• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    Win32/Olmarik TDL4

    Resumen del tema: Win32/Olmarik TDL4 - Hola, Según NOD32 tengo esta infección y por lo que he leido en este foro así parece, ya que desde google se me redirecciona a páginas de publicidad y no me deja entrar a los ...

      
    1. #1
      Usuario Avatar de N-Tech
      Registrado
      ago 2005
      Ubicación
      Chile
      Mensajes
      4

      Win32/Olmarik TDL4

      Hola,

      Según NOD32 tengo esta infección y por lo que he leido en este foro así parece, ya que desde google se me redirecciona a páginas de publicidad y no me deja entrar a los citios anti-spyware a menos que haga clic varias veces.

      También no puedo ver algunos archivos (como películas y mp3) pero no están borrados porque desde mis reproductores los puedo cargar aún.

      Seguí las instrucciones de este post: http://www.forospyware.com/t395948.html pero la herramienta TDSSKiller no se ejecuta, incluso cambiándole el nombre a iexplorer.exe.

      Les agradecería cualquier tipo de ayuda, un saludo!!!

    2. #2
      Ex-Colaborador Avatar de Zackrated
      Registrado
      ago 2009
      Ubicación
      León, México
      Mensajes
      7.947

      Re: Win32/Olmarik TDL4

      Hola


      Realiza lo siguiente:



      Descargar DDS.pif desde aquí y guardarla en su escritorio de Windows.
      • Si usas Firefox dale clic derecho y selecciona Guardar Como
      • Si falla lo anterior --> descarga DDS.scr

      Haga doble clic en dds.pif para ejecutar la herramienta y espere pacientemente el reporte.
      • Cuando haya terminado, DDS, se abrirá dos (2) los reportes:

      1. DDS.txt
      2. Attach.txt
      En la próxima respuesta:
      Pega los reportes llamados DDS.txt y Attach.txt

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de N-Tech
      Registrado
      ago 2005
      Ubicación
      Chile
      Mensajes
      4

      Re: Win32/Olmarik TDL4

      DDS:

      .
      DDS (Ver_2011-08-26.01) - NTFSAMD64
      Internet Explorer: 9.0.8112.16421
      Run by Nicolás Oneto at 18:22:41 on 2012-01-06
      Microsoft Windows 7 Professional 6.1.7601.1.1252.56.1033.18.8106.5377 [GMT 1:00]
      .
      AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
      SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: Cortafuegos personal de ESET *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\WLANExt.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Windows\system32\svchost.exe -k bthsvcs
      C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
      C:\Program Files\Intel\WiFi\bin\EvtEng.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
      C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
      C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
      C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
      C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
      C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
      C:\Program Files (x86)\iTunes\iTunesHelper.exe
      C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\Nicolás Oneto\Desktop\dds.scr
      C:\Windows\system32\REGSVR32.exe
      C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\SysWOW64\cscript.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://start.facemoods.com/?a=ddrnw
      uInternet Settings,ProxyOverride = *.local
      uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
      mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
      BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
      BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
      TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
      TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
      uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
      mRunOnce: [Launcher] C1\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
      mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
      mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
      mPolicies-system: EnableLUA = 0 (0x0)
      mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
      mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
      IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      TCP: DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{17461EB3-5A03-4332-909C-7E1113A97FB9} : DhcpNameServer = 192.168.1.1 192.168.1.1
      TCP: Interfaces\{6A3EA296-5ED8-4E69-A175-AF716866FCFF} : NameServer = 212.52.97.25 193.70.152.25
      TCP: Interfaces\{BB2C07CA-6C41-4C6C-8D39-5671D660D31D} : DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{BB2C07CA-6C41-4C6C-8D39-5671D660D31D}\75C414E4D2147363332383 : DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{E71DEC0D-B067-4688-9D41-662CB2E40EE9} : DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{E71DEC0D-B067-4688-9D41-662CB2E40EE9}\377796373736F6D6 : DhcpNameServer = 192.168.48.1
      TCP: Interfaces\{E71DEC0D-B067-4688-9D41-662CB2E40EE9}\75C414E4D2147363332383 : DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{E71DEC0D-B067-4688-9D41-662CB2E40EE9}\845716775696025453D263437356 : DhcpNameServer = 192.168.1.1 192.168.1.1
      TCP: Interfaces\{E71DEC0D-B067-4688-9D41-662CB2E40EE9}\A414A5A54554C4F523031313 : DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{E71DEC0D-B067-4688-9D41-662CB2E40EE9}\C657B656026616D696C697 : DhcpNameServer = 192.168.1.1
      Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO-X64: AcroIEHelperStub - No File
      BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
      BHO-X64: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
      BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      BHO-X64: SkypeIEPluginBHO - No File
      BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      BHO-X64: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
      TB-X64: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
      TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
      mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
      mRunOnce-x64: [Launcher] C1\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
      mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Nicolás Oneto\AppData\Roaming\Mozilla\Firefox\Profiles\eeak8xet.default\
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
      R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
      R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
      R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-30 98208]
      R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
      R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
      R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
      R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-4-9 731840]
      R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
      R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-6 652872]
      R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-30 1692480]
      R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
      R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-30 2656280]
      R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
      R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
      R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
      R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
      R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
      R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
      R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
      R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
      R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
      R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
      R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
      R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
      R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
      R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
      R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
      R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
      R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
      S2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-8-19 229376]
      S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
      S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
      S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
      S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys --> C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [?]
      S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys --> C:\Windows\system32\DRIVERS\ew_juextctrl.sys [?]
      S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys --> C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [?]
      S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
      S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
      S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
      S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
      S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
      S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
      .
      =============== Created Last 30 ================
      .
      2012-01-06 17:22:42 -------- d-----w- C:\Users\Nicolßs Oneto\AppData\Local\Microsoft
      2012-01-06 16:31:27 -------- d-----w- C:\Users\Nicolás Oneto\AppData\Roaming\Malwarebytes
      2012-01-06 16:31:16 -------- d-----w- C:\ProgramData\Malwarebytes
      2012-01-06 16:31:15 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2012-01-06 16:31:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      2012-01-06 15:15:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36DBE834-7E62-48D4-8CE0-2B0949116F95}\offreg.dll
      2012-01-06 14:28:47 98816 ----a-w- C:\Windows\sed.exe
      2012-01-06 14:28:47 518144 ----a-w- C:\Windows\SWREG.exe
      2012-01-06 14:28:47 256000 ----a-w- C:\Windows\PEV.exe
      2012-01-06 14:28:47 208896 ----a-w- C:\Windows\MBR.exe
      2012-01-06 14:27:25 -------- d-----w- C:\Belahzur
      2012-01-06 10:44:56 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36DBE834-7E62-48D4-8CE0-2B0949116F95}\mpengine.dll
      2012-01-05 16:54:36 -------- d-----w- C:\Program Files (x86)\EA SPORTS
      2011-12-26 17:31:44 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
      2011-12-26 17:31:44 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
      2011-12-26 17:31:44 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
      2011-12-26 17:31:44 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
      2011-12-23 14:29:00 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
      2011-12-15 12:49:50 -------- d-----w- C:\Program Files (x86)\mp3releaser
      2011-12-15 01:29:42 -------- d--h--w- C:\ProgramData\WindSolutions
      2011-12-15 01:29:42 -------- d-----w- C:\Users\Nicolás Oneto\AppData\Roaming\WindSolutions
      2011-12-15 00:56:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
      2011-12-15 00:56:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
      2011-12-15 00:56:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
      2011-12-15 00:55:28 -------- d-----w- C:\Program Files\iPod
      2011-12-15 00:55:27 -------- d-----w- C:\Program Files\iTunes
      2011-12-15 00:55:27 -------- d-----w- C:\Program Files (x86)\iTunes
      2011-12-14 12:45:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
      2011-12-14 12:45:51 2048 ----a-w- C:\Windows\System32\tzres.dll
      2011-12-14 12:45:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll
      2011-12-14 12:45:07 3145216 ----a-w- C:\Windows\System32\win32k.sys
      2011-12-14 12:45:06 723456 ----a-w- C:\Windows\System32\EncDec.dll
      2011-12-14 12:45:06 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
      .
      ==================== Find3M ====================
      .
      2011-11-15 13:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
      2011-10-28 1347 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
      2011-10-27 07:23:58 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2011-10-24 12:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
      2011-10-24 12:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
      .
      ============= FINISH: 18:30:40,19 ===============

      Attach:

      .
      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2011-08-26.01)
      .
      Microsoft Windows 7 Professional
      Boot Device: \Device\HarddiskVolume2
      Install Date: 22-06-2011 19:05:10
      System Uptime: 06-01-2012 16:12:16 (2 hours ago)
      .
      Motherboard: Dell Inc. | | 0YH79Y
      Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
      .
      ==== Disk Partitions =========================
      .
      C: is FIXED (NTFS) - 684 GiB total, 489,07 GiB free.
      D: is CDROM ()
      E: is CDROM ()
      .
      ==== Disabled Device Manager Items =============
      .
      ==== System Restore Points ===================
      .
      RP88: 27-12-2011 17:25:56 - Windows Update
      RP89: 31-12-2011 18:23:51 - Restore Operation
      RP90: 31-12-2011 18:49:45 - Windows Update
      RP91: 01-01-2012 18:46:08 - Windows Update
      RP92: 06-01-2012 11:39:23 - Windows Update
      RP93: 06-01-2012 11:49:57 - Windows Update
      .
      ==== Installed Programs ======================
      .
      Update for Microsoft Office 2007 (KB2508958)
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 11 Plugin
      Adobe Reader X MUI
      Advanced Audio FX Engine
      Apple Application Support
      Apple Software Update
      Ashampoo Burning Studio 6 FREE v.6.80
      µTorrent
      Audioscrobbler for foobar2000 (remove only)
      Best Buy pc app
      BS Player Toolbar
      BS.Player FREE
      CLEAR™ WiMAX Tutorial
      Conduit Engine
      DAEMON Tools Lite
      Dell DataSafe Local Backup
      Dell DataSafe Local Backup - Support Software
      Dell MusicStage
      Dell PhotoStage
      Dell Product Registration
      Dell Stage
      Dell VideoStage
      Dell Webcam Central
      Desinstalación de CopyTrans Suite solamente
      Dropbox
      FIFA 12 (c) EA version 1
      FIFA 2005
      foobar2000 v0.9.5.5
      Intel(R) Control Center
      Intel(R) Management Engine Components
      Intel(R) Processor Graphics
      Intel(R) Wireless Display
      IrfanView (remove only)
      Java Auto Updater
      Java(TM) 6 Update 24
      JDownloader 0.9
      K-Lite Codec Pack 7.2.8 (Full)
      LTspice IV
      Malwarebytes Anti-Malware versión 1.60.0.1800
      Microsoft Office 2007 Service Pack 3 (SP3)
      Microsoft Office Excel 2007 Help Actualización (KB963678)
      Microsoft Office Excel MUI (Spanish) 2007
      Microsoft Office File Validation Add-In
      Microsoft Office Outlook 2007 Help Actualización (KB963677)
      Microsoft Office Outlook MUI (Spanish) 2007
      Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
      Microsoft Office PowerPoint MUI (Spanish) 2007
      Microsoft Office Proof (Basque) 2007
      Microsoft Office Proof (Catalan) 2007
      Microsoft Office Proof (English) 2007
      Microsoft Office Proof (French) 2007
      Microsoft Office Proof (Galician) 2007
      Microsoft Office Proof (Portuguese (Brazil)) 2007
      Microsoft Office Proof (Spanish) 2007
      Microsoft Office Proofing (Spanish) 2007
      Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      Microsoft Office Shared MUI (Spanish) 2007
      Microsoft Office Standard 2007
      Microsoft Office Word 2007 Help Actualización (KB963665)
      Microsoft Office Word MUI (Spanish) 2007
      Microsoft Silverlight
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2005 Redistributable - KB2467175
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
      Mobile Partner
      Mozilla Firefox 9.0.1 (x86 es-CL)
      Mozilla Thunderbird (8.0)
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      PokerStars.it
      QuickTime
      Realtek High Definition Audio Driver
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
      Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
      Skype Click to Call
      Skype™ 5.5
      Total Commander (Remove or Repair)
      TP-LINK Wireless Client Utility
      Update for 2007 Microsoft Office System (KB967642)
      Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
      Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
      Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
      Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
      Update for Outlook 2007 Junk Email Filter (KB2596560)
      Web Camera Control
      Windows Live Mesh ActiveX Control for Remote Connections
      Windows Live Messenger
      WinSCP 4.1.9
      xGPS Manager 1.1.5
      .
      ==== Event Viewer Messages From Past Week ========
      .
      31-12-2011 18:51:46, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.117.1973.0).
      31-12-2011 18:45:51, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
      31-12-2011 18:43:45, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
      06-01-2012 16:58:03, Error: Service Control Manager [7034] - The DCService.exe service terminated unexpectedly. It has done this 1 time(s).
      06-01-2012 16:11:31, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
      06-01-2012 16:07:09, Error: Application Popup [1060] - \??\C:\Belahzur\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
      06-01-2012 15:38:13, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.
      06-01-2012 15:25:37, Error: Service Control Manager [7034] - The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
      06-01-2012 15:25:37, Error: Service Control Manager [7034] - The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).
      06-01-2012 11:58:13, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
      06-01-2012 11:41:56, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.117.2358.0).
      05-01-2012 22:29:19, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
      03-01-2012 17:50:34, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
      02-01-2012 13:17:06, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address E0-B9-A5-7E-64-C9. Network operations on this system may be disrupted as a result.
      02-01-2012 12:29:30, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
      02-01-2012 12:16:31, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
      .
      ==== End Of File ===========================

    4. #4
      Ex-Colaborador Avatar de Zackrated
      Registrado
      ago 2009
      Ubicación
      León, México
      Mensajes
      7.947

      Re: Win32/Olmarik TDL4

      Hola

      Has hecho uso de ComboFix


      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      Por favor realiza lo siguiente

      PASO 1

      Desisntala lo siguiente si está
      • BS Player Toolbar:
      • Conduit Engine
      • Skype Toolbar


      PASO 2

      Pega el reporte de ComboFix ubicado en C:\ComboFix.txt

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de N-Tech
      Registrado
      ago 2005
      Ubicación
      Chile
      Mensajes
      4

      Re: Win32/Olmarik TDL4

      ComboFix 12-01-05.04 - Nicolás Oneto 06-01-2012 15:36:51.1.4 - x64
      Microsoft Windows 7 Professional 6.1.7601.1.1252.56.1033.18.8106.6300 [GMT 1:00]
      Running from: c:\downloads\Belahzur.exe
      AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
      FW: Cortafuegos personal de ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
      SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\install.exe
      c:\programdata\~0vkCa35v7Q8fJ8
      c:\programdata\~0vkCa35v7Q8fJ8r
      c:\programdata\0vkCa35v7Q8fJ8
      c:\programdata\Roaming
      c:\windows\pkunzip.pif
      c:\windows\pkzip.pif
      c:\windows\system32\java.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Service_usnjsvc
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
      .
      .
      2012-01-06 15:15 . 2012-01-06 15:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36DBE834-7E62-48D4-8CE0-2B0949116F95}\offreg.dll
      2012-01-06 15:09 . 2012-01-06 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-01-06 10:44 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36DBE834-7E62-48D4-8CE0-2B0949116F95}\mpengine.dll
      2012-01-05 16:54 . 2012-01-05 16:54 -------- d-----w- c:\program files (x86)\EA SPORTS
      2011-12-26 17:31 . 2001-04-11 17:25 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
      2011-12-26 17:31 . 2001-04-11 17:25 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
      2011-12-26 17:31 . 2001-04-11 17:21 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
      2011-12-26 17:31 . 2001-04-11 17:20 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
      2011-12-23 14:29 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
      2011-12-16 18:08 . 2012-01-06 11:13 -------- d-----w- c:\users\Nicolás Oneto\AppData\Local\Google
      2011-12-15 12:49 . 2011-12-31 17:34 -------- d-----w- c:\program files (x86)\mp3releaser
      2011-12-15 01:29 . 2011-12-15 01:33 -------- d-----w- c:\users\Nicolás Oneto\AppData\Roaming\WindSolutions
      2011-12-15 01:29 . 2011-12-15 01:32 -------- d--h--w- c:\programdata\WindSolutions
      2011-12-15 00:56 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
      2011-12-15 00:56 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
      2011-12-15 00:56 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
      2011-12-15 00:55 . 2011-12-31 17:31 -------- d-----w- c:\program files\iPod
      2011-12-15 00:55 . 2011-12-31 17:34 -------- d-----w- c:\program files\iTunes
      2011-12-15 00:55 . 2011-12-31 17:34 -------- d-----w- c:\program files (x86)\iTunes
      2011-12-14 12:45 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
      2011-12-14 12:45 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
      2011-12-14 12:45 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
      2011-12-14 12:45 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
      2011-12-14 12:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
      2011-12-14 12:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-11-15 13:29 . 2011-08-20 15:28 270720 ------w- c:\windows\system32\MpSigStub.exe
      2011-10-28 13:10 . 2011-10-28 13:10 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
      2011-10-27 07:23 . 2011-06-29 15:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
      2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
      .
      [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
      2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
      2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_P.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
      "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
      .
      [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
      .
      [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
      "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
      "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
      .
      c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
      R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
      R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
      R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
      R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
      R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
      R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
      R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
      S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
      S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
      S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
      S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
      S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
      S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-04-09 731840]
      S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
      S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
      S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
      S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
      S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
      S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
      S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
      S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
      S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
      S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
      S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
      S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
      S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
      S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
      S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
      S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
      S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
      S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
      S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      .
      --------- x86-64 -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 97792 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 97792 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 97792 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 97792 ----a-w- c:\users\Nicolás Oneto\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]
      "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
      "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
      "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2692008]
      "combofix"="c:\belahzur\CF32100.3XE" [2010-11-20 345088]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://start.facemoods.com/?a=ddrnw
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.1
      TCP: Interfaces\{6A3EA296-5ED8-4E69-A175-AF716866FCFF}: NameServer = 212.52.97.25 193.70.152.25
      FF - ProfilePath - c:\users\Nicolás Oneto\AppData\Roaming\Mozilla\Firefox\Profiles\eeak8xet.default\
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Toolbar-Locked - (no file)
      WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
      WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.10"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
      "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
      00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
      c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
      c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
      c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
      c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      .
      **************************************************************************
      .
      Completion time: 2012-01-06 16:35:45 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-01-06 15:35
      .
      Pre-Run: 525.063.581.696 bytes free
      Post-Run: 525.158.694.912 bytes free
      .
      - - End Of File - - 7858F350B3266647BB750A4B82FB161C

    6. #6
      Usuario Avatar de N-Tech
      Registrado
      ago 2005
      Ubicación
      Chile
      Mensajes
      4

      Re: Win32/Olmarik TDL4

      nada?

      no sé si es paranoia mía o los usb no están funcionando correctamente ahora...