06-08 15:29:47 30267 ----a-w- c:\windows\system32\drivers\LKD80.tmp
      2011-06-07 13:13:53 30267 ----a-w- c:\windows\system32\drivers\LKD7F.tmp
      2011-06-06 14:21:32 30267 ----a-w- c:\windows\system32\drivers\LKD7E.tmp
      2011-06-06 07:00:38 30267 ----a-w- c:\windows\system32\drivers\LKD8E.tmp
      2011-06-03 02:09:29 30267 ----a-w- c:\windows\system32\drivers\LKD156.tmp
      2011-06-02 17:59:39 30267 ----a-w- c:\windows\system32\drivers\LKDC3.tmp
      2011-06-02 13:53:32 30267 ----a-w- c:\windows\system32\drivers\LKD7C.tmp
      2011-06-02 07:31:29 30267 ----a-w- c:\windows\system32\drivers\LKD7D.tmp
      2011-05-31 08:01:36 30267 ----a-w- c:\windows\system32\drivers\LKD7B.tmp
      2011-05-27 11:39:57 30267 ----a-w- c:\windows\system32\drivers\LKD7A.tmp
      2011-05-26 07:27:27 30267 ----a-w- c:\windows\system32\drivers\LKD79.tmp
      2011-05-25 11:21:19 30267 ----a-w- c:\windows\system32\drivers\LKDCD.tmp
      2011-05-25 07:20:34 30267 ----a-w- c:\windows\system32\drivers\LKD78.tmp
      2011-05-24 17:05:23 -------- d-----w- d:\documents and settings\100027982\local settings\application data\VMware
      2011-05-24 13:58:59 94208 ----a-w- c:\temp\ccc training\ccc70sp3\70sp3\deio\program\criticalcareclinisoft\pdev\DDPB840.dll
      2011-05-24 11:17:25 30267 ----a-w- c:\windows\system32\drivers\LKDD1.tmp
      2011-05-24 07:16:31 30267 ----a-w- c:\windows\system32\drivers\LKD77.tmp
      2011-05-23 12:23:30 30267 ----a-w- c:\windows\system32\drivers\LKDC2.tmp
      2011-05-23 08:22:41 30267 ----a-w- c:\windows\system32\drivers\LKD76.tmp
      2011-05-20 11:33:20 30267 ----a-w- c:\windows\system32\drivers\LKDE0.tmp
      2011-05-20 11:01:09 30267 ----a-w- c:\windows\system32\drivers\LKD75.tmp
      2011-05-19 07:29:03 30267 ----a-w- c:\windows\system32\drivers\LKD74.tmp
      2011-05-18 07:18:27 30267 ----a-w- c:\windows\system32\drivers\LKD73.tmp
      2011-05-17 12:30:36 -------- d-----w- C:\drivers
      2011-05-17 12:07:05 36577960 ----a-w- c:\temp\lexmark para vista\cjrX1100EN.exe
      2011-05-17 07:18:54 30267 ----a-w- c:\windows\system32\drivers\LKD72.tmp
      .
      ==================== Find3M ====================
      .
      2011-06-15 11:23:37 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-15 11:23:37 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-15 11:23:37 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-15 11:23:37 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-15 11:23:36 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      2011-06-15 11:23:36 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-05-16 08:24:03 30267 ----a-w- c:\windows\system32\drivers\LKD71.tmp
      2011-05-13 09:05:57 30267 ----a-w- c:\windows\system32\drivers\LKD70.tmp
      2011-05-12 15:17:58 30267 ----a-w- c:\windows\system32\drivers\LKD106.tmp
      2011-05-12 07:16:52 30267 ----a-w- c:\windows\system32\drivers\LKD6F.tmp
      2011-05-11 11:26:56 30267 ----a-w- c:\windows\system32\drivers\LKDD6.tmp
      2011-05-11 07:26:04 30267 ----a-w- c:\windows\system32\drivers\LKD6E.tmp
      2011-05-10 11:31:23 30267 ----a-w- c:\windows\system32\drivers\LKDCC.tmp
      2011-05-10 07:30:06 30267 ----a-w- c:\windows\system32\drivers\LKD6D.tmp
      2011-05-09 12:39:12 30267 ----a-w- c:\windows\system32\drivers\LKD6B.tmp
      2011-05-05 13:11:15 30267 ----a-w- c:\windows\system32\drivers\LKD6A.tmp
      2011-05-04 16:42:53 30267 ----a-w- c:\windows\system32\drivers\LKD69.tmp
      2011-05-03 18:57:07 30267 ----a-w- c:\windows\system32\drivers\LKDF7.tmp
      2011-05-03 10:46:07 30267 ----a-w- c:\windows\system32\drivers\LKD68.tmp
      2011-05-03 02:32:40 30267 ----a-w- c:\windows\system32\drivers\LKD146.tmp
      2011-04-29 11:38:41 30267 ----a-w- c:\windows\system32\drivers\LKD1DD.tmp
      2011-04-29 07:37:21 30267 ----a-w- c:\windows\system32\drivers\LKD6C.tmp
      2011-04-28 15:25:37 30267 ----a-w- c:\windows\system32\drivers\LKDB0.tmp
      2011-04-28 11:24:39 30267 ----a-w- c:\windows\system32\drivers\LKD67.tmp
      2011-04-27 16:02:58 30267 ----a-w- c:\windows\system32\drivers\LKDB4.tmp
      2011-04-27 11:57:39 30267 ----a-w- c:\windows\system32\drivers\LKD66.tmp
      2011-04-27 06:33:52 30267 ----a-w- c:\windows\system32\drivers\LKD65.tmp
      2011-04-26 10:33:36 30267 ----a-w- c:\windows\system32\drivers\LKD8B1.tmp
      2011-04-25 14:18:31 30267 ----a-w- c:\windows\system32\drivers\LKD114.tmp
      2011-04-25 06:14:16 30267 ----a-w- c:\windows\system32\drivers\LKD64.tmp
      2011-04-20 07:47:29 30267 ----a-w- c:\windows\system32\drivers\LKD1D1.tmp
      2011-04-19 23:37:37 30267 ----a-w- c:\windows\system32\drivers\LKD150.tmp
      2011-04-19 15:27:12 30267 ----a-w- c:\windows\system32\drivers\LKDCA.tmp
      2011-04-19 11:21:59 30267 ----a-w- c:\windows\system32\drivers\LKD88.tmp
      2011-04-15 10:32:01 30267 ----a-w- c:\windows\system32\drivers\LKD2EF.tmp
      2011-04-15 02:22:45 30267 ----a-w- c:\windows\system32\drivers\LKD12A.tmp
      2011-04-14 15:28:25 30267 ----a-w- c:\windows\system32\drivers\LKD176D.tmp
      2011-04-14 07:19:10 30267 ----a-w- c:\windows\system32\drivers\LKD13C0.tmp
      2011-04-13 2313 30267 ----a-w- c:\windows\system32\drivers\LKD12AA.tmp
      2011-04-13 15:00:29 30267 ----a-w- c:\windows\system32\drivers\LKD11B9.tmp
      2011-04-13 06:51:17 30267 ----a-w- c:\windows\system32\drivers\LKDE15.tmp
      2011-04-12 10:23:02 30267 ----a-w- c:\windows\system32\drivers\LKD5F4.tmp
      2011-04-12 06:18:00 30267 ----a-w- c:\windows\system32\drivers\LKD3E2.tmp
      2011-04-08 09:16:47 30267 ----a-w- c:\windows\system32\drivers\LKDB6.tmp
      2011-04-07 00:22:35 30267 ----a-w- c:\windows\system32\drivers\LKD397.tmp
      2011-04-06 16:12:39 30267 ----a-w- c:\windows\system32\drivers\LKD310.tmp
      2011-04-06 08:02:52 30267 ----a-w- c:\windows\system32\drivers\LKD28A.tmp
      2011-04-05 23:52:05 30267 ----a-w- c:\windows\system32\drivers\LKD203.tmp
      2011-04-04 16:42:44 30267 ----a-w- c:\windows\system32\drivers\LKD100.tmp
      2011-03-25 07:18:46 30267 ----a-w- c:\windows\system32\drivers\LKD62.tmp
      2011-03-24 09:05:47 30267 ----a-w- c:\windows\system32\drivers\LKD8F4.tmp
      2011-03-24 00:54:43 30267 ----a-w- c:\windows\system32\drivers\LKD872.tmp
      2011-03-23 16:44:42 30267 ----a-w- c:\windows\system32\drivers\LKD7ED.tmp
      2011-03-23 08:34:29 30267 ----a-w- c:\windows\system32\drivers\LKD765.tmp
      2011-03-23 00:23:22 30267 ----a-w- c:\windows\system32\drivers\LKD6DE.tmp
      2011-03-22 16:13:09 30267 ----a-w- c:\windows\system32\drivers\LKD659.tmp
      2011-03-22 08:02:48 30267 ----a-w- c:\windows\system32\drivers\LKD5CF.tmp
      2011-03-21 23:52:41 30267 ----a-w- c:\windows\system32\drivers\LKD54C.tmp
      2011-03-21 15:42:48 30267 ----a-w- c:\windows\system32\drivers\LKD4C9.tmp
      2011-03-21 07:32:34 30267 ----a-w- c:\windows\system32\drivers\LKD432.tmp
      2011-03-18 09:53:37 30267 ----a-w- c:\windows\system32\drivers\LKD345.tmp
      .
      ============= FINISH: 20:13:43.40 ===============
      Muchas gracias por vuestra ayuda de antemano.

      Un saludo

    2. #2
      Colaborador Avatar de RiaGuel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      7.480

      Re: Se abre el explorer solo con publicidad

      Hola scialfa. al Foro de InfoSpyware.

      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      Desactiva temporalmente el Antivirus y/o Antispyware.
      Cierra todas las ventanas abiertas.
      • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
      o *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
      o *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje. Me comentas también que tal es el funcionamiento del equipo después de ejecutar ComboFix.

      PD: No vuelvas a ejecutar ComboFix ni ningun otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.
      Saludos
      Fin de semana, fuera de cobertura... nos vemos en Valdepeñas. El lunes, vuelta al foro.

    3. #3
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Re: Se abre el explorer solo con publicidad

      Hola RiaGuel,

      Muchas gracias por tu respuesta.
      He seguido los pasos, y te cuento:
      - rendimiento del equipo, todo bien, no he notado demasiada diferencia ni para bien ni para mal (con el tema este de las ventans de publicidad no se me ha relentizado),
      - pero se me siguen abriendo ventanas de explorer con publicidad

      Te pego aqui el log de combofix:

      ComboFix 11-06-15.02 - 100027982 16/06/2011 18:35:32.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.1009 [GMT 2:00]
      Running from: d:\documents and settings\100027982\Desktop\ComboFix.exe
      AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
      AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      FW: Proventia Desktop *Enabled* {E1EC88C6-49C8-4599-8097-09F7E1CB6A15}
      FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Search Settings
      c:\program files\Search Settings\SeARchsettings.dll
      c:\program files\Search Settings\SearchSettings.exe
      c:\program files\Search Settings\SearchSettingsRes409.dll
      c:\windows\system32\paradise.dll
      d:\documents and settings\100027982.HCE-1X80J4J\WINDOWS
      d:\documents and settings\100027982\WINDOWS
      d:\documents and settings\Default User\WINDOWS
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
      .
      .
      2011-06-16 16:03 . 2011-06-16 16:03 4128845 ----a-w- c:\temp\limpiar malware\ComboFix.exe
      2011-06-16 10:58 . 2011-06-16 10:58 30267 ----a-w- c:\windows\system32\drivers\LKD84.tmp
      2011-06-15 18:46 . 2011-06-15 16:33 9435312 ----a-w- c:\temp\limpiar malware\mbam-setup-1.51.0.1200.exe
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\100027982\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2011-06-15 16:25 . 2011-06-15 16:25 -------- d-----w- c:\program files\CCleaner
      2011-06-15 16:23 . 2011-06-15 16:23 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-15 07:18 . 2011-06-15 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD83.tmp
      2011-06-15 06:02 . 2011-06-15 06:02 30267 ----a-w- c:\windows\system32\drivers\LKD82.tmp
      2011-06-14 21:34 . 2011-06-14 21:34 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40 . 2011-06-14 20:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:38 . 2011-06-14 20:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
      2011-06-14 20:37 . 2011-05-25 00:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- c:\program files\Lavasoft
      2011-06-14 20:20 . 2011-06-14 20:21 -------- d-----w- d:\documents and settings\100027982\Application Data\Calendario
      2011-06-14 20:19 . 2011-06-14 20:19 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19 . 2011-06-14 20:19 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18 . 2011-06-14 20:18 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Application Data\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- c:\program files\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      2011-06-14 20:12 . 2011-06-14 20:12 12 ----a-w- C:\wpg32.dll
      2011-06-14 20:12 . 2011-06-14 20:17 -------- d-----w- c:\program files\Object
      2011-06-14 06:38 . 2011-06-14 06:39 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37 . 2011-06-09 18:25 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37 . 2011-06-09 18:29 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09 . 2010-08-01 10:38 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09 . 2010-08-01 10:38 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09 . 2010-08-01 10:36 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09 . 2010-08-01 10:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09 . 2010-08-01 10:37 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-10 11:32 . 2011-06-10 11:32 30267 ----a-w- c:\windows\system32\drivers\LKD1F9.tmp
      2011-06-10 03:20 . 2011-06-10 03:20 30267 ----a-w- c:\windows\system32\drivers\LKD154.tmp
      2011-06-09 18:29 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29 . 2011-06-09 18:29 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26 . 2011-06-09 18:26 -------- d-----w- d:\documents and settings\100027982\Application Data\Softplicity
      2011-06-09 18:25 . 2011-06-09 18:28 -------- d-----w- c:\program files\TotalAudioConverter
      2011-06-09 15:03 . 2011-06-09 15:03 30267 ----a-w- c:\windows\system32\drivers\LKDCB.tmp
      2011-06-09 10:56 . 2011-06-09 10:56 30267 ----a-w- c:\windows\system32\drivers\LKD81.tmp
      2011-06-09 07:54 . 2011-06-09 07:54 30267 ----a-w- c:\windows\system32\drivers\LKDEE.tmp
      2011-06-08 15:29 . 2011-06-08 15:29 30267 ----a-w- c:\windows\system32\drivers\LKD80.tmp
      2011-06-07 13:13 . 2011-06-07 13:13 30267 ----a-w- c:\windows\system32\drivers\LKD7F.tmp
      2011-06-06 14:21 . 2011-06-06 14:21 30267 ----a-w- c:\windows\system32\drivers\LKD7E.tmp
      2011-06-06 07:00 . 2011-06-06 07:00 30267 ----a-w- c:\windows\system32\drivers\LKD8E.tmp
      2011-06-03 02:09 . 2011-06-03 02:09 30267 ----a-w- c:\windows\system32\drivers\LKD156.tmp
      2011-06-02 17:59 . 2011-06-02 17:59 30267 ----a-w- c:\windows\system32\drivers\LKDC3.tmp
      2011-06-02 13:53 . 2011-06-02 13:53 30267 ----a-w- c:\windows\system32\drivers\LKD7C.tmp
      2011-06-02 07:31 . 2011-06-02 07:31 30267 ----a-w- c:\windows\system32\drivers\LKD7D.tmp
      2011-05-31 08:01 . 2011-05-31 08:01 30267 ----a-w- c:\windows\system32\drivers\LKD7B.tmp
      2011-05-27 11:39 . 2011-05-27 11:39 30267 ----a-w- c:\windows\system32\drivers\LKD7A.tmp
      2011-05-26 07:27 . 2011-05-26 07:27 30267 ----a-w- c:\windows\system32\drivers\LKD79.tmp
      2011-05-25 11:21 . 2011-05-25 11:21 30267 ----a-w- c:\windows\system32\drivers\LKDCD.tmp
      2011-05-25 07:20 . 2011-05-25 07:20 30267 ----a-w- c:\windows\system32\drivers\LKD78.tmp
      2011-05-24 17:05 . 2011-06-15 15:37 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\VMware
      2011-05-24 13:58 . 2011-04-13 13:34 94208 ----a-w- c:\temp\CCC TRaining\CCC70SP3\70sp3\Deio\Program\CriticalCareClinisoft\PDEV\DDPB840.dll
      2011-05-24 11:17 . 2011-05-24 11:17 30267 ----a-w- c:\windows\system32\drivers\LKDD1.tmp
      2011-05-24 07:16 . 2011-05-24 07:16 30267 ----a-w- c:\windows\system32\drivers\LKD77.tmp
      2011-05-23 12:23 . 2011-05-23 12:23 30267 ----a-w- c:\windows\system32\drivers\LKDC2.tmp
      2011-05-23 08:22 . 2011-05-23 08:22 30267 ----a-w- c:\windows\system32\drivers\LKD76.tmp
      2011-05-20 11:33 . 2011-05-20 11:33 30267 ----a-w- c:\windows\system32\drivers\LKDE0.tmp
      2011-05-20 11:01 . 2011-05-20 11:01 30267 ----a-w- c:\windows\system32\drivers\LKD75.tmp
      2011-05-19 07:29 . 2011-05-19 07:29 30267 ----a-w- c:\windows\system32\drivers\LKD74.tmp
      2011-05-18 07:18 . 2011-05-18 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD73.tmp
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-16 15:05 . 2009-12-02 13:07 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-16 15:04 . 2009-12-02 13:06 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-16 15:04 . 2009-12-02 13:06 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-16 15:04 . 2009-12-02 13:06 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-16 15:04 . 2009-12-02 13:06 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      2011-06-16 15:04 . 2009-12-02 13:07 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-05-17 07:18 . 2011-05-17 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD72.tmp
      2011-05-16 08:24 . 2011-05-16 08:24 30267 ----a-w- c:\windows\system32\drivers\LKD71.tmp
      2011-05-13 09:05 . 2011-05-13 09:05 30267 ----a-w- c:\windows\system32\drivers\LKD70.tmp
      2011-05-12 15:17 . 2011-05-12 15:17 30267 ----a-w- c:\windows\system32\drivers\LKD106.tmp
      2011-05-12 07:16 . 2011-05-12 07:16 30267 ----a-w- c:\windows\system32\drivers\LKD6F.tmp
      2011-05-11 11:26 . 2011-05-11 11:26 30267 ----a-w- c:\windows\system32\drivers\LKDD6.tmp
      2011-05-11 07:26 . 2011-05-11 07:26 30267 ----a-w- c:\windows\system32\drivers\LKD6E.tmp
      2011-05-10 11:31 . 2011-05-10 11:31 30267 ----a-w- c:\windows\system32\drivers\LKDCC.tmp
      2011-05-10 07:30 . 2011-05-10 07:30 30267 ----a-w- c:\windows\system32\drivers\LKD6D.tmp
      2011-05-09 12:39 . 2011-05-09 12:39 30267 ----a-w- c:\windows\system32\drivers\LKD6B.tmp
      2011-05-05 13:11 . 2011-05-05 13:11 30267 ----a-w- c:\windows\system32\drivers\LKD6A.tmp
      2011-05-04 16:42 . 2011-05-04 16:42 30267 ----a-w- c:\windows\system32\drivers\LKD69.tmp
      2011-05-03 18:57 . 2011-05-03 18:57 30267 ----a-w- c:\windows\system32\drivers\LKDF7.tmp
      2011-05-03 10:46 . 2011-05-03 10:46 30267 ----a-w- c:\windows\system32\drivers\LKD68.tmp
      2011-05-03 02:32 . 2011-05-03 02:32 30267 ----a-w- c:\windows\system32\drivers\LKD146.tmp
      2011-04-29 11:38 . 2011-04-29 11:38 30267 ----a-w- c:\windows\system32\drivers\LKD1DD.tmp
      2011-04-29 07:37 . 2011-04-29 07:37 30267 ----a-w- c:\windows\system32\drivers\LKD6C.tmp
      2011-04-28 15:25 . 2011-04-28 15:25 30267 ----a-w- c:\windows\system32\drivers\LKDB0.tmp
      2011-04-28 11:24 . 2011-04-28 11:24 30267 ----a-w- c:\windows\system32\drivers\LKD67.tmp
      2011-04-27 16:02 . 2011-04-27 16:02 30267 ----a-w- c:\windows\system32\drivers\LKDB4.tmp
      2011-04-27 11:57 . 2011-04-27 11:57 30267 ----a-w- c:\windows\system32\drivers\LKD66.tmp
      2011-04-27 06:33 . 2011-04-27 06:33 30267 ----a-w- c:\windows\system32\drivers\LKD65.tmp
      2011-04-26 10:33 . 2011-04-26 10:33 30267 ----a-w- c:\windows\system32\drivers\LKD8B1.tmp
      2011-04-25 14:18 . 2011-04-25 14:18 30267 ----a-w- c:\windows\system32\drivers\LKD114.tmp
      2011-04-25 06:14 . 2011-04-25 06:14 30267 ----a-w- c:\windows\system32\drivers\LKD64.tmp
      2011-04-20 07:47 . 2011-04-20 07:47 30267 ----a-w- c:\windows\system32\drivers\LKD1D1.tmp
      2011-04-19 23:37 . 2011-04-19 23:37 30267 ----a-w- c:\windows\system32\drivers\LKD150.tmp
      2011-04-19 15:27 . 2011-04-19 15:27 30267 ----a-w- c:\windows\system32\drivers\LKDCA.tmp
      2011-04-19 11:21 . 2011-04-19 11:21 30267 ----a-w- c:\windows\system32\drivers\LKD88.tmp
      2011-04-15 10:32 . 2011-04-15 10:32 30267 ----a-w- c:\windows\system32\drivers\LKD2EF.tmp
      2011-04-15 02:22 . 2011-04-15 02:22 30267 ----a-w- c:\windows\system32\drivers\LKD12A.tmp
      2011-04-14 15:28 . 2011-04-14 15:28 30267 ----a-w- c:\windows\system32\drivers\LKD176D.tmp
      2011-04-14 07:19 . 2011-04-14 07:19 30267 ----a-w- c:\windows\system32\drivers\LKD13C0.tmp
      2011-04-13 23:10 . 2011-04-13 23:10 30267 ----a-w- c:\windows\system32\drivers\LKD12AA.tmp
      2011-04-13 15:00 . 2011-04-13 15:00 30267 ----a-w- c:\windows\system32\drivers\LKD11B9.tmp
      2011-04-13 06:51 . 2011-04-13 06:51 30267 ----a-w- c:\windows\system32\drivers\LKDE15.tmp
      2011-04-12 10:23 . 2011-04-12 10:23 30267 ----a-w- c:\windows\system32\drivers\LKD5F4.tmp
      2011-04-12 06:18 . 2011-04-12 06:18 30267 ----a-w- c:\windows\system32\drivers\LKD3E2.tmp
      2011-04-08 09:16 . 2011-04-08 09:16 30267 ----a-w- c:\windows\system32\drivers\LKDB6.tmp
      2011-04-07 00:22 . 2011-04-07 00:22 30267 ----a-w- c:\windows\system32\drivers\LKD397.tmp
      2011-04-06 16:12 . 2011-04-06 16:12 30267 ----a-w- c:\windows\system32\drivers\LKD310.tmp
      2011-04-06 08:02 . 2011-04-06 08:02 30267 ----a-w- c:\windows\system32\drivers\LKD28A.tmp
      2011-04-05 23:52 . 2011-04-05 23:52 30267 ----a-w- c:\windows\system32\drivers\LKD203.tmp
      2011-04-04 16:42 . 2011-04-04 16:42 30267 ----a-w- c:\windows\system32\drivers\LKD100.tmp
      2011-03-25 07:18 . 2011-03-25 07:18 30267 ----a-w- c:\windows\system32\drivers\LKD62.tmp
      2011-03-24 09:05 . 2011-03-24 09:05 30267 ----a-w- c:\windows\system32\drivers\LKD8F4.tmp
      2011-03-24 00:54 . 2011-03-24 00:54 30267 ----a-w- c:\windows\system32\drivers\LKD872.tmp
      2011-03-23 16:44 . 2011-03-23 16:44 30267 ----a-w- c:\windows\system32\drivers\LKD7ED.tmp
      2011-03-23 08:34 . 2011-03-23 08:34 30267 ----a-w- c:\windows\system32\drivers\LKD765.tmp
      2011-03-23 00:23 . 2011-03-23 00:23 30267 ----a-w- c:\windows\system32\drivers\LKD6DE.tmp
      2011-03-22 16:13 . 2011-03-22 16:13 30267 ----a-w- c:\windows\system32\drivers\LKD659.tmp
      2011-03-22 08:02 . 2011-03-22 08:02 30267 ----a-w- c:\windows\system32\drivers\LKD5CF.tmp
      2011-03-21 23:52 . 2011-03-21 23:52 30267 ----a-w- c:\windows\system32\drivers\LKD54C.tmp
      2011-03-21 15:42 . 2011-03-21 15:42 30267 ----a-w- c:\windows\system32\drivers\LKD4C9.tmp
      2011-03-21 07:32 . 2011-03-21 07:32 30267 ----a-w- c:\windows\system32\drivers\LKD432.tmp
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2CC692-D1B6-433e-BEFF-745CE8087980}]
      2011-05-17 14:31 221184 ----a-w- c:\program files\Tutoriales100\tutoriales100BHO.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-21 466944]
      "DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2007-03-03 24592]
      "CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2007-03-03 124432]
      "TempRemove"="c:\program files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 7680]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-24 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-24 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-24 136192]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2011-06-16 49212]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-09 483420]
      "SophosNAC_Agent"="c:\program files\Sophos\NAC\AgntTray.exe" [2009-05-01 1373792]
      "GEvpnPacCheck"="c:\program files\Juniper Networks\VPN_PAC_CHECK.vbs" [2009-04-06 1747]
      "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2009-08-12 955688]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-08-01 64048]
      "Tutoriales100"="c:\program files\Tutoriales100\tutoriales100.exe" [2011-06-06 978544]
      "UpdateTutoriales100"="d:\documents and settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe" [2011-05-17 655360]
      "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776]
      Proventia Desktop Agent.lnk - [N/A]
      Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-10-20 429096]
      VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-20 6144]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2007-03-03 12:30 27664 ----a-w- c:\program files\CA\DSM\Bin\cfWlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
      2010-07-13 06:48 202024 ----a-w- c:\windows\system32\odyEvent.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-01 11:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
      2010-07-07 20:39 3677496 ----a-w- c:\program files\WebEx\Connect\connect.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-10-16 09:04 136176 ----atw- d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
      2003-08-19 10:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
      2006-08-11 07:45 712704 ----a-w- c:\program files\Maxtor\ManagerApp\OneTouch.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2010-04-28 18:26 252928 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
      2006-08-11 10:15 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
      2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NTService1"=2 (0x2)
      "MaxBackServiceInt"=2 (0x2)
      "gusvc"=3 (0x3)
      "gupdate"=2 (0x2)
      "awhost32"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)
      "VmbService"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=
      "c:\\Program Files\\WebEx\\Connect\\widget.exe"=
      "c:\\Program Files\\WebEx\\Connect\\connect.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5556:TCP"= 5556:TCP:SafeBoot
      .
      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/14/2011 10:37 PM 64512]
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [8/12/2009 4:15 AM 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [8/12/2009 4:15 AM 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [12/2/2009 3:07 PM 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [12/2/2009 3:06 PM 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/2/2009 3:06 PM 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/20/2009 5:00 AM 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/20/2009 5:00 AM 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [12/2/2009 3:06 PM 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [12/2/2009 3:06 PM 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [11/20/2009 5:02 AM 100136]
      R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
      R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [11/20/2009 4:36 AM 2011473]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\Bin\CAF.exe [3/3/2007 2:30 PM 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [8/11/2009 9:14 PM 132392]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/25/2011 2:00 AM 2151128]
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/15/2011 6:33 PM 366640]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [1/12/2009 7:15 AM 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\sbmgrnt.exe [12/2/2009 3:07 PM 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/20/2010 9:36 AM 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/20/2010 9:36 AM 93736]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [10/20/2010 9:36 AM 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [10/20/2010 9:36 AM 30248]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\Sophos\NAC\AgentAPI.exe [5/1/2009 1:07 PM 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/1/2010 12:39 PM 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/1/2010 11:39 AM 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [11/20/2009 4:36 AM 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/19/2009 6:23 PM 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/19/2009 6:23 PM 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/2/2009 1:52 PM 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [8/12/2009 4:30 AM 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11/26/2009 10:44 AM 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/20/2009 5:30 AM 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/13/2009 6:18 PM 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [6/13/2009 6:18 PM 29312]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [11/20/2009 4:36 AM 76849]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/15/2011 6:33 PM 22712]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [11/20/2009 4:36 AM 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [3/1/2010 6:35 PM 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [11/20/2009 4:36 AM 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [4/2/2009 1:38 PM 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [4/2/2009 1:38 PM 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [4/2/2009 1:38 PM 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [4/2/2009 1:38 PM 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [4/2/2009 1:38 PM 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [4/2/2009 1:38 PM 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [4/2/2009 1:38 PM 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [4/2/2009 1:38 PM 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [4/2/2009 1:38 PM 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/29/2010 6:43 PM 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [7/20/2010 1:30 PM 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [6/13/2009 6:18 PM 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/15/2011 6:33 PM 39984]
      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [10/20/2010 9:36 AM 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/29/2010 6:37 PM 150528]
      S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/20/2009 5:00 AM 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [4/28/2010 8:26 PM 9216]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - BMLoad
      *Deregistered* - uphcleanhlp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookProfile.vbs]
      2010-12-10 11:31 9276 ----a-w- c:\program files\Microsoft Office\OutlookProfile.vbs
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PitchBuilderAS.EXE]
      2010-12-09 11:06 150280 ----a-w- c:\program files\Microsoft Office\Wizkit\PitchBuilderAS.EXE
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
      .
      2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      2011-04-01 c:\windows\Tasks\At1.job
      - d:\support\TOOLS\DiskTidyUp.exe [2009-11-19 11:50]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722Core.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722UA.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\New scheduled scan.job
      - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-10-20 07:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Connection Wizard,ShellNext = hxxp://medinternational.home.ge.com/
      uInternet Settings,ProxyOverride = <local>
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      LSP: bmnet.dll
      LSP: c:\program files\VMware\VMware Player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      TCP: DhcpNameServer = 192.168.2.1
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      HKCU-Run-Calendario - (no file)
      HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
      SafeBoot-WudfPf
      SafeBoot-WudfRd
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-06-16 18:45
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
      "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1336)
      c:\program files\CA\DSM\Bin\cfwlogon.dll
      c:\windows\system32\odyEvent.dll
      .
      - - - - - - - > 'lsass.exe'(1400)
      c:\windows\system32\bmnet.dll
      .
      - - - - - - - > 'explorer.exe'(5596)
      c:\windows\system32\WININET.dll
      c:\windows\system32\btmmhook.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
      c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
      c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
      c:\windows\system32\LEXBCES.EXE
      c:\windows\system32\LEXPPS.EXE
      c:\windows\system32\wbem\unsecapp.exe
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\CA\SC\CAM\bin\cam.exe
      c:\program files\Cisco Systems\VPN Client\cvpnd.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\ISS\Proventia Desktop\RapApp.exe
      c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
      c:\program files\Sophos\AutoUpdate\ALsvc.exe
      c:\program files\Sophos\Remote Management System\RouterNT.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\UPHClean\uphclean.exe
      c:\program files\VMware\VMware Player\vmware-authd.exe
      c:\windows\system32\vmnat.exe
      c:\windows\system32\vmnetdhcp.exe
      c:\program files\CA\DSM\Bin\cfsmsmd.exe
      c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      c:\program files\CA\DSM\Bin\ccnfagent.exe
      c:\program files\CA\DSM\Bin\cfnotsrvd.exe
      c:\program files\CA\DSM\Bin\ccsmagtd.exe
      c:\program files\CA\DSM\Bin\amswmagt.exe
      c:\program files\CA\DSM\PMAgent\capmuamagt.exe
      c:\program files\CA\DSM\Bin\cfftplugin.exe
      c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\program files\DellTPad\HidFind.exe
      c:\program files\DellTPad\Apntex.exe
      c:\program files\ISS\Proventia Desktop\blackice.exe
      c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      c:\windows\System32\wudfhost.exe
      .
      **************************************************************************
      .
      Completion time: 2011-06-16 18:53:42 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-06-16 16:53
      .
      Pre-Run: 6.524.923.904 bytes free
      Post-Run: 6.192.603.136 bytes free
      .
      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
      .
      - - End Of File - - FB329CA328B710BC6D8FB80D2810A588

      Un saludo
      Amara

    4. #4
      Moderador Gral.
      Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      22.919

      Re: Se abre el explorer solo con publicidad

      Hola scialfa: RiaGuel tuvo que viajar, por lo cual voy a continuar con el problema.


      Descarga ATF Cleaner + Manual con los navegadores cerrados, usa las pestañas en las opciones Firefox u Opera, de tener dichos navegadores, marca la casilla select all.
      Ejecuta ATF-Cleaner en tu escritorio.
      Marca la opción "Select All"
      Pulsa sobre el botón "Empty Selected".
      realiza lo mismo pero en la pestaña Firefox y Opera respectivamente.

      Desconectate de la red de internet y ejecuta ATF Cleaner.


      Realiza estos pasos

      • Clic en INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR
      • Ahora copia y pega estos archivos dentro del Notepad (menos la palabra código)





      Código:
      KillAll::
      
      
      File::
      C:\wpg32.dll
      c:\windows\system32\drivers\LKD84.tmp
      c:\windows\system32\drivers\LKD83.tmp
      c:\windows\system32\drivers\LKD82.tmp
      c:\windows\system32\drivers\LKD1F9.tmp
      c:\windows\system32\drivers\LKD154.tmp
      c:\windows\system32\drivers\LKDCB.tmp
      c:\windows\system32\drivers\LKD81.tmp
      c:\windows\system32\drivers\LKDEE.tmp
      c:\windows\system32\drivers\LKD80.tmp
      c:\windows\system32\drivers\LKD7F.tmp
      c:\windows\system32\drivers\LKD7E.tmp
      c:\windows\system32\drivers\LKD8E.tmp
      c:\windows\system32\drivers\LKD156.tmp
      c:\windows\system32\drivers\LKDC3.tmp
      c:\windows\system32\drivers\LKD7C.tmp
      c:\windows\system32\drivers\LKD7D.tmp
      c:\windows\system32\drivers\LKD7B.tmp
      c:\windows\system32\drivers\LKD7A.tmp
      c:\windows\system32\drivers\LKD79.tmp
      c:\windows\system32\drivers\LKDCD.tmp
      c:\windows\system32\drivers\LKD78.tmp
      c:\windows\system32\drivers\LKDD1.tmp
      c:\windows\system32\drivers\LKD77.tmp
      c:\windows\system32\drivers\LKDC2.tmp
      c:\windows\system32\drivers\LKD76.tmp
      c:\windows\system32\drivers\LKDE0.tmp
      c:\windows\system32\drivers\LKD75.tmp
      c:\windows\system32\drivers\LKD74.tmp
      c:\windows\system32\drivers\LKD73.tmp
      c:\windows\system32\drivers\LKD72.tmp
      c:\windows\system32\drivers\LKD71.tmp
      c:\windows\system32\drivers\LKD70.tmp
      c:\windows\system32\drivers\LKD106.tmp
      c:\windows\system32\drivers\LKD6F.tmp
      c:\windows\system32\drivers\LKDD6.tmp
      c:\windows\system32\drivers\LKD6E.tmp
      c:\windows\system32\drivers\LKDCC.tmp
      c:\windows\system32\drivers\LKD6D.tmp
      c:\windows\system32\drivers\LKD6B.tmp
      c:\windows\system32\drivers\LKD6A.tmp
      c:\windows\system32\drivers\LKD69.tmp
      c:\windows\system32\drivers\LKDF7.tmp
      c:\windows\system32\drivers\LKD68.tmp
      c:\windows\system32\drivers\LKD146.tmp
      c:\windows\system32\drivers\LKD1DD.tmp
      c:\windows\system32\drivers\LKD6C.tmp
      c:\windows\system32\drivers\LKDB0.tmp
      c:\windows\system32\drivers\LKD67.tmp
      c:\windows\system32\drivers\LKDB4.tmp
      c:\windows\system32\drivers\LKD66.tmp
      c:\windows\system32\drivers\LKD65.tmp
      c:\windows\system32\drivers\LKD8B1.tmp
      c:\windows\system32\drivers\LKD114.tmp
      c:\windows\system32\drivers\LKD64.tmp
      c:\windows\system32\drivers\LKD1D1.tmp
      c:\windows\system32\drivers\LKD150.tmp
      c:\windows\system32\drivers\LKDCA.tmp
      c:\windows\system32\drivers\LKD88.tmp
      c:\windows\system32\drivers\LKD12A.tmp
      c:\windows\system32\drivers\LKD176D.tmp
      c:\windows\system32\drivers\LKD13C0.tmp
      c:\windows\system32\drivers\LKD12AA.tmp
      c:\windows\system32\drivers\LKD11B9.tmp
      c:\windows\system32\drivers\LKDE15.tmp
      c:\windows\system32\drivers\LKD5F4.tmp
      c:\windows\system32\drivers\LKD3E2.tmp
      c:\windows\system32\drivers\LKDB6.tmp
      c:\windows\system32\drivers\LKD397.tmp
      c:\windows\system32\drivers\LKD310.tmp
      c:\windows\system32\drivers\LKD28A.tmp
      c:\windows\system32\drivers\LKD203.tmp
      c:\windows\system32\drivers\LKD100.tmp
      c:\windows\system32\drivers\LKD62.tmp
      c:\windows\system32\drivers\LKD8F4.tmp
      c:\windows\system32\drivers\LKD872.tmp
      c:\windows\system32\drivers\LKD7ED.tmp
      c:\windows\system32\drivers\LKD765.tmp
      c:\windows\system32\drivers\LKD6DE.tmp
      c:\windows\system32\drivers\LKD659.tmp
      c:\windows\system32\drivers\LKD5CF.tmp
      c:\windows\system32\drivers\LKD54C.tmp
      c:\windows\system32\drivers\LKD4C9.tmp
      c:\windows\system32\drivers\LKD432.tmp
      
      Folder::
      c:\program files\Application Updater
      
      Driver::
      Application Updater
      TSClient
      
      Registry::
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5556:TCP"=-
      
      DDS::
      uInternet Connection Wizard,ShellNext = hxxp://medinternational.home.ge.com/
      uInternet Settings,ProxyOverride = <local>



      • Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
      • Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware..
      • Cierra todas las ventanas abiertas. Arrastras el block de notas al icono de ComboFix que tenes en el escritorio, como muestra la imagen de abajo.



      • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Re: Se abre el explorer solo con publicidad

      Hola Damianl_77

      Lo primero de todo, gracias por tu ayuda.

      He seguido los pasos y se me siguen abriendo los explorar de publicidad. Te pego el reporte de combofix

      ComboFix 11-06-15.02 - 100027982 18/06/2011 19:52:38.2.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.1142 [GMT 2:00]
      Running from: d:\documents and settings\100027982\Desktop\ComboFix.exe
      Command switches used :: d:\documents and settings\100027982\Desktop\CFScript.txt
      AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      FW: Proventia Desktop *Enabled* {E1EC88C6-49C8-4599-8097-09F7E1CB6A15}
      FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
      .
      FILE ::
      "c:\windows\system32\drivers\LKD100.tmp"
      "c:\windows\system32\drivers\LKD106.tmp"
      "c:\windows\system32\drivers\LKD114.tmp"
      "c:\windows\system32\drivers\LKD11B9.tmp"
      "c:\windows\system32\drivers\LKD12A.tmp"
      "c:\windows\system32\drivers\LKD12AA.tmp"
      "c:\windows\system32\drivers\LKD13C0.tmp"
      "c:\windows\system32\drivers\LKD146.tmp"
      "c:\windows\system32\drivers\LKD150.tmp"
      "c:\windows\system32\drivers\LKD154.tmp"
      "c:\windows\system32\drivers\LKD156.tmp"
      "c:\windows\system32\drivers\LKD176D.tmp"
      "c:\windows\system32\drivers\LKD1D1.tmp"
      "c:\windows\system32\drivers\LKD1DD.tmp"
      "c:\windows\system32\drivers\LKD1F9.tmp"
      "c:\windows\system32\drivers\LKD203.tmp"
      "c:\windows\system32\drivers\LKD28A.tmp"
      "c:\windows\system32\drivers\LKD310.tmp"
      "c:\windows\system32\drivers\LKD397.tmp"
      "c:\windows\system32\drivers\LKD3E2.tmp"
      "c:\windows\system32\drivers\LKD432.tmp"
      "c:\windows\system32\drivers\LKD4C9.tmp"
      "c:\windows\system32\drivers\LKD54C.tmp"
      "c:\windows\system32\drivers\LKD5CF.tmp"
      "c:\windows\system32\drivers\LKD5F4.tmp"
      "c:\windows\system32\drivers\LKD62.tmp"
      "c:\windows\system32\drivers\LKD64.tmp"
      "c:\windows\system32\drivers\LKD65.tmp"
      "c:\windows\system32\drivers\LKD659.tmp"
      "c:\windows\system32\drivers\LKD66.tmp"
      "c:\windows\system32\drivers\LKD67.tmp"
      "c:\windows\system32\drivers\LKD68.tmp"
      "c:\windows\system32\drivers\LKD69.tmp"
      "c:\windows\system32\drivers\LKD6A.tmp"
      "c:\windows\system32\drivers\LKD6B.tmp"
      "c:\windows\system32\drivers\LKD6C.tmp"
      "c:\windows\system32\drivers\LKD6D.tmp"
      "c:\windows\system32\drivers\LKD6DE.tmp"
      "c:\windows\system32\drivers\LKD6E.tmp"
      "c:\windows\system32\drivers\LKD6F.tmp"
      "c:\windows\system32\drivers\LKD70.tmp"
      "c:\windows\system32\drivers\LKD71.tmp"
      "c:\windows\system32\drivers\LKD72.tmp"
      "c:\windows\system32\drivers\LKD73.tmp"
      "c:\windows\system32\drivers\LKD74.tmp"
      "c:\windows\system32\drivers\LKD75.tmp"
      "c:\windows\system32\drivers\LKD76.tmp"
      "c:\windows\system32\drivers\LKD765.tmp"
      "c:\windows\system32\drivers\LKD77.tmp"
      "c:\windows\system32\drivers\LKD78.tmp"
      "c:\windows\system32\drivers\LKD79.tmp"
      "c:\windows\system32\drivers\LKD7A.tmp"
      "c:\windows\system32\drivers\LKD7B.tmp"
      "c:\windows\system32\drivers\LKD7C.tmp"
      "c:\windows\system32\drivers\LKD7D.tmp"
      "c:\windows\system32\drivers\LKD7E.tmp"
      "c:\windows\system32\drivers\LKD7ED.tmp"
      "c:\windows\system32\drivers\LKD7F.tmp"
      "c:\windows\system32\drivers\LKD80.tmp"
      "c:\windows\system32\drivers\LKD81.tmp"
      "c:\windows\system32\drivers\LKD82.tmp"
      "c:\windows\system32\drivers\LKD83.tmp"
      "c:\windows\system32\drivers\LKD84.tmp"
      "c:\windows\system32\drivers\LKD872.tmp"
      "c:\windows\system32\drivers\LKD88.tmp"
      "c:\windows\system32\drivers\LKD8B1.tmp"
      "c:\windows\system32\drivers\LKD8E.tmp"
      "c:\windows\system32\drivers\LKD8F4.tmp"
      "c:\windows\system32\drivers\LKDB0.tmp"
      "c:\windows\system32\drivers\LKDB4.tmp"
      "c:\windows\system32\drivers\LKDB6.tmp"
      "c:\windows\system32\drivers\LKDC2.tmp"
      "c:\windows\system32\drivers\LKDC3.tmp"
      "c:\windows\system32\drivers\LKDCA.tmp"
      "c:\windows\system32\drivers\LKDCB.tmp"
      "c:\windows\system32\drivers\LKDCC.tmp"
      "c:\windows\system32\drivers\LKDCD.tmp"
      "c:\windows\system32\drivers\LKDD1.tmp"
      "c:\windows\system32\drivers\LKDD6.tmp"
      "c:\windows\system32\drivers\LKDE0.tmp"
      "c:\windows\system32\drivers\LKDE15.tmp"
      "c:\windows\system32\drivers\LKDEE.tmp"
      "c:\windows\system32\drivers\LKDF7.tmp"
      "C:\wpg32.dll"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Application Updater
      c:\program files\Application Updater\ApplicationUpdater.exe
      c:\program files\Application Updater\config.ini
      c:\windows\system32\drivers\LKD100.tmp
      c:\windows\system32\drivers\LKD106.tmp
      c:\windows\system32\drivers\LKD114.tmp
      c:\windows\system32\drivers\LKD11B9.tmp
      c:\windows\system32\drivers\LKD12A.tmp
      c:\windows\system32\drivers\LKD12AA.tmp
      c:\windows\system32\drivers\LKD13C0.tmp
      c:\windows\system32\drivers\LKD146.tmp
      c:\windows\system32\drivers\LKD150.tmp
      c:\windows\system32\drivers\LKD154.tmp
      c:\windows\system32\drivers\LKD156.tmp
      c:\windows\system32\drivers\LKD176D.tmp
      c:\windows\system32\drivers\LKD1D1.tmp
      c:\windows\system32\drivers\LKD1DD.tmp
      c:\windows\system32\drivers\LKD1F9.tmp
      c:\windows\system32\drivers\LKD203.tmp
      c:\windows\system32\drivers\LKD28A.tmp
      c:\windows\system32\drivers\LKD310.tmp
      c:\windows\system32\drivers\LKD397.tmp
      c:\windows\system32\drivers\LKD3E2.tmp
      c:\windows\system32\drivers\LKD432.tmp
      c:\windows\system32\drivers\LKD4C9.tmp
      c:\windows\system32\drivers\LKD54C.tmp
      c:\windows\system32\drivers\LKD5CF.tmp
      c:\windows\system32\drivers\LKD5F4.tmp
      c:\windows\system32\drivers\LKD62.tmp
      c:\windows\system32\drivers\LKD64.tmp
      c:\windows\system32\drivers\LKD65.tmp
      c:\windows\system32\drivers\LKD659.tmp
      c:\windows\system32\drivers\LKD66.tmp
      c:\windows\system32\drivers\LKD67.tmp
      c:\windows\system32\drivers\LKD68.tmp
      c:\windows\system32\drivers\LKD69.tmp
      c:\windows\system32\drivers\LKD6A.tmp
      c:\windows\system32\drivers\LKD6B.tmp
      c:\windows\system32\drivers\LKD6C.tmp
      c:\windows\system32\drivers\LKD6D.tmp
      c:\windows\system32\drivers\LKD6DE.tmp
      c:\windows\system32\drivers\LKD6E.tmp
      c:\windows\system32\drivers\LKD6F.tmp
      c:\windows\system32\drivers\LKD70.tmp
      c:\windows\system32\drivers\LKD71.tmp
      c:\windows\system32\drivers\LKD72.tmp
      c:\windows\system32\drivers\LKD73.tmp
      c:\windows\system32\drivers\LKD74.tmp
      c:\windows\system32\drivers\LKD75.tmp
      c:\windows\system32\drivers\LKD76.tmp
      c:\windows\system32\drivers\LKD765.tmp
      c:\windows\system32\drivers\LKD77.tmp
      c:\windows\system32\drivers\LKD78.tmp
      c:\windows\system32\drivers\LKD79.tmp
      c:\windows\system32\drivers\LKD7A.tmp
      c:\windows\system32\drivers\LKD7B.tmp
      c:\windows\system32\drivers\LKD7C.tmp
      c:\windows\system32\drivers\LKD7D.tmp
      c:\windows\system32\drivers\LKD7E.tmp
      c:\windows\system32\drivers\LKD7ED.tmp
      c:\windows\system32\drivers\LKD7F.tmp
      c:\windows\system32\drivers\LKD80.tmp
      c:\windows\system32\drivers\LKD81.tmp
      c:\windows\system32\drivers\LKD82.tmp
      c:\windows\system32\drivers\LKD83.tmp
      c:\windows\system32\drivers\LKD84.tmp
      c:\windows\system32\drivers\LKD872.tmp
      c:\windows\system32\drivers\LKD88.tmp
      c:\windows\system32\drivers\LKD8B1.tmp
      c:\windows\system32\drivers\LKD8E.tmp
      c:\windows\system32\drivers\LKD8F4.tmp
      c:\windows\system32\drivers\LKDB0.tmp
      c:\windows\system32\drivers\LKDB4.tmp
      c:\windows\system32\drivers\LKDB6.tmp
      c:\windows\system32\drivers\LKDC2.tmp
      c:\windows\system32\drivers\LKDC3.tmp
      c:\windows\system32\drivers\LKDCA.tmp
      c:\windows\system32\drivers\LKDCB.tmp
      c:\windows\system32\drivers\LKDCC.tmp
      c:\windows\system32\drivers\LKDCD.tmp
      c:\windows\system32\drivers\LKDD1.tmp
      c:\windows\system32\drivers\LKDD6.tmp
      c:\windows\system32\drivers\LKDE0.tmp
      c:\windows\system32\drivers\LKDE15.tmp
      c:\windows\system32\drivers\LKDEE.tmp
      c:\windows\system32\drivers\LKDF7.tmp
      C:\wpg32.dll
      F:\Autorun.inf
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_APPLICATION_UPDATER
      -------\Legacy_TSCLIENT
      -------\Service_Application Updater
      -------\Service_TSClient
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
      .
      .
      2011-06-17 07:13 . 2011-06-17 07:13 30267 ----a-w- c:\windows\system32\drivers\LKD85.tmp
      2011-06-16 16:03 . 2011-06-16 16:03 4128845 ----a-w- c:\temp\limpiar malware\ComboFix.exe
      2011-06-15 18:46 . 2011-06-15 16:33 9435312 ----a-w- c:\temp\limpiar malware\mbam-setup-1.51.0.1200.exe
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\100027982\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2011-06-15 16:23 . 2011-06-15 16:23 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-14 21:34 . 2011-06-14 21:34 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40 . 2011-06-14 20:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:38 . 2011-06-14 20:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
      2011-06-14 20:20 . 2011-06-14 20:21 -------- d-----w- d:\documents and settings\100027982\Application Data\Calendario
      2011-06-14 20:19 . 2011-06-14 20:19 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19 . 2011-06-14 20:19 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18 . 2011-06-14 20:18 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Application Data\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- c:\program files\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      2011-06-14 20:12 . 2011-06-14 20:17 -------- d-----w- c:\program files\Object
      2011-06-14 06:38 . 2011-06-17 06:36 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37 . 2011-06-09 18:25 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37 . 2011-06-09 18:29 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09 . 2010-08-01 10:38 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09 . 2010-08-01 10:38 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09 . 2010-08-01 10:36 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09 . 2010-08-01 10:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09 . 2010-08-01 10:37 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-09 18:29 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29 . 2011-06-09 18:29 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26 . 2011-06-09 18:26 -------- d-----w- d:\documents and settings\100027982\Application Data\Softplicity
      2011-06-09 18:25 . 2011-06-09 18:28 -------- d-----w- c:\program files\TotalAudioConverter
      2011-05-24 17:05 . 2011-06-15 15:37 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\VMware
      2011-05-24 13:58 . 2011-04-13 13:34 94208 ----a-w- c:\temp\CCC TRaining\CCC70SP3\70sp3\Deio\Program\CriticalCareClinisoft\PDEV\DDPB840.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-17 11:19 . 2009-12-02 13:07 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-17 11:19 . 2009-12-02 13:06 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-17 11:19 . 2009-12-02 13:06 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-17 11:19 . 2009-12-02 13:06 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-17 11:19 . 2009-12-02 13:07 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-06-17 11:19 . 2009-12-02 13:06 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      2011-04-15 10:32 . 2011-04-15 10:32 30267 ----a-w- c:\windows\system32\drivers\LKD2EF.tmp
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2CC692-D1B6-433e-BEFF-745CE8087980}]
      2011-05-17 14:31 221184 ----a-w- c:\program files\Tutoriales100\tutoriales100BHO.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-21 466944]
      "DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2007-03-03 24592]
      "CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2007-03-03 124432]
      "TempRemove"="c:\program files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 7680]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-24 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-24 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-24 136192]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2011-06-17 49212]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-09 483420]
      "SophosNAC_Agent"="c:\program files\Sophos\NAC\AgntTray.exe" [2009-05-01 1373792]
      "GEvpnPacCheck"="c:\program files\Juniper Networks\VPN_PAC_CHECK.vbs" [2009-04-06 1747]
      "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2009-08-12 955688]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-08-01 64048]
      "Tutoriales100"="c:\program files\Tutoriales100\tutoriales100.exe" [2011-06-06 978544]
      "UpdateTutoriales100"="d:\documents and settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe" [2011-05-17 655360]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776]
      Proventia Desktop Agent.lnk - [N/A]
      Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-10-20 429096]
      VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-20 6144]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2007-03-03 12:30 27664 ----a-w- c:\program files\CA\DSM\Bin\cfWlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
      2010-07-13 06:48 202024 ----a-w- c:\windows\system32\odyEvent.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-01 11:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
      2010-07-07 20:39 3677496 ----a-w- c:\program files\WebEx\Connect\connect.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-10-16 09:04 136176 ----atw- d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
      2003-08-19 10:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
      2006-08-11 07:45 712704 ----a-w- c:\program files\Maxtor\ManagerApp\OneTouch.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2010-04-28 18:26 252928 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
      2006-08-11 10:15 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
      2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NTService1"=2 (0x2)
      "MaxBackServiceInt"=2 (0x2)
      "gusvc"=3 (0x3)
      "gupdate"=2 (0x2)
      "awhost32"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)
      "VmbService"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=
      "c:\\Program Files\\WebEx\\Connect\\widget.exe"=
      "c:\\Program Files\\WebEx\\Connect\\connect.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
      .
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [8/12/2009 4:15 AM 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [8/12/2009 4:15 AM 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [12/2/2009 3:07 PM 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [12/2/2009 3:06 PM 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/2/2009 3:06 PM 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/20/2009 5:00 AM 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/20/2009 5:00 AM 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [12/2/2009 3:06 PM 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [12/2/2009 3:06 PM 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [11/20/2009 5:02 AM 100136]
      R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [11/20/2009 4:36 AM 2011473]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\Bin\CAF.exe [3/3/2007 2:30 PM 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [8/11/2009 9:14 PM 132392]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [1/12/2009 7:15 AM 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\sbmgrnt.exe [12/2/2009 3:07 PM 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/20/2010 9:36 AM 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/20/2010 9:36 AM 93736]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [10/20/2010 9:36 AM 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [10/20/2010 9:36 AM 30248]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\Sophos\NAC\AgentAPI.exe [5/1/2009 1:07 PM 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/1/2010 12:39 PM 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/1/2010 11:39 AM 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [11/20/2009 4:36 AM 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/19/2009 6:23 PM 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/19/2009 6:23 PM 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/2/2009 1:52 PM 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [8/12/2009 4:30 AM 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11/26/2009 10:44 AM 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/20/2009 5:30 AM 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/13/2009 6:18 PM 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [6/13/2009 6:18 PM 29312]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [11/20/2009 4:36 AM 76849]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [11/20/2009 4:36 AM 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [3/1/2010 6:35 PM 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [11/20/2009 4:36 AM 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [4/2/2009 1:38 PM 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [4/2/2009 1:38 PM 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [4/2/2009 1:38 PM 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [4/2/2009 1:38 PM 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [4/2/2009 1:38 PM 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [4/2/2009 1:38 PM 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [4/2/2009 1:38 PM 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [4/2/2009 1:38 PM 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [4/2/2009 1:38 PM 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/29/2010 6:43 PM 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [7/20/2010 1:30 PM 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [6/13/2009 6:18 PM 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [10/20/2010 9:36 AM 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/29/2010 6:37 PM 150528]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/20/2009 5:00 AM 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [4/28/2010 8:26 PM 9216]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - BMLoad
      *Deregistered* - uphcleanhlp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookProfile.vbs]
      2010-12-10 11:31 9276 ----a-w- c:\program files\Microsoft Office\OutlookProfile.vbs
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PitchBuilderAS.EXE]
      2010-12-09 11:06 150280 ----a-w- c:\program files\Microsoft Office\Wizkit\PitchBuilderAS.EXE
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      2011-04-01 c:\windows\Tasks\At1.job
      - d:\support\TOOLS\DiskTidyUp.exe [2009-11-19 11:50]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722Core.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722UA.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\New scheduled scan.job
      - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-10-20 07:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = <local>
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      LSP: bmnet.dll
      LSP: c:\program files\VMware\VMware Player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-06-18 20:04
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
      "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1260)
      c:\program files\SafeBoot\SBGINA.DLL
      c:\program files\SafeBoot\SBIPC.DLL
      c:\program files\CA\DSM\Bin\cfwlogon.dll
      c:\windows\system32\odyEvent.dll
      .
      - - - - - - - > 'lsass.exe'(1336)
      c:\windows\system32\bmnet.dll
      .
      - - - - - - - > 'explorer.exe'(4976)
      c:\windows\system32\WININET.dll
      c:\windows\system32\btmmhook.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
      c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
      c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
      c:\windows\system32\LEXBCES.EXE
      c:\windows\system32\LEXPPS.EXE
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\CA\SC\CAM\bin\cam.exe
      c:\program files\Cisco Systems\VPN Client\cvpnd.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\msiexec.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\ISS\Proventia Desktop\RapApp.exe
      c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
      c:\program files\Sophos\AutoUpdate\ALsvc.exe
      c:\program files\Sophos\Remote Management System\RouterNT.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\UPHClean\uphclean.exe
      c:\program files\VMware\VMware Player\vmware-authd.exe
      c:\windows\system32\vmnat.exe
      c:\windows\system32\vmnetdhcp.exe
      c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      c:\program files\CA\DSM\Bin\cfsmsmd.exe
      c:\program files\CA\DSM\Bin\ccnfagent.exe
      c:\program files\CA\DSM\Bin\cfnotsrvd.exe
      c:\program files\CA\DSM\Bin\ccsmagtd.exe
      c:\program files\CA\DSM\Bin\amswmagt.exe
      c:\program files\CA\DSM\PMAgent\capmuamagt.exe
      c:\program files\CA\DSM\Bin\cfftplugin.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\program files\DellTPad\HidFind.exe
      c:\program files\DellTPad\Apntex.exe
      c:\program files\ISS\Proventia Desktop\blackice.exe
      c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      c:\windows\System32\wudfhost.exe
      .
      **************************************************************************
      .
      Completion time: 2011-06-18 2007 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-06-18 18:09
      ComboFix2.txt 2011-06-16 16:53
      .
      Pre-Run: 6.198.497.280 bytes free
      Post-Run: 6.153.826.304 bytes free
      .
      - - End Of File - - 0035D3969B33FA4B3D9EA0320287AC3A


      Un saludo
      scialfa

    6. #6
      Moderador Gral.
      Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      22.919

      Re: Se abre el explorer solo con publicidad

      Realiza estos pasos

      • Clic en INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR
      • Ahora copia y pega estos archivos dentro del Notepad (menos la palabra código)





      Código:
      KillAll::
      
      
      File::
      c:\windows\system32\drivers\LKD85.tmp
      c:\windows\system32\drivers\LKD2EF.tmp
      
      Folder::
      c:\program files\Tutoriales100
      
      Registry::
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F2CC692-D1B6-433e-BEFF-745CE8087980}]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Tutoriales100"=-


      • Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
      • Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware..
      • Cierra todas las ventanas abiertas. Arrastras el block de notas al icono de ComboFix que tenes en el escritorio, como muestra la imagen de abajo.



      • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.


      Me comentas si pararon las ventanas de publicidad.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de scialfa
      Registrado
      jun 2011
      Ubicación
      Coruña
      Mensajes
      4

      Re: Se abre el explorer solo con publicidad

      Hola DamianL_77,

      Muchas gracias, el tema ha mejorado muchiiiiiiiiiiiiiiisimo...de unas 20 que se me abrian en unos minutos, hemos pasado a una cada cierto tiempo...
      te adjunto el log:

      ComboFix 11-06-15.02 - 100027982 19/06/2011 21:34:24.3.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.1217 [GMT 2:00]
      Running from: d:\documents and settings\100027982\Desktop\ComboFix.exe
      Command switches used :: d:\documents and settings\100027982\Desktop\CFScript.txt
      AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
      FW: Proventia Desktop *Enabled* {E1EC88C6-49C8-4599-8097-09F7E1CB6A15}
      FW: Sophos Client Firewall *Enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}
      .
      FILE ::
      "c:\windows\system32\drivers\LKD2EF.tmp"
      "c:\windows\system32\drivers\LKD85.tmp"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Tutoriales100
      c:\program files\Tutoriales100\avast.exe
      c:\program files\Tutoriales100\confmedia.cyp
      c:\program files\Tutoriales100\desinstall.exe
      c:\program files\Tutoriales100\tutoriales100.exe
      c:\program files\Tutoriales100\tutoriales100BHO.dll
      c:\program files\Tutoriales100\unins000.dat
      c:\program files\Tutoriales100\unins000.exe
      c:\program files\Tutoriales100\unins001.dat
      c:\program files\Tutoriales100\unins001.exe
      c:\windows\system32\drivers\LKD2EF.tmp
      c:\windows\system32\drivers\LKD85.tmp
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-05-19 to 2011-06-19 )))))))))))))))))))))))))))))))
      .
      .
      2011-06-16 16:03 . 2011-06-16 16:03 4128845 ----a-w- c:\temp\limpiar malware\ComboFix.exe
      2011-06-15 18:46 . 2011-06-15 16:33 9435312 ----a-w- c:\temp\limpiar malware\mbam-setup-1.51.0.1200.exe
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\100027982\Application Data\Malwarebytes
      2011-06-15 16:33 . 2011-06-15 16:33 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
      2011-06-15 16:23 . 2011-06-15 16:23 3096424 ----a-w- c:\temp\limpiar malware\ccsetup307.exe
      2011-06-14 21:34 . 2011-06-14 21:34 6400728 ----a-w- c:\temp\gusetup_slim.exe
      2011-06-14 20:40 . 2011-06-14 20:40 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2011-06-14 20:38 . 2011-06-14 20:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
      2011-06-14 20:37 . 2011-06-14 20:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
      2011-06-14 20:20 . 2011-06-14 20:21 -------- d-----w- d:\documents and settings\100027982\Application Data\Calendario
      2011-06-14 20:19 . 2011-06-14 20:19 843264 ----a-w- c:\windows\system32\rtl100.bpl
      2011-06-14 20:19 . 2011-06-14 20:19 1680896 ----a-w- c:\windows\system32\vcl100.bpl
      2011-06-14 20:18 . 2011-06-14 20:18 -------- d-----w- c:\program files\ROASOFT
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Application Data\Tutoriales100
      2011-06-14 20:13 . 2011-06-14 20:13 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      2011-06-14 20:12 . 2011-06-14 20:17 -------- d-----w- c:\program files\Object
      2011-06-14 06:38 . 2011-06-17 06:36 -------- d-----w- c:\program files\Hard Disk Sentinel
      2011-06-14 06:37 . 2011-06-09 18:25 9644752 ----a-w- c:\temp\TotalAudioConverter.exe
      2011-06-14 06:37 . 2011-06-09 18:29 6927505 ----a-w- c:\temp\Setup_FreeConverter.exe
      2011-06-12 18:09 . 2010-08-01 10:38 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
      2011-06-12 18:09 . 2010-08-01 10:38 399920 ----a-w- c:\windows\system32\vmnat.exe
      2011-06-12 18:09 . 2010-08-01 10:36 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
      2011-06-12 18:09 . 2010-08-01 10:38 760368 ----a-w- c:\windows\system32\vnetlib.dll
      2011-06-12 18:09 . 2010-08-01 10:37 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
      2011-06-09 18:29 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
      2011-06-09 18:29 . 2011-06-09 18:29 -------- d-----w- c:\program files\Free Audio Pack
      2011-06-09 18:26 . 2011-06-09 18:26 -------- d-----w- d:\documents and settings\100027982\Application Data\Softplicity
      2011-06-09 18:25 . 2011-06-09 18:28 -------- d-----w- c:\program files\TotalAudioConverter
      2011-05-24 17:05 . 2011-06-15 15:37 -------- d-----w- d:\documents and settings\100027982\Local Settings\Application Data\VMware
      2011-05-24 13:58 . 2011-04-13 13:34 94208 ----a-w- c:\temp\CCC TRaining\CCC70SP3\70sp3\Deio\Program\CriticalCareClinisoft\PDEV\DDPB840.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-06-17 11:19 . 2009-12-02 13:07 176128 -c--a-w- c:\windows\safeboot.scr
      2011-06-17 11:19 . 2009-12-02 13:06 4752 ----a-w- c:\windows\system32\drivers\rsvlock.sys
      2011-06-17 11:19 . 2009-12-02 13:06 44848 ----a-w- c:\windows\system32\drivers\sbalg.sys
      2011-06-17 11:19 . 2009-12-02 13:06 14864 ----a-w- c:\windows\system32\drivers\sbprcctl.sys
      2011-06-17 11:19 . 2009-12-02 13:07 30267 ----a-w- c:\windows\system32\drivers\safeboot.sys
      2011-06-17 11:19 . 2009-12-02 13:06 6096 ----a-w- c:\windows\system32\drivers\sbflop.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-21 466944]
      "DsmSxplog"="c:\program files\CA\DSM\Bin\sxpstub.exe" [2007-03-03 24592]
      "CAF_SystemTray"="c:\program files\CA\DSM\bin\cfSysTray.exe" [2007-03-03 124432]
      "TempRemove"="c:\program files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 7680]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-24 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-24 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-24 136192]
      "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2011-06-17 49212]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-09 483420]
      "SophosNAC_Agent"="c:\program files\Sophos\NAC\AgntTray.exe" [2009-05-01 1373792]
      "GEvpnPacCheck"="c:\program files\Juniper Networks\VPN_PAC_CHECK.vbs" [2009-04-06 1747]
      "OdTray.exe"="c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2009-08-12 955688]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
      "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-08-01 64048]
      "UpdateTutoriales100"="d:\documents and settings\100027982\Application Data\Tutoriales100\Update Tutoriales 100\UpdateTutoriales100HP.exe" [2011-05-17 655360]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      d:\documents and settings\All Users\Start Menu\Programs\Startup\
      Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-16 604776]
      Proventia Desktop Agent.lnk - [N/A]
      Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-10-20 429096]
      VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-11-20 6144]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
      2007-03-03 12:30 27664 ----a-w- c:\program files\CA\DSM\Bin\cfWlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
      2010-07-13 06:48 202024 ----a-w- c:\windows\system32\odyEvent.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
      2004-11-01 11:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
      path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
      backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
      2010-07-07 20:39 3677496 ----a-w- c:\program files\WebEx\Connect\connect.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-10-16 09:04 136176 ----atw- d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
      2008-04-14 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
      2003-08-19 10:18 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
      2006-08-11 07:45 712704 ----a-w- c:\program files\Maxtor\ManagerApp\OneTouch.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2010-04-28 18:26 252928 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
      2008-04-14 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
      2006-08-11 10:15 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      2008-04-14 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
      2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "NTService1"=2 (0x2)
      "MaxBackServiceInt"=2 (0x2)
      "gusvc"=3 (0x3)
      "gupdate"=2 (0x2)
      "awhost32"=3 (0x3)
      "Apple Mobile Device"=2 (0x2)
      "VmbService"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=
      "c:\\Program Files\\WebEx\\Connect\\widget.exe"=
      "c:\\Program Files\\WebEx\\Connect\\connect.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
      .
      R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [8/12/2009 4:15 AM 9856]
      R0 odFips2;odFips2;c:\windows\system32\drivers\odFIPS2.sys [8/12/2009 4:15 AM 282496]
      R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\safeboot.sys [12/2/2009 3:07 PM 30267]
      R0 SBAlg;SBAlg;c:\windows\system32\drivers\sbalg.sys [12/2/2009 3:06 PM 44848]
      R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [12/2/2009 3:06 PM 4752]
      R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/20/2009 5:00 AM 152192]
      R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/20/2009 5:00 AM 24064]
      R1 SBFlop;SBFlop;c:\windows\system32\drivers\sbflop.sys [12/2/2009 3:06 PM 6096]
      R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\sbprcctl.sys [12/2/2009 3:06 PM 14864]
      R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [11/20/2009 5:02 AM 100136]
      R2 BlackICE;BlackICE;c:\program files\ISS\Proventia Desktop\blackd.exe [11/20/2009 4:36 AM 2011473]
      R2 caf;CA DSM r11 Common Application Framework.;c:\program files\CA\DSM\Bin\CAF.exe [3/3/2007 2:30 PM 194064]
      R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [8/11/2009 9:14 PM 132392]
      R2 NMSAccess32;NMSAccess32;c:\windows\system32\NMSAccess32.exe [1/12/2009 7:15 AM 71096]
      R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\sbmgrnt.exe [12/2/2009 3:07 PM 49212]
      R2 SAVAdminService;Indicador del estado de Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/20/2010 9:36 AM 104488]
      R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/20/2010 9:36 AM 93736]
      R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\Sophos\Sophos Client Firewall\SCFManager.exe [10/20/2010 9:36 AM 125992]
      R2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\Sophos\Sophos Client Firewall\SCFService.exe [10/20/2010 9:36 AM 30248]
      R2 Sophos NAC Agent API;Sophos NAC Agent API;c:\program files\Sophos\NAC\AgentAPI.exe [5/1/2009 1:07 PM 9001056]
      R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/1/2010 12:39 PM 70704]
      R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/1/2010 11:39 AM 539184]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\ISS\Proventia Desktop\vpatch.exe [11/20/2009 4:36 AM 426333]
      R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/19/2009 6:23 PM 112512]
      R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [11/19/2009 6:23 PM 32808]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/2/2009 1:52 PM 244368]
      R3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [8/12/2009 4:30 AM 136488]
      R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\drivers\ewusbmdm.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\drivers\ewusbapp.sys [11/26/2009 10:44 AM 65152]
      R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\drivers\ewusbser.sys [11/26/2009 10:44 AM 65152]
      R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/20/2009 5:30 AM 110080]
      R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/13/2009 6:18 PM 419496]
      R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [6/13/2009 6:18 PM 29312]
      R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [11/20/2009 4:36 AM 76849]
      R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [11/20/2009 4:36 AM 47788]
      R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [3/1/2010 6:35 PM 80000]
      R4 black;black;c:\windows\system32\drivers\Blackcat.sys [11/20/2009 4:36 AM 197106]
      S0 iaStor_760;Intel AHCI Controller;c:\windows\system32\drivers\iaStor_760.sys [4/2/2009 1:38 PM 324120]
      S0 iaStor_8400;Intel RAID Controller;c:\windows\system32\drivers\iastor8400.sys [4/2/2009 1:38 PM 824960]
      S0 iaStor_E6400;Intel RAID Controller;c:\windows\system32\drivers\iaStor_E6400.sys [4/2/2009 1:38 PM 318488]
      S0 iastor3400;Intel AHCI Controller;c:\windows\system32\drivers\iaStor3400.sys [4/2/2009 1:38 PM 308248]
      S0 iaStor390;Intel AHCI Controller;c:\windows\system32\drivers\iaStor390.sys [4/2/2009 1:38 PM 304920]
      S0 iastor755;Intel AHCI Controller;c:\windows\system32\drivers\IaStor755.sys [4/2/2009 1:38 PM 305176]
      S0 symmpi_8400;symmpi_8400;c:\windows\system32\drivers\symmpi8400.sys [4/2/2009 1:38 PM 92288]
      S0 symmpi_vmware;symmpi_vmware;c:\windows\system32\drivers\symmpi_vmware.sys [4/2/2009 1:38 PM 39760]
      S0 symmpi7400;symmpi7400;c:\windows\system32\drivers\symmpi7400.sys [4/2/2009 1:38 PM 100096]
      S2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/29/2010 6:43 PM 13224]
      S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664]
      S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [7/20/2010 1:30 PM 20504]
      S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [6/13/2009 6:18 PM 12288]
      S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
      S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
      S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [10/20/2010 9:36 AM 23928]
      S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12/29/2010 6:37 PM 150528]
      S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/20/2009 5:00 AM 14976]
      S4 VmbService;Servicio de Vodafone Mobile Broadband;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [4/28/2010 8:26 PM 9216]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - BMLoad
      *Deregistered* - uphcleanhlp
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookProfile.vbs]
      2010-12-10 11:31 9276 ----a-w- c:\program files\Microsoft Office\OutlookProfile.vbs
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PitchBuilderAS.EXE]
      2010-12-09 11:06 150280 ----a-w- c:\program files\Microsoft Office\Wizkit\PitchBuilderAS.EXE
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      2011-04-01 c:\windows\Tasks\At1.job
      - d:\support\TOOLS\DiskTidyUp.exe [2009-11-19 11:50]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 11:48]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722Core.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1962744943-1077359737-637696952-142722UA.job
      - d:\documents and settings\100027982\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-05 09:04]
      .
      2011-06-16 c:\windows\Tasks\New scheduled scan.job
      - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-10-20 07:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = <local>
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      LSP: bmnet.dll
      LSP: c:\program files\VMware\VMware Player\vsocklib.dll
      Trusted Zone: ge.com
      Trusted Zone: gebrandcentral.com
      Trusted Zone: gedigitalmedia.com
      Trusted Zone: gemediacentral.com
      Trusted Zone: genewscenter.com
      Trusted Zone: geolympiccentral.com
      Trusted Zone: ge.com
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab
      DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
      DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://crtvg.es/camweb/camera.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      AddRemove-Tutoriales 100_is1 - c:\program files\Tutoriales100\unins000.exe
      AddRemove-Tutoriales100 Avast_is1 - c:\program files\Tutoriales100\unins001.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-06-19 22:14
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
      "ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(1432)
      c:\program files\SafeBoot\SBGINA.DLL
      c:\program files\SafeBoot\SBIPC.DLL
      c:\program files\CA\DSM\Bin\cfwlogon.dll
      c:\windows\system32\odyEvent.dll
      .
      - - - - - - - > 'lsass.exe'(1444)
      c:\windows\system32\bmnet.dll
      .
      - - - - - - - > 'explorer.exe'(2440)
      c:\windows\system32\WININET.dll
      c:\windows\system32\btmmhook.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\btncopy.dll
      c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
      c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
      c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
      c:\windows\system32\LEXBCES.EXE
      c:\windows\system32\LEXPPS.EXE
      c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\CA\SC\CAM\bin\cam.exe
      c:\program files\Cisco Systems\VPN Client\cvpnd.exe
      c:\program files\Juniper Networks\Common Files\dsNcService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\msiexec.exe
      c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      c:\program files\ISS\Proventia Desktop\RapApp.exe
      c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe
      c:\program files\Sophos\AutoUpdate\ALsvc.exe
      c:\program files\Sophos\Remote Management System\RouterNT.exe
      c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      c:\program files\UPHClean\uphclean.exe
      c:\program files\VMware\VMware Player\vmware-authd.exe
      c:\windows\system32\vmnat.exe
      c:\windows\system32\vmnetdhcp.exe
      c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      c:\program files\CA\DSM\Bin\cfsmsmd.exe
      c:\program files\CA\DSM\Bin\ccnfagent.exe
      c:\program files\CA\DSM\Bin\cfnotsrvd.exe
      c:\program files\CA\DSM\Bin\ccsmagtd.exe
      c:\program files\CA\DSM\Bin\amswmagt.exe
      c:\program files\CA\DSM\PMAgent\capmuamagt.exe
      c:\program files\CA\DSM\Bin\cfftplugin.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\program files\DellTPad\HidFind.exe
      c:\program files\DellTPad\Apntex.exe
      c:\program files\ISS\Proventia Desktop\blackice.exe
      c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
      c:\program files\PC Connectivity Solution\ServiceLayer.exe
      c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
      c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
      c:\windows\System32\wudfhost.exe
      .
      **************************************************************************
      .
      Completion time: 2011-06-19 22:18:15 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-06-19 20:18
      ComboFix2.txt 2011-06-18 18:10
      ComboFix3.txt 2011-06-16 16:53
      .
      Pre-Run: 6.804.713.472 bytes free
      Post-Run: 6.747.254.784 bytes free
      .
      - - End Of File - - 15EC694C7381ED3249A606135B8B364A


      Un saludo
      Amara

    8. #8
      Moderador Gral.
      Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      22.919

      Re: Se abre el explorer solo con publicidad

      Realiza estos pasos

      • Clic en INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR
      • Ahora copia y pega estos archivos dentro del Notepad (menos la palabra código)




      Código:
      KillAll::
      
      Folder::
      d:\documents and settings\100027982\Application Data\Tutoriales100
      d:\documents and settings\100027982\Local Settings\Application Data\Tutoriales100
      c:\program files\Object
      
      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "UpdateTutoriales100"=-
      
      DDS::
      DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} - hxxp://americascomm01.ge.com/sametime/STMeetingRoomClient/STJNILoader.cab



      • Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
      • Antes de usar el CFScript....
      • Desactiva temporalmente el Antivirus y/o Antispyware..
      • Cierra todas las ventanas abiertas. Arrastras el block de notas al icono de ComboFix que tenes en el escritorio, como muestra la imagen de abajo.



      • ComboFix comenzará otra vez a ejecutarse, Cuando termine este generara un reporte que tendrías que pegar en este mismo mensaje.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.