Virus que abre ventanas de facebook (Solucionado)

**ultrakml** · 24/03/12, 12:35:58

Seria conveniente que leyeras los siguientes temas para estar informad@.

*Politicas del Foro

*Consejos Punto 6

*Políticas del Foro HijackThis

*FAQs de Problemas con el Foro

*Normas del Foro Off-Topic

Hola, yo realicé los pasos mencionados por LUCHI2009, pero solo me generó dos reportes que fué el de Malwarebytes y el de ESET Online. Con el LopSD no genero ningun informe, simplemente se cerró despues de terminar la exploracion. Igualmente les adjunto los archivos resultantes.

MALWAREBYTES

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versión de la Base de Datos: v2012.03.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RAY :: RAYKEMAR [administrador]

24/03/2012 08:40:22 a.m.
mbam-log-2012-03-24 (08-40-22).txt

Tipos de Análisis: Análisis Completo
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 423228
Tiempo transcurrido: 45 minuto(s), 1 segundo(s)

Procesos en Memoria Detectados: 1
C:\Users\RAY\AppData\Roaming\cacaoweb\cacaoweb.exe (Trojan.Agent) -> 2596 -> Se eliminarán al reiniciar.

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 32
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.FunMoods) -> No se tomaron medidas.
HKCR\funmoodsApp.appCore.1 (PUP.FunMoods) -> No se tomaron medidas.
HKCR\funmoodsApp.appCore (PUP.FunMoods) -> No se tomaron medidas.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.FunMoods) -> No se tomaron medidas.
HKCR\f (PUP.FunMoods) -> No se tomaron medidas.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.FunMoods) -> No se tomaron medidas.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> No se tomaron medidas.
HKCR\funmoods.dskBnd.1 (PUP.FunMoods) -> No se tomaron medidas.
HKCR\funmoods.dskBnd (PUP.FunMoods) -> No se tomaron medidas.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> No se tomaron medidas.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No se tomaron medidas.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No se tomaron medidas.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No se tomaron medidas.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No se tomaron medidas.
HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> No se tomaron medidas.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No se tomaron medidas.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.

Valores del Registro Detectados: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> datos: Funmoods Toolbar -> No se tomaron medidas.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cacaoweb (Trojan.Agent) -> datos: "C:\Users\RAY\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer -> En cuarentena y eliminado con éxito.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> datos: 215 Apps -> En cuarentena y eliminado con éxito.

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 1
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.

Archivos Detectados: 23
C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsApp.dll (PUP.FunMoods) -> No se tomaron medidas.
C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsEng.dll (PUP.FunMoods) -> No se tomaron medidas.
C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodssrv.exe (PUP.FunMoods) -> No se tomaron medidas.
C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll (PUP.FunMoods) -> No se tomaron medidas.
C:\Program Files (x86)\Funmoods\funmoods\1.5.12.2\uninstall.exe (PUP.FunMoods) -> No se tomaron medidas.
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> No se tomaron medidas.
C:\Users\RAY\AppData\Roaming\cacaoweb\cacaoweb.exe (Trojan.Agent) -> Se eliminarán al reiniciar.
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Windows\assembly\tmp\U\800000cb.@ (Rootkit.0Access) -> En cuarentena y eliminado con éxito.
C:\Users\postgres.RAYKEMAR\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.
C:\Users\RAY\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> En cuarentena y eliminado con éxito.

fin)

ESET ONLINE

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3e4df32a7aff5c41b9ed1a7abd92eeaf
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-24 04:25:14
# local_time=2012-03-24 11:25:14 (-0500, Hora est. Pacífico, Sudamérica)
# country="Colombia"
# lang=3082
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=769 16774142 0 7 58842 124865398 0 0
# compatibility_mode=1280 16777215 100 0 7241229 7241229 0 0
# compatibility_mode=5893 16776574 66 94 6335572 84144297 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=160936
# found=7
# cleaned=6
# scan_time=5467
C:\ProgramData\36B6A775000023EE000BC6B2B4EB2331\36B6A775000023EE000BC6B2B4EB2331.exe una variante de Win32/Kryptik.ABZK Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Users\RAY\Downloads\cnet2_ppt2html_exe.exe una variante de Win32/InstallCore.D aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Users\RAY\Downloads\DBF.to.SQL.Converter.v1.20.keygen.by.Inferno.zip una variante de Win32/Nebuler.CT Troyano (eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Windows\assembly\tmp\U\000000c0.@ Win32/Agent.TMK Troyano (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Windows\Microsoft.NET\Framework\FMwork\wimtd.exe una variante de Win32/HiddenStart.A aplicación (no se ha podido desinfectar - archivo eliminado - puesto en Cuarentena) 00000000000000000000000000000000 C
C:\Windows\System32\msizwy32.dll una variante de Win32/Nebuler.DA Troyano (no se ha podido desinfectar - archivo eliminado (después del próximo reinicio) - puesto en Cuarentena) 00000000000000000000000000000000 C
${Memory} una variante de Win32/Nebuler.DA Troyano 00000000000000000000000000000000 I

Gracias de antemano y espero su respuesta.

**Tyny's** · 24/03/12, 13:08:39

Buenas

Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.Comentando como esta funcionado tu sistema.

**ultrakml** · 24/03/12, 18:08:30

Hola, este es el registro que me generó el combofix:

ComboFix 12-03-22.01 - RAY 24/03/2012 12:39:31.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.57.3082.18.3835.2651 [GMT -5:00]
Running from: c:\users\RAY\Downloads\ANTIVIRUS\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RAY\AppData\Local\905222b5\U
c:\users\RAY\AppData\Local\905222b5\U\80000000.@
c:\users\RAY\AppData\Roaming\cacaoweb
c:\users\RAY\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\RAY\AppData\Roaming\cacaoweb\storage.db
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\wlancig.dll
c:\windows\SysWow64\CmdLineExt.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DS1410D
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 17:46 . 2012-03-24 17:46 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-03-24 16:27 . 2012-03-24 16:30 -------- d-----w- C:\Lop SD
2012-03-24 14:35 . 2012-03-24 14:35 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 13:36 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 17:43 . 2012-01-23 14:17 143360 ----a-w- c:\program files (x86)\Mozilla Firefox\BabyFox.dll
2012-03-18 17:43 . 2012-03-18 17:47 -------- d-----w- c:\program files (x86)\Babylon
2012-03-17 19:18 . 2012-03-17 19:18 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 19:18 . 2012-03-17 19:18 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 22:03 . 2012-03-16 22:06 -------- d-----w- c:\users\RAY\AppData\Local\Microsoft Games
2012-03-16 05:24 . 2012-03-16 05:24 50 ----a-w- C:\user.js
2012-03-16 05:23 . 2012-03-16 05:23 -------- d-----w- c:\program files (x86)\Funmoods
2012-03-16 04:59 . 2012-03-16 04:59 -------- d-----w- c:\users\RAY\AppData\Roaming\player
2012-03-16 04:59 . 2012-03-16 04:59 -------- d-----w- c:\program files (x86)\Tuguu SL
2012-03-16 04:51 . 2012-03-16 04:51 -------- d-----w- c:\users\RAY\AppData\Local\Google
2012-03-16 04:51 . 2012-03-16 04:51 -------- d-----w- c:\users\RAY\AppData\Local\I Want This
2012-03-13 15:24 . 2012-03-13 15:24 23856 ----a-w- c:\windows\system32\drivers\SirefefRemover.sys
2012-03-13 03:56 . 2012-03-13 03:56 -------- d-----w- c:\program files\Alwil Software
2012-03-12 16:47 . 2012-03-12 16:47 -------- d-----w- c:\users\RAY\AppData\Roaming\Malwarebytes
2012-03-12 16:47 . 2012-03-12 16:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-12 04:37 . 2012-03-12 04:37 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-11 14:13 . 2012-03-24 15:22 -------- d-----w- c:\programdata\36B6A775000023EE000BC6B2B4EB2331
2012-03-11 03:31 . 2012-03-13 15:22 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-03-11 03:30 . 2012-03-24 17:45 -------- d-sh--w- c:\users\RAY\AppData\Local\905222b5
2012-03-05 18:32 . 2012-03-05 18:32 -------- d-----w- c:\users\Invitado\AppData\Roaming\DivX
2012-03-05 18:32 . 2012-03-05 18:32 -------- d-----w- c:\users\Invitado\AppData\Roaming\Media Player Classic
2012-03-04 11:13 . 2012-03-11 14:55 -------- d-----w- c:\program files (x86)\AudacityPortable
2012-03-03 15:30 . 2012-03-04 23:46 -------- d-----w- c:\users\RAY\AppData\Local\WMTools Downloaded Files
2012-03-03 15:20 . 2012-03-11 14:55 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2012-03-03 15:17 . 2012-03-03 15:17 -------- d-----w- c:\users\RAY\AppData\Roaming\GetRightToGo
2012-03-03 14:44 . 2012-03-03 14:44 -------- d-----w- c:\users\RAY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-03 14:20 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm
2012-03-03 14:20 . 2012-03-03 14:20 -------- d-----w- c:\program files (x86)\XP Codec Pack
2012-02-29 23:17 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-02-29 22:59 . 2012-03-22 13:52 -------- d-----w- c:\windows\system32\catroot2
2012-02-29 20:49 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-02-29 20:48 . 2012-03-19 04:09 -------- d-----w- c:\users\RAY\AppData\Local\Microsoft Game Studios
2012-02-29 20:48 . 2012-03-19 04:09 -------- d-----w- c:\programdata\Microsoft Games
2012-02-29 20:45 . 2012-03-19 04:09 -------- d-----w- c:\users\RAY\AppData\Roaming\Microsoft Game Studios
2012-02-28 14:58 . 2012-02-28 14:58 -------- d-----w- c:\program files (x86)\Total Video Converter
2012-02-28 01:43 . 2012-03-24 17:57 -------- d-----w- c:\users\RAY\AppData\Roaming\Skype
2012-02-28 01:43 . 2012-03-11 14:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-28 01:43 . 2012-03-11 14:55 -------- d-----r- c:\program files (x86)\Skype
2012-02-28 01:43 . 2012-02-28 01:43 -------- d-----w- c:\programdata\Skype
2012-02-27 01:24 . 2012-02-27 01:24 -------- d-----w- c:\windows\wb
2012-02-26 00:21 . 2012-02-26 00:21 -------- d-----w- c:\users\RAY\AppData\Roaming\GeoVid
2012-02-26 00:21 . 2012-02-26 00:21 -------- d-----w- c:\program files (x86)\GeoVid
2012-02-25 23:56 . 2012-02-25 23:59 -------- d-----w- c:\program files (x86)\Convert PowerPoint to HTML
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 23:40 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-02-29 23:40 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-16 21:12 . 2012-02-16 21:12 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-02-09 18:10 . 2011-12-30 19:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06 . 2012-02-15 15:32 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-13 22:42 . 2012-01-13 22:42 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-04 10:44 . 2012-02-15 15:53 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 15:53 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 03:25 . 2012-01-03 03:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-31 14:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-31 14:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-31 01:04 . 2011-12-31 01:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-31 01:04 . 2011-12-31 01:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 01:04 . 2011-12-31 01:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 01:04 . 2011-12-31 01:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-31 01:04 . 2011-12-31 01:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-31 01:04 . 2011-12-31 01:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-31 01:04 . 2011-12-31 01:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-31 01:04 . 2011-12-31 01:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-31 01:04 . 2011-12-31 01:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-31 01:04 . 2011-12-31 01:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-31 01:04 . 2011-12-31 01:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-31 01:04 . 2011-12-31 01:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-31 01:04 . 2011-12-31 01:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-31 01:04 . 2011-12-31 01:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-31 01:04 . 2011-12-31 01:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-31 01:04 . 2011-12-31 01:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-31 01:04 . 2011-12-31 01:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-31 01:04 . 2011-12-31 01:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-31 01:04 . 2011-12-31 01:04 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-31 01:04 . 2011-12-31 01:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-31 01:04 . 2011-12-31 01:04 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-31 01:04 . 2011-12-31 01:04 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-31 01:04 . 2011-12-31 01:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-31 01:04 . 2011-12-31 01:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-31 01:04 . 2011-12-31 01:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-31 01:04 . 2011-12-31 01:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-31 01:04 . 2011-12-31 01:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-31 01:04 . 2011-12-31 01:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-31 01:04 . 2011-12-31 01:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-31 01:04 . 2011-12-31 01:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-31 01:04 . 2011-12-31 01:04 448512 ----a-w- c:\windows\system32\html.iec
2011-12-31 01:04 . 2011-12-31 01:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-31 01:04 . 2011-12-31 01:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-31 01:04 . 2011-12-31 01:04 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-30 18:52 . 2011-12-30 18:53 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2011-12-30 06:26 . 2012-02-15 15:32 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 15:32 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 15:32 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WZCOOK;WEP/WPA-PMK key recovery service;f:\internet\crackeo_de_redes_wi_fi___programas_www.PirataMundo.com_\crackeo de redes wi fi + programas(www.PirataMundo.com)\WinAircrackPack\WinAircrackPack\WinAircrackPack\wzcook.exe [x]
R4 SirefefRemover;SirefefRemover;c:\windows\system32\Drivers\SirefefRemover.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ApacheMS4WWebServer;Apache MS4W Web Server;c:\ms4w\Apache\bin\httpd.exe [2008-01-18 24635]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~2\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2011-02-16 680016]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2011-02-09 4151376]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2011-02-28 1189968]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-31 1028096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-02-16 21709904]
"combofix"="c:\combofix\CF24113.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DS1410D
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=17284
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 200.13.249.101 200.13.224.254
FF - ProfilePath - c:\users\RAY\AppData\Roaming\Mozilla\Firefox\Profiles\6u5s0mvn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=aln1
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=aln1&q=
FF - user.js: extensions.funmoods_i.id - ec0a5f7f00000000000000271363fb8f
FF - user.js: extensions.funmoods_i.instlDay - 15415
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.20:23
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - aln1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3444842327-2257406088-3351033889-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3d,2b,27,b5,87,e1,dd,23,fa,43,dc,7a,36,6a,32,bd,55,94,09,74,8b,3b,c1,
22,ef,3e,3d,54,dc,4c,cd,66,52,e2,d3,0b,86,01,56,49,70,ae,0f,c5,45,4d,5b,c3,\
"??"=hex:f3,4b,6d,fb,23,25,e1,d5,2a,8a,82,c6,26,73,74,2a
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\progra~2\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
.
**************************************************************************
.
Completion time: 2012-03-24 13:00:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 18:00
.
Pre-Run: 68.945.588.224 bytes libres
Post-Run: 68.886.274.048 bytes libres
.
- - End Of File - - FB10B24737D0E0F2CD806F9637B68E20

**Tyny's** · 24/03/12, 19:36:27

Buenas.,

Como funciona tu PC ¿?

Saludos.

**ultrakml** · 25/03/12, 03:12:20

Pues la verdad el problema persiste, cada vez que doy clic en un link o en cualquier parte del navegador de Mozilla Firefox, he usado el navegador Opera y funciona normalmente, pero no es de mi agrado y pues busco solucionar el problema porque no quiero un virus por ahí andando en mi sistema.

**Tyny's** · 25/03/12, 05:10:28

Buenas.

Descargá OTL By OldTimer a Tu escritorio

Ejecutá OTL

Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
Dejalo correr sin interrumpirlo hasta que termine el Análisis.
Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
Marcá las opciones: Buscar LOP y Buscar Purity.
Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
Por favor No cambies el resto de la configuración a menos que te lo solicitemos.

Presioná el boton .
Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.

Debido al accionar de las infecciones, que impide la ejecución de Todo lo relacionado a Antimalwares, vas a descargar OTL con su Extensión modificada desde cualquiera de los enlaces de abajo, para que este pueda correr.

OTL.com

OTL.scr

Nota: Cuando utilice estos enlaces, use Internet Explorer.

Si utiliza Firefox, haga un clic derecho y seleccione "Guardar enlace como", de lo contrario, en algunos sistemas, cuando se intenta abrir el archivo, aparecería como una secuéncia de comandos y sólo verás muchas líneas de código en la pantalla.

Una vez descargado OTL con su extensión cambiada, ejecútelo tal cual está explicado anteriormente.

Nos traes el reporte de OTL.

Saludos.

**ultrakml** · 26/03/12, 00:59:03

Hola

OTL.txt

OTL logfile created on: 25/03/2012 11:51:38 p.m. - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\RAY\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000240a | Country: Colombia | Language: ESO | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 73,29% Memory free
7,49 Gb Paging File | 6,21 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,92 Gb Total Space | 63,29 Gb Free Space | 38,14% Space Free | Partition Type: NTFS
Drive D: | 202,09 Gb Total Space | 118,11 Gb Free Space | 58,44% Space Free | Partition Type: NTFS

Computer Name: RAYKEMAR | User Name: RAY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RAY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Archivos de programa\Motorola\Bluetooth\btplayerctrl.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\PROGRA~2\ESRI\License\arcgis9x\ARCGIS.exe ()
PRC - C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe (Acresso Software Inc.)
PRC - C:\ms4w\Apache\bin\httpd.exe (Apache Software Foundation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service 64) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Bluetooth Media Service) -- C:\Archivos de programa\Motorola\Bluetooth\audiosrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Archivos de programa\Motorola\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Manager) -- C:\Archivos de programa\Motorola\Bluetooth\devmgrsrv.exe (Motorola Solutions, Inc.)
SRV - (STacSV) -- C:\Archivos de programa\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Archivos de programa\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Archivos de programa\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ArcGIS License Manager) -- C:\PROGRA~2\ESRI\License\arcgis9x\lmgrd.exe (Acresso Software Inc.)
SRV - (ApacheMS4WWebServer) -- C:\ms4w\Apache\bin\httpd.exe (Apache Software Foundation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SirefefRemover) -- C:\Windows\SysNative\drivers\SirefefRemover.sys (ESET spol. s r.o.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola Solutions, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Motorola, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Sentinel) -- C:\Windows\SysNative\drivers\Sentinel64.sys (SafeNet, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=17284
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-CO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 89 8D BD E3 E5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=17284
IE - HKCU\..\SearchScopes\{6AC4EC14-3592-4DE8-86B9-4ADEE1D55ED3}: "URL" = http://start.funmoods.com/results.php?f=4&a=aln1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=aln1"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RAY\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/12/30 20:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/12/30 20:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/12/30 20:37:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/27 19:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 14:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/27 19:16:24 | 000,000,000 | ---D | M]

[2012/01/16 20:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAY\AppData\Roaming\mozilla\Extensions
[2012/03/24 09:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAY\AppData\Roaming\mozilla\Firefox\Profiles\6u5s0mvn.default\extensions
[2012/03/16 00:23:57 | 000,001,798 | ---- | M] () -- C:\Users\RAY\AppData\Roaming\Mozilla\Firefox\Profiles\6u5s0mvn.default\searchplugins\funmoods.xml
[2012/03/18 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/01/27 19:16:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\RAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6U5S0MVN.DEFAULT\EXTENSIONS\{EB78C871-3D9D-433F-B49B-12468119BE89}.XPI
[2012/03/17 14:18:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/18 12:41:27 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/21 13:27:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/21 13:27:02 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/21 13:27:02 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2012/02/18 10:37:31 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/21 13:27:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/21 13:27:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/21 13:27:02 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/03/24 12:57:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Teclado &Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra Button: Compro&bación de direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Teclado &Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Archivos de programa\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Compro&bación de direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.13.249.101 200.13.224.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFCE5367-CD0D-49DA-A010-19A936CACD8D}: DhcpNameServer = 200.13.249.101 200.13.224.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 23:35:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\RAY\Desktop\OTL.exe
[2012/03/25 06:58:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/24 13:00:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/24 12:37:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/24 12:37:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/24 12:37:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/24 12:37:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/24 12:37:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/24 11:27:37 | 000,000,000 | ---D | C] -- C:\Lop SD
[2012/03/24 09:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/24 08:36:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/24 08:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/18 12:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2012/03/16 17:03:01 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\Microsoft Games
[2012/03/16 00:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2012/03/15 23:59:18 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\player
[2012/03/15 23:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2012/03/15 23:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2012/03/15 23:51:21 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\Google
[2012/03/15 23:51:12 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\I Want This
[2012/03/13 10:24:33 | 000,023,856 | ---- | C] (ESET spol. s r.o.) -- C:\Windows\SysNative\drivers\SirefefRemover.sys
[2012/03/12 22:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Antivirus
[2012/03/12 22:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/03/12 11:47:53 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Malwarebytes
[2012/03/12 11:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/11 23:37:35 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/03/11 09:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\36B6A775000023EE000BC6B2B4EB2331
[2012/03/10 22:30:12 | 000,000,000 | -HSD | C] -- C:\Users\RAY\AppData\Local\905222b5
[2012/03/06 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\RAY\Desktop\SIGAVE
[2012/03/04 06:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudacityPortable
[2012/03/03 10:30:42 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\WMTools Downloaded Files
[2012/03/03 10:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2012/03/03 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\GetRightToGo
[2012/03/03 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\RAY\Documents\Downloads
[2012/03/03 09:44:24 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/03 09:20:13 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1
[2012/03/03 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1
[2012/03/03 09:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XP Codec Pack
[2012/02/29 18:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/02/29 17:59:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/02/29 15:48:41 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Local\Microsoft Game Studios
[2012/02/29 15:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2012/02/29 15:45:58 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Microsoft Game Studios
[2012/02/28 09:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
[2012/02/28 09:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2012/02/27 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\Skype
[2012/02/27 20:43:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/27 20:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/27 20:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/27 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/26 20:24:31 | 000,000,000 | ---D | C] -- C:\Windows\wb
[2012/02/25 19:22:58 | 000,000,000 | ---D | C] -- C:\Users\RAY\Desktop\Presentation To Video Converter v5.3.0.18 Full
[2012/02/25 19:21:55 | 000,000,000 | ---D | C] -- C:\Users\RAY\AppData\Roaming\GeoVid
[2012/02/25 19:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoVid
[2012/02/25 18:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert PowerPoint to HTML

========== Files - Modified Within 30 Days ==========

[2012/03/25 23:36:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\RAY\Desktop\OTL.exe
[2012/03/25 22:15:29 | 000,066,597 | ---- | M] () -- C:\Users\RAY\Desktop\543865_3535915354135_1159866708_3497657_1984995976_n.jpg
[2012/03/25 22:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 10:44:15 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 10:44:15 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 10:36:39 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 06:56:55 | 000,465,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/24 12:57:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/24 09:34:56 | 000,115,202 | ---- | M] () -- C:\Users\RAY\Documents\cc_20120324_093446.reg
[2012/03/24 08:36:15 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/23 06:32:30 | 001,555,646 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/23 06:32:30 | 000,703,840 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/03/23 06:32:30 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/23 06:32:30 | 000,137,806 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/03/23 06:32:30 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 13:36:21 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/03/17 19:29:27 | 005,346,050 | ---- | M] () -- C:\Users\RAY\Desktop\photobooth_for_windows_7_by_vhanla.zip
[2012/03/16 00:24:00 | 000,000,050 | ---- | M] () -- C:\user.js
[2012/03/13 10:24:33 | 000,023,856 | ---- | M] (ESET spol. s r.o.) -- C:\Windows\SysNative\drivers\SirefefRemover.sys
[2012/03/13 10:22:33 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/03/07 22:40:10 | 006,650,782 | ---- | M] () -- C:\Users\RAY\Desktop\Clase1.pdf
[2012/03/06 15:26:53 | 000,120,456 | ---- | M] () -- C:\Users\RAY\Desktop\RESUMEN.pdf
[2012/03/04 09:53:23 | 000,017,920 | ---- | M] () -- C:\Users\RAY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/03 10:19:58 | 007,362,560 | ---- | M] () -- C:\Users\RAY\Desktop\MM26_ES.msi
[2012/02/27 19:22:29 | 000,001,470 | ---- | M] () -- C:\Users\RAY\.recently-used.xbel
[2012/02/27 13:21:25 | 000,426,389 | ---- | M] () -- C:\Users\RAY\Desktop\PAGINAS PRELIMINARES.pdf
[2012/02/27 13:21:00 | 003,401,360 | ---- | M] () -- C:\Users\RAY\Desktop\TESIS_SIGAVE_LUIS&RAY1.pdf
[2012/02/25 19:20:52 | 012,149,544 | ---- | M] () -- C:\Users\RAY\Desktop\Presentation To Video Converter v5.3.0.18 Full.rar
[2012/02/25 15:55:54 | 000,000,033 | ---- | M] () -- C:\Users\RAY\AppData\Roaming\wizards.ini

========== Files Created - No Company Name ==========

[2012/03/25 22:15:26 | 000,066,597 | ---- | C] () -- C:\Users\RAY\Desktop\543865_3535915354135_1159866708_3497657_1984995976_n.jpg
[2012/03/24 12:37:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/24 12:37:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/24 12:37:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/24 12:37:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/24 12:37:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/24 09:34:51 | 000,115,202 | ---- | C] () -- C:\Users\RAY\Documents\cc_20120324_093446.reg
[2012/03/24 08:36:15 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/17 19:28:32 | 005,346,050 | ---- | C] () -- C:\Users\RAY\Desktop\photobooth_for_windows_7_by_vhanla.zip
[2012/03/16 00:24:00 | 000,000,050 | ---- | C] () -- C:\user.js
[2012/03/15 10:21:13 | 006,650,782 | ---- | C] () -- C:\Users\RAY\Desktop\Clase1.pdf
[2012/03/10 22:31:18 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_ad13.cmd
[2012/03/06 15:26:52 | 000,120,456 | ---- | C] () -- C:\Users\RAY\Desktop\RESUMEN.pdf
[2012/03/03 10:21:11 | 000,017,920 | ---- | C] () -- C:\Users\RAY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/03 10:20:26 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2012/03/03 10:18:59 | 007,362,560 | ---- | C] () -- C:\Users\RAY\Desktop\MM26_ES.msi
[2012/03/03 09:20:14 | 000,421,888 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2012/02/29 18:16:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/02/27 19:22:29 | 000,001,470 | ---- | C] () -- C:\Users\RAY\.recently-used.xbel
[2012/02/27 13:21:25 | 000,426,389 | ---- | C] () -- C:\Users\RAY\Desktop\PAGINAS PRELIMINARES.pdf
[2012/02/27 13:20:51 | 003,401,360 | ---- | C] () -- C:\Users\RAY\Desktop\TESIS_SIGAVE_LUIS&RAY1.pdf
[2012/02/25 19:20:46 | 012,149,544 | ---- | C] () -- C:\Users\RAY\Desktop\Presentation To Video Converter v5.3.0.18 Full.rar
[2012/02/16 16:12:46 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/02/09 20:55:08 | 000,000,033 | ---- | C] () -- C:\Users\RAY\AppData\Roaming\wizards.ini
[2012/01/19 10:50:23 | 000,017,408 | ---- | C] () -- C:\Users\RAY\AppData\Local\WebpageIcons.db
[2012/01/09 11:33:45 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/30 20:46:34 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/30 14:03:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/30 13:53:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/12/30 12:50:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/30 12:50:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/12/30 12:50:37 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/30 12:50:37 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 19:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/03/03 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/15 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\ESRI
[2012/02/25 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\GeoVid
[2012/03/03 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\GetRightToGo
[2012/01/21 08:35:47 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\GrabPro
[2012/02/25 17:48:52 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\gtk-2.0
[2012/02/04 13:13:07 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\My Battle for Middle-earth Files
[2012/03/12 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Notepad++
[2012/02/21 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Nvu
[2012/01/16 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Opera
[2012/03/11 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Orbit
[2012/03/15 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\player
[2012/01/17 21:43:44 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\postgresql
[2012/02/07 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\ProgSense
[2012/02/03 13:51:59 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\TeamViewer
[2012/01/27 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\RAY\AppData\Roaming\Unity
[2012/03/25 10:37:07 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

**Tyny's** · 26/03/12, 14:10:51

Buenas.

Descargá a Tu escritorio la Herramienta llamada Yorkyt (De Panda Security)
Doble clic para ejecutarla.
Te pedirá reiniciar el sistema para completar la Búsqueda / Eliminación del rootkit. Presionas Aceptar.
Cuando termine, buscas Su reporte que queda en el escritorio, lo copias y pegas en Tu próxima respuesta.

Saludos.

**arsek** · 26/03/12, 18:35:56

hola amigos como les va..!!
antes de empezar con el procedimiento decidi desinstalar firefox por completo sin guardar cookies, paginas etc.
utilize el revo uninstaller, una desinstalacion moderada

y volvi a instalar nuevamente dicho navegador
y listo mi problema estaba solucionado

no mas ventanitas de facebook
muchas gracias por ayudar amigos se les agradece bastante

**Tyny's** · 26/03/12, 23:29:32

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

Ir a Inicio > Ejecutar
Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:
Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Si este procedimiento Falla Descarga OTC.exe en el escritorio. Lo ejecutas y presionas Cleanup.

Consejos Utiles

Mantener siempre actulizado el sistema.
Mantener siempre actualizada la base de datos del antivirus.
Descarga el Panda USB Vaccine Ejecutalo como indica su Manual.
Descarga Spywareblaster Instalalo y ejecutalo como indica su Manual
Ejecuta Malwarebytes una ves por semana. y tu antivirus cada quince dias.
Lee el siguiente enlace 10 consejos para navegar seguro por Internet. | InfoSpyware
Cualquier problema nos consultas.

____________________________

**Tema solucionado** Si queres reabrir el tema hace clic aqui

que un moderador atendera tu consulta.

Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión:

Blog,

Twitter,

Facebook,

vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.

Saludos.
Atentamente
El Equipo de InfoSpyware
www.infospyware.com
www.forospyware.com
Twitter: @InfoSpyware

Virus que abre ventanas de facebook (Solucionado)

Herramientas

Virus que abre ventanas de facebook (Solucionado)

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook

Re: Virus que abre ventanas de facebook