• Registrarse
  • Iniciar sesión


  • Resultados 1 al 10 de 10

    Virus que abre ventanas de facebook (Solucionado)

    Resumen del tema: Virus que abre ventanas de facebook (Solucionado) - Seria conveniente que leyeras los siguientes temas para estar informad@. * Politicas del Foro * Consejos Punto 6 * Políticas del Foro HijackThis * http://www.forospyware.com/t52459.html * Normas del Foro Off-Topic Hola, yo realicé los pasos ...

      
    1. #1
      Usuario Avatar de ultrakml
      Registrado
      mar 2012
      Ubicación
      Cali - Colombia
      Mensajes
      8

      Atención Virus que abre ventanas de facebook (Solucionado)

      Seria conveniente que leyeras los siguientes temas para estar informad@.

      *Politicas del Foro

      *Consejos Punto 6

      *Políticas del Foro HijackThis

      *http://www.forospyware.com/t52459.html

      *Normas del Foro Off-Topic





      Hola, yo realicé los pasos mencionados por LUCHI2009, pero solo me generó dos reportes que fué el de Malwarebytes y el de ESET Online. Con el LopSD no genero ningun informe, simplemente se cerró despues de terminar la exploracion. Igualmente les adjunto los archivos resultantes.

      MALWAREBYTES

      Malwarebytes Anti-Malware 1.60.1.1000
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.03.24.01

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      RAY :: RAYKEMAR [administrador]

      24/03/2012 08:40:22 a.m.
      mbam-log-2012-03-24 (08-40-22).txt

      Tipos de Análisis: Análisis Completo
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 423228
      Tiempo transcurrido: 45 minuto(s), 1 segundo(s)

      Procesos en Memoria Detectados: 1
      C:\Users\RAY\AppData\Roaming\cacaoweb\cacaoweb.exe (Trojan.Agent) -> 2596 -> Se eliminarán al reiniciar.

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 32
      HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\funmoodsApp.appCore.1 (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\funmoodsApp.appCore (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\f (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\funmoods.dskBnd.1 (PUP.FunMoods) -> No se tomaron medidas.
      HKCR\funmoods.dskBnd (PUP.FunMoods) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No se tomaron medidas.
      HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No se tomaron medidas.
      HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No se tomaron medidas.
      HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No se tomaron medidas.
      HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> No se tomaron medidas.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No se tomaron medidas.
      HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 3
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> datos: Funmoods Toolbar -> No se tomaron medidas.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cacaoweb (Trojan.Agent) -> datos: "C:\Users\RAY\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> datos: 215 Apps -> En cuarentena y eliminado con éxito.

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 1
      C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.

      Archivos Detectados: 23
      C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsApp.dll (PUP.FunMoods) -> No se tomaron medidas.
      C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsEng.dll (PUP.FunMoods) -> No se tomaron medidas.
      C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodssrv.exe (PUP.FunMoods) -> No se tomaron medidas.
      C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll (PUP.FunMoods) -> No se tomaron medidas.
      C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\uninstall.exe (PUP.FunMoods) -> No se tomaron medidas.
      C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> No se tomaron medidas.
      C:\Users\RAY\AppData\Roaming\cacaoweb\cacaoweb.exe (Trojan.Agent) -> Se eliminarán al reiniciar.
      C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
      C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
      C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
      C:\Windows\assembly\tmp\U\800000cb.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
      C:\Users\postgres.RAYKEMAR\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
      C:\Users\RAY\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.

      fin)

      ESET ONLINE


      ESETSmartInstaller@High as downloader log:
      all ok
      # version=7
      # OnlineScannerApp.exe=1.0.0.1
      # OnlineScanner.ocx=1.0.0.6583
      # api_version=3.0.2
      # EOSSerial=3e4df32a7aff5c41b9ed1a7abd92eeaf
      # end=finished
      # remove_checked=true
      # archives_checked=true
      # unwanted_checked=true
      # unsafe_checked=true
      # antistealth_checked=true
      # utc_time=2012-03-24 04:25:14
      # local_time=2012-03-24 11:25:14 (-0500, Hora est. Pacífico, Sudamérica)
      # country="Colombia"
      # lang=3082
      # osver=6.1.7601 NT Service Pack 1
      # compatibility_mode=769 16774142 0 7 58842 124865398 0 0
      # compatibility_mode=1280 16777215 100 0 7241229 7241229 0 0
      # compatibility_mode=5893 16776574 66 94 6335572 84144297 0 0
      # compatibility_mode=8192 67108863 100 0 0 0 0 0
      # scanned=160936
      # found=7
      # cleaned=6
      # scan_time=5467
      C:\ProgramData\36B6A775000023EE000BC6B2B4EB2331\36B6A775000023EE000BC6B2B4EB2331.exe una variante de Win32/Kryptik.ABZK Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Users\RAY\Downloads\cnet2_ppt2html_exe.exe una variante de Win32/InstallCore.D aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Users\RAY\Downloads\DBF.to.SQL.Converter.v1.20.keygen.by.Inferno.zip una variante de Win32/Nebuler.CT Troyano (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Windows\assembly\tmp\U\000000c0.@ Win32/Agent.TMK Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Windows\Microsoft.NET\Framework\FMwork\wimtd.exe una variante de Win32/HiddenStart.A aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
      C:\Windows\System32\msizwy32.dll una variante de Win32/Nebuler.DA Troyano (no se ha podido desinfectar - archivo eliminado (después del próximo reinicio) - puesto en Cuarentena) 00000000000000000000000000000000 C
      ${Memory} una variante de Win32/Nebuler.DA Troyano 00000000000000000000000000000000 I

      Gracias de antemano y espero su respuesta.

    2. #2
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.670

      Re: Virus que abre ventanas de facebook

      Buenas


      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.Comentando como esta funcionado tu sistema.


      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de ultrakml
      Registrado
      mar 2012
      Ubicación
      Cali - Colombia
      Mensajes
      8

      Re: Virus que abre ventanas de facebook

      Hola, este es el registro que me generó el combofix:

      ComboFix 12-03-22.01 - RAY 24/03/2012 12:39:31.1.3 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.57.3082.18.3835.2651 [GMT -5:00]
      Running from: c:\users\RAY\Downloads\ANTIVIRUS\ComboFix.exe
      AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
      FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
      SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\RAY\AppData\Local\905222b5\U
      c:\users\RAY\AppData\Local\905222b5\U\80000000.@
      c:\users\RAY\AppData\Roaming\cacaoweb
      c:\users\RAY\AppData\Roaming\cacaoweb\npdfile.dat
      c:\users\RAY\AppData\Roaming\cacaoweb\storage.db
      c:\windows\assembly\tmp\U
      c:\windows\assembly\tmp\U\000000cb.@
      c:\windows\assembly\tmp\U\000000cf.@
      c:\windows\assembly\tmp\U\80000000.@
      c:\windows\assembly\tmp\U\800000cf.@
      c:\windows\system32\wlancig.dll
      c:\windows\SysWow64\CmdLineExt.dll
      c:\windows\SysWow64\Packet.dll
      c:\windows\SysWow64\WanPacket.dll
      c:\windows\SysWow64\wpcap.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Service_DS1410D
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
      .
      .
      2012-03-24 17:46 . 2012-03-24 17:46 -------- d-----w- c:\users\postgres\AppData\Local\temp
      2012-03-24 16:27 . 2012-03-24 16:30 -------- d-----w- C:\Lop SD
      2012-03-24 14:35 . 2012-03-24 14:35 -------- d-----w- c:\program files (x86)\ESET
      2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-03-24 13:36 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-03-18 17:43 . 2012-01-23 14:17 143360 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
      2012-03-18 17:43 . 2012-03-18 17:47 -------- d-----w- c:\program files (x86)\Babylon
      2012-03-17 19:18 . 2012-03-17 19:18 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
      2012-03-17 19:18 . 2012-03-17 19:18 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
      2012-03-16 22:03 . 2012-03-16 22:06 -------- d-----w- c:\users\RAY\AppData\Local\Microsoft Games
      2012-03-16 05:24 . 2012-03-16 05:24 50 ----a-w- C:\user.js
      2012-03-16 05:23 . 2012-03-16 05:23 -------- d-----w- c:\program files (x86)\Funmoods
      2012-03-16 04:59 . 2012-03-16 04:59 -------- d-----w- c:\users\RAY\AppData\Roaming\player
      2012-03-16 04:59 . 2012-03-16 04:59 -------- d-----w- c:\program files (x86)\Tuguu SL
      2012-03-16 04:51 . 2012-03-16 04:51 -------- d-----w- c:\users\RAY\AppData\Local\Google
      2012-03-16 04:51 . 2012-03-16 04:51 -------- d-----w- c:\users\RAY\AppData\Local\I Want This
      2012-03-13 15:24 . 2012-03-13 15:24 23856 ----a-w- c:\windows\system32\drivers\SirefefRemover.sys
      2012-03-13 03:56 . 2012-03-13 03:56 -------- d-----w- c:\program files\Alwil Software
      2012-03-12 16:47 . 2012-03-12 16:47 -------- d-----w- c:\users\RAY\AppData\Roaming\Malwarebytes
      2012-03-12 16:47 . 2012-03-12 16:47 -------- d-----w- c:\programdata\Malwarebytes
      2012-03-12 04:37 . 2012-03-12 04:37 -------- d-sh--w- c:\windows\system32\%APPDATA%
      2012-03-11 14:13 . 2012-03-24 15:22 -------- d-----w- c:\programdata\36B6A775000023EE000BC6B2B4EB2331
      2012-03-11 03:31 . 2012-03-13 15:22 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
      2012-03-11 03:30 . 2012-03-24 17:45 -------- d-sh--w- c:\users\RAY\AppData\Local\905222b5
      2012-03-05 18:32 . 2012-03-05 18:32 -------- d-----w- c:\users\Invitado\AppData\Roaming\DivX
      2012-03-05 18:32 . 2012-03-05 18:32 -------- d-----w- c:\users\Invitado\AppData\Roaming\Media Player Classic
      2012-03-04 11:13 . 2012-03-11 14:55 -------- d-----w- c:\program files (x86)\AudacityPortable
      2012-03-03 15:30 . 2012-03-04 23:46 -------- d-----w- c:\users\RAY\AppData\Local\WMTools Downloaded Files
      2012-03-03 15:20 . 2012-03-11 14:55 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
      2012-03-03 15:17 . 2012-03-03 15:17 -------- d-----w- c:\users\RAY\AppData\Roaming\GetRightToGo
      2012-03-03 14:44 . 2012-03-03 14:44 -------- d-----w- c:\users\RAY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      2012-03-03 14:20 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
      2012-03-03 14:20 . 2012-03-03 14:20 -------- d-----w- c:\program files (x86)\XP Codec Pack
      2012-02-29 23:17 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
      2012-02-29 22:59 . 2012-03-22 13:52 -------- d-----w- c:\windows\system32\catroot2
      2012-02-29 20:49 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
      2012-02-29 20:48 . 2012-03-19 04:09 -------- d-----w- c:\users\RAY\AppData\Local\Microsoft Game Studios
      2012-02-29 20:48 . 2012-03-19 04:09 -------- d-----w- c:\programdata\Microsoft Games
      2012-02-29 20:45 . 2012-03-19 04:09 -------- d-----w- c:\users\RAY\AppData\Roaming\Microsoft Game Studios
      2012-02-28 14:58 . 2012-02-28 14:58 -------- d-----w- c:\program files (x86)\Total Video Converter
      2012-02-28 01:43 . 2012-03-24 17:57 -------- d-----w- c:\users\RAY\AppData\Roaming\Skype
      2012-02-28 01:43 . 2012-03-11 14:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
      2012-02-28 01:43 . 2012-03-11 14:55 -------- d-----r- c:\program files (x86)\Skype
      2012-02-28 01:43 . 2012-02-28 01:43 -------- d-----w- c:\programdata\Skype
      2012-02-27 01:24 . 2012-02-27 01:24 -------- d-----w- c:\windows\wb
      2012-02-26 00:21 . 2012-02-26 00:21 -------- d-----w- c:\users\RAY\AppData\Roaming\GeoVid
      2012-02-26 00:21 . 2012-02-26 00:21 -------- d-----w- c:\program files (x86)\GeoVid
      2012-02-25 23:56 . 2012-02-25 23:59 -------- d-----w- c:\program files (x86)\Convert PowerPoint to HTML
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-02-29 23:40 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
      2012-02-29 23:40 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      2012-02-16 21:12 . 2012-02-16 21:12 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
      2012-02-09 18:10 . 2011-12-30 19:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-01-14 04:06 . 2012-02-15 15:32 3145728 ----a-w- c:\windows\system32\win32k.sys
      2012-01-13 22:42 . 2012-01-13 22:42 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
      2012-01-04 10:44 . 2012-02-15 15:53 509952 ----a-w- c:\windows\system32\ntshrui.dll
      2012-01-04 08:58 . 2012-02-15 15:53 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
      2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
      2012-01-03 03:25 . 2012-01-03 03:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2011-12-31 14:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
      2011-12-31 14:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
      2011-12-31 01:04 . 2011-12-31 01:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
      2011-12-31 01:04 . 2011-12-31 01:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
      2011-12-31 01:04 . 2011-12-31 01:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
      2011-12-31 01:04 . 2011-12-31 01:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
      2011-12-31 01:04 . 2011-12-31 01:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
      2011-12-31 01:04 . 2011-12-31 01:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
      2011-12-31 01:04 . 2011-12-31 01:04 367104 ----a-w- c:\windows\SysWow64\html.iec
      2011-12-31 01:04 . 2011-12-31 01:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
      2011-12-31 01:04 . 2011-12-31 01:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
      2011-12-31 01:04 . 2011-12-31 01:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
      2011-12-31 01:04 . 2011-12-31 01:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
      2011-12-31 01:04 . 2011-12-31 01:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
      2011-12-31 01:04 . 2011-12-31 01:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
      2011-12-31 01:04 . 2011-12-31 01:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
      2011-12-31 01:04 . 2011-12-31 01:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2011-12-31 01:04 . 2011-12-31 01:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
      2011-12-31 01:04 . 2011-12-31 01:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
      2011-12-31 01:04 . 2011-12-31 01:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
      2011-12-31 01:04 . 2011-12-31 01:04 222208 ----a-w- c:\windows\system32\msls31.dll
      2011-12-31 01:04 . 2011-12-31 01:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
      2011-12-31 01:04 . 2011-12-31 01:04 12288 ----a-w- c:\windows\system32\mshta.exe
      2011-12-31 01:04 . 2011-12-31 01:04 114176 ----a-w- c:\windows\system32\admparse.dll
      2011-12-31 01:04 . 2011-12-31 01:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
      2011-12-31 01:04 . 2011-12-31 01:04 49664 ----a-w- c:\windows\system32\imgutil.dll
      2011-12-31 01:04 . 2011-12-31 01:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
      2011-12-31 01:04 . 2011-12-31 01:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
      2011-12-31 01:04 . 2011-12-31 01:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
      2011-12-31 01:04 . 2011-12-31 01:04 85504 ----a-w- c:\windows\system32\iesetup.dll
      2011-12-31 01:04 . 2011-12-31 01:04 76800 ----a-w- c:\windows\system32\tdc.ocx
      2011-12-31 01:04 . 2011-12-31 01:04 603648 ----a-w- c:\windows\system32\vbscript.dll
      2011-12-31 01:04 . 2011-12-31 01:04 448512 ----a-w- c:\windows\system32\html.iec
      2011-12-31 01:04 . 2011-12-31 01:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
      2011-12-31 01:04 . 2011-12-31 01:04 165888 ----a-w- c:\windows\system32\iexpress.exe
      2011-12-31 01:04 . 2011-12-31 01:04 160256 ----a-w- c:\windows\system32\wextract.exe
      2011-12-30 18:52 . 2011-12-30 18:53 8192 ----a-w- c:\windows\SysWow64\srvany.exe
      2011-12-30 06:26 . 2012-02-15 15:32 515584 ----a-w- c:\windows\system32\timedate.cpl
      2011-12-30 05:27 . 2012-02-15 15:32 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
      2011-12-28 03:59 . 2012-02-15 15:32 498688 ----a-w- c:\windows\system32\drivers\afd.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
      "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
      "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "mixer2"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
      R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
      R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
      R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      R3 WZCOOK;WEP/WPA-PMK key recovery service;f:\internet\crackeo_de_redes_wi_fi___programas_www.PirataMundo.com_\crackeo de redes wi fi + programas(www.PirataMundo.com)\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe [x]
      R4 SirefefRemover;SirefefRemover;c:\windows\system32\Drivers\SirefefRemover.sys [x]
      S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
      S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
      S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
      S2 ApacheMS4WWebServer;Apache MS4W Web Server;c:\ms4w\Apache\bin\httpd.exe [2008-01-18 24635]
      S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~2\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
      S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
      S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
      S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
      S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
      S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
      S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
      S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-31 1028096]
      S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
      S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
      S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
      S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      .
      --------- x86-64 -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-16 21709904]
      "combofix"="c:\combofix\CF24113.3XE" [2010-11-20 345088]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      DS1410D
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://search.babylon.com/home?AF=17284
      mLocal Page = c:\windows\SysWOW64\blank.htm
      IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
      TCP: DhcpNameServer = 200.13.249.101 200.13.224.254
      FF - ProfilePath - c:\users\RAY\AppData\Roaming\Mozilla\Firefox\Profiles\6u5s0mvn.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=aln1
      FF - user.js: extensions.funmoods_i.hmpg - true
      FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln1
      FF - user.js: extensions.funmoods_i.dfltSrch - true
      FF - user.js: extensions.funmoods_i.srchPrvdr - Search
      FF - user.js: extensions.funmoods_i.dnsErr - true
      FF - user.js: extensions.funmoods_i.newTab - true
      FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln1
      FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=aln1&q=
      FF - user.js: extensions.funmoods_i.id - ec0a5f7f00000000000000271363fb8f
      FF - user.js: extensions.funmoods_i.instlDay - 15415
      FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
      FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
      FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.20:23
      FF - user.js: extensions.funmoods_i.prtnrId - funmoods
      FF - user.js: extensions.funmoods_i.prdct - funmoods
      FF - user.js: extensions.funmoods_i.aflt - aln1
      FF - user.js: extensions.funmoods_i.smplGrp - none
      FF - user.js: extensions.funmoods_i.tlbrId - base
      FF - user.js: extensions.funmoods_i.instlRef -
      FF - user.js: extensions.funmoods_i.dfltLng -
      FF - user.js: extensions.funmoods_i.excTlbr - false
      .
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
      "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
      "ImagePath"="."
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
      "ImagePath"="."
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
      "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-3444842327-2257406088-3351033889-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:3d,2b,27,b5,87,e1,dd,23,fa,43,dc,7a,36,6a,32,bd,55,94,09,74,8b,3b,c1,
      22,ef,3e,3d,54,dc,4c,cd,66,52,e2,d3,0b,86,01,56,49,70,ae,0f,c5,45,4d,5b,c3,\
      "??"=hex:f3,4b,6d,fb,23,25,e1,d5,2a,8a,82,c6,26,73,74,2a
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.10"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
      c:\progra~2\ESRI\License\arcgis9x\ARCGIS.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
      c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
      c:\program files\Motorola\Bluetooth\btplayerctrl.exe
      .
      **************************************************************************
      .
      Completion time: 2012-03-24 13:00:15 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-03-24 18:00
      .
      Pre-Run: 68.945.588.224 bytes libres
      Post-Run: 68.886.274.048 bytes libres
      .
      - - End Of File - - FB10B24737D0E0F2CD806F9637B68E20

    4. #4
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.670

      Re: Virus que abre ventanas de facebook

      Buenas.,

      Como funciona tu PC ¿?


      Saludos.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de ultrakml
      Registrado
      mar 2012
      Ubicación
      Cali - Colombia
      Mensajes
      8

      Re: Virus que abre ventanas de facebook

      Pues la verdad el problema persiste, cada vez que doy clic en un link o en cualquier parte del navegador de Mozilla Firefox, he usado el navegador Opera y funciona normalmente, pero no es de mi agrado y pues busco solucionar el problema porque no quiero un virus por ahí andando en mi sistema.

    6. #6
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.670

      Re: Virus que abre ventanas de facebook

      Buenas.

      Descargá OTL By OldTimer a Tu escritorio

      Ejecutá OTL

      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo hasta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.



      Debido al accionar de las infecciones, que impide la ejecución de Todo lo relacionado a Antimalwares, vas a descargar OTL con su Extensión modificada desde cualquiera de los enlaces de abajo, para que este pueda correr.



      Nota:
      Cuando utilice estos enlaces, use Internet Explorer.

      Si utiliza Firefox, haga un clic derecho y seleccione "Guardar enlace como", de lo contrario, en algunos sistemas, cuando se intenta abrir el archivo, aparecería como una secuéncia de comandos y sólo verás muchas líneas de código en la pantalla.

      Una vez descargado OTL con su extensión cambiada, ejecútelo tal cual está explicado anteriormente.


      Nos traes el reporte de OTL.

      Saludos.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de ultrakml
      Registrado
      mar 2012
      Ubicación
      Cali - Colombia
      Mensajes
      8

      Re: Virus que abre ventanas de facebook

      Hola

      OTL.txt

      OTL logfile created on: 25/03/2012 11:51:38 p.m. - Run 1
      OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\RAY\Desktop
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000240a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

      3,75 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 73,29% Memory free
      7,49 Gb Paging File | 6,21 Gb Available in Paging File | 82,87% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 165,92 Gb Total Space | 63,29 Gb Free Space | 38,14% Space Free | Partition Type: NTFS
      Drive D: | 202,09 Gb Total Space | 118,11 Gb Free Space | 58,44% Space Free | Partition Type: NTFS

      Computer Name: RAYKEMAR | User Name: RAY | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\RAY\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      PRC - C:\Archivos de programa\Motorola\Bluetooth\btplayerctrl.exe (Motorola Solutions, Inc.)
      PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
      PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
      PRC - C:\PROGRA~2\ESRI\License\arcgis9x\ARCGIS.exe ()
      PRC - C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe (Acresso Software Inc.)
      PRC - C:\ms4w\Apache\bin\httpd.exe (Apache Software Foundation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
      MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
      MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
      MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()


      ========== Win32 Services (SafeList) ==========

      SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (FLEXnet Licensing Service 64) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
      SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
      SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
      SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
      SRV - (Bluetooth Media Service) -- C:\Archivos de programa\Motorola\Bluetooth\audiosrv.exe (Motorola Solutions, Inc.)
      SRV - (Bluetooth OBEX Service) -- C:\Archivos de programa\Motorola\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
      SRV - (Bluetooth Device Manager) -- C:\Archivos de programa\Motorola\Bluetooth\devmgrsrv.exe (Motorola Solutions, Inc.)
      SRV - (STacSV) -- C:\Archivos de programa\IDT\WDM\stacsv64.exe (IDT, Inc.)
      SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (ose64) -- C:\Archivos de programa\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (AESTFilters) -- C:\Archivos de programa\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
      SRV - (ArcGIS License Manager) -- C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe (Acresso Software Inc.)
      SRV - (ApacheMS4WWebServer) -- C:\ms4w\Apache\bin\httpd.exe (Apache Software Foundation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (SirefefRemover) -- C:\Windows\SysNative\drivers\SirefefRemover.sys (ESET spol. s r.o.)
      DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
      DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
      DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
      DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
      DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
      DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola Solutions, Inc.)
      DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Motorola, Inc.)
      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
      DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
      DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
      DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
      DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (Sentinel) -- C:\Windows\SysNative\drivers\Sentinel64.sys (SafeNet, Inc.)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17284
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-CO
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 89 8D BD E3 E5 CC 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=17284
      IE - HKCU\..\SearchScopes\{6AC4EC14-3592-4DE8-86B9-4ADEE1D55ED3}: "URL" = http://start.funmoods.com/results.php?f=4&a=aln1&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Search"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=aln1"


      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RAY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/12/30 20:37:09 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/12/30 20:37:09 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/12/30 20:37:09 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/27 19:16:25 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 14:18:24 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/27 19:16:24 | 000,000,000 | ---D | M]

      [2012/01/16 20:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAY\AppData\Roaming\mozilla\Extensions
      [2012/03/24 09:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAY\AppData\Roaming\mozilla\Firefox\Profiles\6u5s0mvn.default\extensions
      [2012/03/16 00:23:57 | 000,001,798 | ---- | M] () -- C:\Users\RAY\AppData\Roaming\Mozilla\Firefox\Profiles\6u5s0mvn.default\searchplugins\funmoods.xml
      [2012/03/18 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/01/27 19:16:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
      () (No name found) -- C:\USERS\RAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6U5S0MVN.DEFAULT\EXTENSIONS\{EB78C871-3D9D-433F-B49B-12468119BE89}.XPI
      [2012/03/17 14:18:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/03/18 12:41:27 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      [2012/02/21 13:27:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/02/21 13:27:02 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/02/21 13:27:02 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/02/18 10:37:31 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
      [2012/02/21 13:27:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/02/21 13:27:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/02/21 13:27:02 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/03/24 12:57:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
      O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
      O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
      O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
      O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O8:64bit: - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O8 - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: Teclado &Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
      O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
      O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
      O9:64bit: - Extra Button: Compro&bación de direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
      O9 - Extra Button: Teclado &Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
      O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
      O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
      O9 - Extra Button: Compro&bación de direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
      O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
      O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.13.249.101 200.13.224.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFCE5367-CD0D-49DA-A010-19A936CACD8D}: DhcpNameServer = 200.13.249.101 200.13.224.254
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18 - Protocol\Handler\ms-help - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
      O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = ComFile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/03/25 23:35:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\RAY\Desktop\OTL.exe
      [2012/03/25 06:58:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2012/03/24 13:00:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
      [2012/03/24 12:37:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
      [2012/03/24 12:37:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
      [2012/03/24 12:37:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
      [2012/03/24 12:37:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
      [2012/03/24 12:37:07 | 000,000,000 | ---D | C] -- C:\Qoobox
      [2012/03/24 11:27:37 | 000,000,000 | ---D | C] -- C:\Lop SD
      [2012/03/24 09:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
      [2012/03/24 08:36:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/03/24 08:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [2012/03/18 12:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
      [2012/03/16 17:03:01 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\Microsoft Games
      [2012/03/16 00:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
      [2012/03/15 23:59:18 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\player
      [2012/03/15 23:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
      [2012/03/15 23:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
      [2012/03/15 23:51:21 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\Google
      [2012/03/15 23:51:12 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\I Want This
      [2012/03/13 10:24:33 | 000,023,856 | ---- | C] (ESET spol. s r.o.) -- C:\Windows\SysNative\drivers\SirefefRemover.sys
      [2012/03/12 22:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Antivirus
      [2012/03/12 22:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
      [2012/03/12 11:47:53 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Malwarebytes
      [2012/03/12 11:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/03/11 23:37:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
      [2012/03/11 09:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\36B6A775000023EE000BC6B2B4EB2331
      [2012/03/10 22:30:12 | 000,000,000 | -HSD | C] -- C:\Users\RAY\AppData\Local\905222b5
      [2012/03/06 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\RAY\Desktop\SIGAVE
      [2012/03/04 06:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudacityPortable
      [2012/03/03 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\WMTools Downloaded Files
      [2012/03/03 10:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
      [2012/03/03 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\GetRightToGo
      [2012/03/03 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\RAY\Documents\Downloads
      [2012/03/03 09:44:24 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      [2012/03/03 09:20:13 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1
      [2012/03/03 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1
      [2012/03/03 09:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XP Codec Pack
      [2012/02/29 18:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
      [2012/02/29 17:59:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
      [2012/02/29 15:48:41 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\Microsoft Game Studios
      [2012/02/29 15:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
      [2012/02/29 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Microsoft Game Studios
      [2012/02/28 09:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
      [2012/02/28 09:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
      [2012/02/27 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Skype
      [2012/02/27 20:43:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
      [2012/02/27 20:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2012/02/27 20:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2012/02/27 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
      [2012/02/26 20:24:31 | 000,000,000 | ---D | C] -- C:\Windows\wb
      [2012/02/25 19:22:58 | 000,000,000 | ---D | C] -- C:\Users\RAY\Desktop\Presentation To Video Converter v5.3.0.18 Full
      [2012/02/25 19:21:55 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\GeoVid
      [2012/02/25 19:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoVid
      [2012/02/25 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert PowerPoint to HTML

      ========== Files - Modified Within 30 Days ==========

      [2012/03/25 23:36:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\RAY\Desktop\OTL.exe
      [2012/03/25 22:15:29 | 000,066,597 | ---- | M] () -- C:\Users\RAY\Desktop\543865_3535915354135_1159866708_3497657_1984995976_n.jpg
      [2012/03/25 22:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/03/25 10:44:15 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/03/25 10:44:15 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/03/25 10:36:39 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
      [2012/03/25 06:56:55 | 000,465,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/03/24 12:57:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
      [2012/03/24 09:34:56 | 000,115,202 | ---- | M] () -- C:\Users\RAY\Documents\cc_20120324_093446.reg
      [2012/03/24 08:36:15 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/03/23 06:32:30 | 001,555,646 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/03/23 06:32:30 | 000,703,840 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/03/23 06:32:30 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/03/23 06:32:30 | 000,137,806 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/03/23 06:32:30 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/03/19 13:36:21 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
      [2012/03/17 19:29:27 | 005,346,050 | ---- | M] () -- C:\Users\RAY\Desktop\photobooth_for_windows_7_by_vhanla.zip
      [2012/03/16 00:24:00 | 000,000,050 | ---- | M] () -- C:\user.js
      [2012/03/13 10:24:33 | 000,023,856 | ---- | M] (ESET spol. s r.o.) -- C:\Windows\SysNative\drivers\SirefefRemover.sys
      [2012/03/13 10:22:33 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_ad13.cmd
      [2012/03/07 22:40:10 | 006,650,782 | ---- | M] () -- C:\Users\RAY\Desktop\Clase1.pdf
      [2012/03/06 15:26:53 | 000,120,456 | ---- | M] () -- C:\Users\RAY\Desktop\RESUMEN.pdf
      [2012/03/04 09:53:23 | 000,017,920 | ---- | M] () -- C:\Users\RAY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/03/03 10:19:58 | 007,362,560 | ---- | M] () -- C:\Users\RAY\Desktop\MM26_ES.msi
      [2012/02/27 19:22:29 | 000,001,470 | ---- | M] () -- C:\Users\RAY\.recently-used.xbel
      [2012/02/27 13:21:25 | 000,426,389 | ---- | M] () -- C:\Users\RAY\Desktop\PAGINAS PRELIMINARES.pdf
      [2012/02/27 13:21:00 | 003,401,360 | ---- | M] () -- C:\Users\RAY\Desktop\TESIS_SIGAVE_LUIS&RAY1.pdf
      [2012/02/25 19:20:52 | 012,149,544 | ---- | M] () -- C:\Users\RAY\Desktop\Presentation To Video Converter v5.3.0.18 Full.rar
      [2012/02/25 15:55:54 | 000,000,033 | ---- | M] () -- C:\Users\RAY\AppData\Roaming\wizards.ini

      ========== Files Created - No Company Name ==========

      [2012/03/25 22:15:26 | 000,066,597 | ---- | C] () -- C:\Users\RAY\Desktop\543865_3535915354135_1159866708_3497657_1984995976_n.jpg
      [2012/03/24 12:37:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
      [2012/03/24 12:37:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
      [2012/03/24 12:37:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
      [2012/03/24 12:37:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
      [2012/03/24 12:37:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
      [2012/03/24 09:34:51 | 000,115,202 | ---- | C] () -- C:\Users\RAY\Documents\cc_20120324_093446.reg
      [2012/03/24 08:36:15 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/03/17 19:28:32 | 005,346,050 | ---- | C] () -- C:\Users\RAY\Desktop\photobooth_for_windows_7_by_vhanla.zip
      [2012/03/16 00:24:00 | 000,000,050 | ---- | C] () -- C:\user.js
      [2012/03/15 10:21:13 | 006,650,782 | ---- | C] () -- C:\Users\RAY\Desktop\Clase1.pdf
      [2012/03/10 22:31:18 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_ad13.cmd
      [2012/03/06 15:26:52 | 000,120,456 | ---- | C] () -- C:\Users\RAY\Desktop\RESUMEN.pdf
      [2012/03/03 10:21:11 | 000,017,920 | ---- | C] () -- C:\Users\RAY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/03/03 10:20:26 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
      [2012/03/03 10:18:59 | 007,362,560 | ---- | C] () -- C:\Users\RAY\Desktop\MM26_ES.msi
      [2012/03/03 09:20:14 | 000,421,888 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
      [2012/02/29 18:16:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
      [2012/02/27 19:22:29 | 000,001,470 | ---- | C] () -- C:\Users\RAY\.recently-used.xbel
      [2012/02/27 13:21:25 | 000,426,389 | ---- | C] () -- C:\Users\RAY\Desktop\PAGINAS PRELIMINARES.pdf
      [2012/02/27 13:20:51 | 003,401,360 | ---- | C] () -- C:\Users\RAY\Desktop\TESIS_SIGAVE_LUIS&RAY1.pdf
      [2012/02/25 19:20:46 | 012,149,544 | ---- | C] () -- C:\Users\RAY\Desktop\Presentation To Video Converter v5.3.0.18 Full.rar
      [2012/02/16 16:12:46 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
      [2012/02/09 20:55:08 | 000,000,033 | ---- | C] () -- C:\Users\RAY\AppData\Roaming\wizards.ini
      [2012/01/19 10:50:23 | 000,017,408 | ---- | C] () -- C:\Users\RAY\AppData\Local\WebpageIcons.db
      [2012/01/09 11:33:45 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
      [2011/12/30 20:46:34 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
      [2011/12/30 14:03:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2011/12/30 13:53:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
      [2011/12/30 12:50:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2011/12/30 12:50:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
      [2011/12/30 12:50:37 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
      [2011/12/30 12:50:37 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
      [2010/06/15 19:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

      ========== LOP Check ==========

      [2012/03/03 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      [2012/03/15 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\ESRI
      [2012/02/25 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\GeoVid
      [2012/03/03 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\GetRightToGo
      [2012/01/21 08:35:47 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\GrabPro
      [2012/02/25 17:48:52 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\gtk-2.0
      [2012/02/04 13:13:07 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\My Battle for Middle-earth Files
      [2012/03/12 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Notepad++
      [2012/02/21 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Nvu
      [2012/01/16 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Opera
      [2012/03/11 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Orbit
      [2012/03/15 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\player
      [2012/01/17 21:43:44 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\postgresql
      [2012/02/07 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\ProgSense
      [2012/02/03 13:51:59 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\TeamViewer
      [2012/01/27 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Unity
      [2012/03/25 10:37:07 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========

      < End of report >

    8. #8
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.670

      Re: Virus que abre ventanas de facebook

      Buenas.


      • Descargá a Tu escritorio la Herramienta llamada Yorkyt (De Panda Security)

      • Doble clic para ejecutarla.

      • Te pedirá reiniciar el sistema para completar la Búsqueda / Eliminación del rootkit. Presionas Aceptar.

      • Cuando termine, buscas Su reporte que queda en el escritorio, lo copias y pegas en Tu próxima respuesta.
      Saludos.
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de arsek
      Registrado
      mar 2009
      Ubicación
      mexico
      Mensajes
      2

      Re: Virus que abre ventanas de facebook

      hola amigos como les va..!!
      antes de empezar con el procedimiento decidi desinstalar firefox por completo sin guardar cookies, paginas etc.
      utilize el revo uninstaller, una desinstalacion moderada

      y volvi a instalar nuevamente dicho navegador
      y listo mi problema estaba solucionado

      no mas ventanitas de facebook
      muchas gracias por ayudar amigos se les agradece bastante

    10. #10
      Moderador Gral.
      Avatar de Tyny's
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.670

      Re: Virus que abre ventanas de facebook

      Para terminar solo te quedaría desinstalar CF de la siguiente manera:

      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")


      Si este procedimiento Falla Descarga OTC.exe en el escritorio. Lo ejecutas y presionas Cleanup.



      Consejos Utiles





      ____________________________

      **Tema solucionado** Si queres reabrir el tema hace clic aquique un moderador atendera tu consulta.
      Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión: Blog, Twitter, Facebook, vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.

      Saludos.
      Atentamente
      El Equipo de InfoSpyware
      www.infospyware.com
      www.forospyware.com

      Twitter: @InfoSpyware
      If on your journey, you should encounter God, God will be cut!


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.