Cómo eliminar searchnu/406 (Solucionado)

**exuab** · 22/04/12, 03:11:32

Hola,
Ayer me bajé Ilivid y me he encontrado con searchnu/406 :(
Eliminé todos lod Ilivid, pero searchnu sigue ahí.
Combo fix me da el siguiente log:
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.469 [GMT 2:00]
Running from: c:\documents and settings\Hugo Navarro\My Documents\Descargas\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Hugo Navarro\Application Data\Local
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\(2).ddr
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx(2).ddr
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Hugo Navarro\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Hugo Navarro\Start Menu\Programs\Startup\0.25039866101471997.exe.lnk
C:\install.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3dfd41c3607f2763.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\9efeb643953f2d28.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\baac6e4e5c4828c9.fb
c:\windows\system32\Cache\c39468c9eb220b08.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-21 15:07 . 2012-04-21 15:07 -------- d-----w- c:\program files\CCleaner
2012-04-21 14:29 . 2012-04-21 14:29 -------- d--h--w- c:\windows\PIF
2012-04-21 14:25 . 2012-04-21 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-04-21 14:13 . 2012-04-21 14:13 -------- d-----w- c:\documents and settings\Hugo Navarro\AppData
2012-04-21 14:13 . 2012-04-21 14:13 -------- d-----w- c:\documents and settings\Hugo Navarro\Application Data\searchquband
2012-04-21 13:58 . 2012-04-21 13:59 -------- d-----w- c:\documents and settings\Hugo Navarro\Local Settings\Application Data\Ilivid Player
2012-03-25 09:45 . 2012-03-25 09:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-25 09:45 . 2012-03-25 09:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-25 09:45 . 2012-03-25 09:45 -------- d-----w- c:\program files\OpenAL
2012-03-25 09:43 . 2012-03-25 09:44 -------- d-----w- c:\program files\SuperTuxKart
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 20:00 . 2011-12-23 16:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 01:25 . 2008-04-25 20:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2009-07-09 12:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2008-04-25 20:33 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2008-04-25 20:33 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2008-04-25 20:33 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 20:33 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:26 . 2008-04-25 20:33 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 19:45 . 2011-03-25 18:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-18 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2009-01-01 550184]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-31 09:11 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [31/05/2009 11:03 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [31/05/2009 11:14 135936]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [31/05/2009 13:44 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [31/05/2009 13:44 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [31/05/2009 13:44 271328]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [31/05/2009 13:44 162816]
S2 gupdate1ca07951676a038;Servicio Google Update (gupdate1ca07951676a038);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2009 12:47 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [31/05/2009 13:43 1684736]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2009 12:47 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-18 10:46]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0b6c14c93d9e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 10:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ing.be/
mStart Page = hxxp://www.infospyware.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Hugo Navarro\Application Data\Mozilla\Firefox\Profiles\8y6y41fp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Hugo Navarro\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 07:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\HUGONA~1\LOCALS~1\Temp\div2.tmp\div3.tmp 30874 bytes
c:\docume~1\HUGONA~1\LOCALS~1\Temp\div2.tmp\div4.tmp 167045 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-04-22 08:04:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-22 06:04
.
Pre-Run: 88.866.705.408 bytes free
Post-Run: 89.342.451.712 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - AD97AC5C729D986CD642694F805C9AF4

¿Alguien me puede echar una mano, por favor?

**Xtreme Hero** · 22/04/12, 05:02:49

Hola Bienvenido a infospyware

Realiza lo siguiente:

1.-Abre el Notepad (Bloc de notas)

Windows XP

Ve a Inicio >> Selecciona Ejecutar >> Escribe dentro Notepad

Windows Vista / Windows 7

Ve a Inicio >> Todos los programas >> Accesorios >> Selecciona Ejecutar >> Escribe dentro Notepad

2.-Ahora copie y pegue estos archivos dentro del Notepad.

Código:

KillAll::

Folder::
c:\documents and settings\Hugo Navarro\Application Data\searchquband
c:\documents and settings\Hugo Navarro\Local Settings\Application Data\Ilivid Player

FireFox::
FF - ProfilePath - c:\documents and settings\Hugo Navarro\Application Data\Mozilla\Firefox\Profiles\8y6y41fp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=

RootKit::
c:\docume~1\HUGONA~1\LOCALS~1\Temp\div2.tmp\div3.tmp
c:\docume~1\HUGONA~1\LOCALS~1\Temp\div2.tmp\div4.tmp

3.- Guarde este archivo con el nombre CFScript.txt dentro del Escritorio.

4.- Arrastre y suelte el archivo CFScript.txt dentro del archivo ComboFix.exe como muestra la animación debajo. Esto activara ComboFix nuevamente.

Reinicie su PC y déjenos el nuevo reporte de ComboFix, comentándonos cómo esta funcionado todo actualmente.

Salu2

**exuab** · 22/04/12, 07:29:02

Ahí va el nuevo report. Parece que nos lo hemos cargado... ni rastro...

MUCHAS GRACIAS!!

ComboFix 12-04-20.03 - Hugo Navarro 22/04/2012 12:13:00.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.607 [GMT 2:00]
Running from: c:\documents and settings\Hugo Navarro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hugo Navarro\Desktop\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hugo Navarro\Application Data\searchquband
c:\documents and settings\Hugo Navarro\Local Settings\Application Data\Ilivid Player
c:\documents and settings\Hugo Navarro\Local Settings\Application Data\Ilivid Player\script.qscript
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-21 15:07 . 2012-04-21 15:07 -------- d-----w- c:\program files\CCleaner
2012-04-21 14:29 . 2012-04-21 14:29 -------- d--h--w- c:\windows\PIF
2012-04-21 14:25 . 2012-04-21 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-03-25 09:45 . 2012-03-25 09:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-25 09:45 . 2012-03-25 09:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-25 09:45 . 2012-03-25 09:45 -------- d-----w- c:\program files\OpenAL
2012-03-25 09:43 . 2012-03-25 09:44 -------- d-----w- c:\program files\SuperTuxKart
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 20:00 . 2011-12-23 16:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 01:25 . 2008-04-25 20:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2009-07-09 12:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2008-04-25 20:33 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2008-04-25 20:33 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2008-04-25 20:33 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 20:33 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-03 09:26 . 2008-04-25 20:33 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 19:45 . 2011-03-25 18:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-22_05.59.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-22 10:20 . 2012-04-22 10:20 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2009-01-01 550184]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-31 09:11 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [31/05/2009 11:03 14248]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [31/05/2009 11:14 135936]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [31/05/2009 13:44 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [31/05/2009 13:44 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [31/05/2009 13:44 271328]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [31/05/2009 13:44 162816]
S2 gupdate1ca07951676a038;Servicio Google Update (gupdate1ca07951676a038);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2009 12:47 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [31/05/2009 13:43 1684736]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/07/2009 12:47 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-18 10:46]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0b6c14c93d9e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 10:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ing.be/
mStart Page = hxxp://www.infospyware.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Hugo Navarro\Application Data\Mozilla\Firefox\Profiles\8y6y41fp.default\
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-IspAssistant-FileServe - c:\program files\FileServe Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.

**Xtreme Hero** · 22/04/12, 07:31:05

Hola de nuevo,

Desinstala ComboFix de la siguiente manera:

Vas a Inicio > Ejecutar y escribes ComboFix /Uninstall como lo muestra la imagen:

Presiona aceptar. Esto activará el desinstalador de ComboFix y luego de unos segundos verás ComboFix is uninstalled.

Nos comentas cómo está funcionando todo y si restan dudas

Salu2

**exuab** · 22/04/12, 12:30:11

Muchas gracias de nuevo... Pensaba dejarlo instalado para próximos casos... ¿Es arriesgado mantenerlo?

**Xtreme Hero** · 22/04/12, 12:55:42

Hola,

Combofix no es un antivirus,y sin supervisión de alguien que sepa manejarlo podría provocar inestabilidad en el sistema

De ahí,la siguiente cita:

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Nos comentas si restan dudas.

Salu2

**exuab** · 23/04/12, 16:34:21

Hola,

Pues resulta que no me deja... ¿Hay otra manera?

Me dice que Windows no puede encontrar el archivo...

Gracias.

**Xtreme Hero** · 23/04/12, 18:01:14

Hola de nuevo,

-Descarga OTC.exe en el escritorio.

-Lo ejecutas y presionas Cleanup.

Nos comentas si restan dudas.

Salu2

**exuab** · 24/04/12, 17:23:41

¡¡¡Perfecto, todo solucionado!!! Muchas gracias.

**Xtreme Hero** · 25/04/12, 17:37:07

Hola de nuevo,

Me alegro de que tu problema se haya solucionado.Para cualquier otro problema no dudes en volver a postear.

Ha sido un placer ayudarte

Damos el tema por

--->:::Solucionado:::<---

Si necesitas re-abrir el tema, haz clic en

a la derecha de cualquier mensaje de tu tema y solicita que se abra nuevamente .Un moderador atendera tu consulta.

Como recomendación final, te invitamos a seguirnos en nuestros canales de difusión :

Blog ,

Twitter ,

Facebook, ,

vía E-Mail, para estar al tanto de los nuevos malwares y como prevenirlos.

Salu2

Cómo eliminar searchnu/406 (Solucionado)

Herramientas

Cómo eliminar searchnu/406 (Solucionado)

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406

Re: cómo eliminar searchnu/406