• Registrarse
  • Iniciar sesión


  • Resultados 1 al 6 de 6

    no logro identificar el virus que me afecta!

    Amigos buenas noches, les comento que al abrir alguna página de internet y voy hacer click encime de cualquier linck me abre otra ventana con otra pagina diferente, es muy molesto porque es a cada ...

    1. #1
      Usuario Avatar de alejandrinis
      Registrado
      mar 2009
      Ubicación
      Venezuela
      Mensajes
      30

      no logro identificar el virus que me afecta!

      Amigos buenas noches, les comento que al abrir alguna página de internet y voy hacer click encime de cualquier linck me abre otra ventana con otra pagina diferente, es muy molesto porque es a cada momento y no he podido solucionarlo a pesar de los múltiples escaneos que he hecho etc...
      por otro lado les pido por favor ayuda con respecto a que se me cae el internet bastante seguido por pequeños lapsos de tiempo, no se si se deba al mismo virus o a que se pueda deber esto.

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: no logro identificar el virus que me afecta!

      Hola alejandrinis



      Realiza lo siguiente:


      Paso 1.-




      Paso 2.- Descarga instala y/o actualiza pero no ejecutes aún:




      Paso 3.- Ejecutas en Modo Normal :

      AT-Destroyer
      • La ejecuta como Administrador.
        Nota: Si usa Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador."
      • Aparecerá el Disclaimer de la herramienta. Presione Sí.
      • Presione la opción 1 (Buscar y Destruir)
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • En caso de estar infectado, AT-Destroyer lo indicará con lineas rojas donde se haya detectado la infección, sino, serán lineas verdes.
      • Una vez terminado el escaneo, podrá volver a ver el escritorio y se le abrirá un reporte, que deberá copiar en su próxima respuesta comentando cómo funciona el sistema.
      • Si algún programa no inicia, reiniciar la PC.


      Malwarebytes' Anti-Malware;

      • Realizas un Scan Completo.
      • Marcar la opción "Quitar lo Seleccionado".
      • Su Reporte se encuentra en la Pestaña Registro.


      Paso 4.- Ejecutas Ccleaner.

      • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
      • Despues usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).



      Paso 5.: Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware


        Si te pide actualizar "Aceptas".
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.


      Nota Importante: Luego del primer reinicio que realiza el programa Combofix, realiza un reinicio mas.




      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de alejandrinis
      Registrado
      mar 2009
      Ubicación
      Venezuela
      Mensajes
      30

      Re: no logro identificar el virus que me afecta!

      hola SanMar, gracias por tu resp, a continuación los reportes por orden:

      AT-Destroyer:
      Código:
      #################################################### A/T-Destroyer by InfoSpyware ############ 
       
      A/T-Destroyer 1.0.7 By Infospyware 
      www.infospyware.com 
      Fecha iniciada en el analisis 11/09/2012 
      Hora iniciada en el analisis   0:48:34,22 
      Usuario Actual : [C:\Users\Leonardo] 
      Sistema Operativo: Windows 7 Home Basic   
      Service pack: Service Pack 1    
      Arquitectura: Sistema operativo de 32 bits 
      Versión Internet Explorer: 8.0.7601.17514 
      Modo Actual: Modo Normal. 
      Privilegios: [Leonardo-Administrador]   
      Versión Google Chrome:  
      Versión Mozilla Firefox: 15.0.1 
      
      ====== Servicios Eliminados By A/T-Destroyer ====== 
      
      
      
      
      ====== Claves Eliminadas By A/T-Destroyer ====== 
      
      
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | ( {98889811-442D-49dd-99D7-DC866BE87DBC} ) 
      HKEY_CLASSES_ROOT\AppID\escort.DLL
      HKEY_CLASSES_ROOT\AppID\escort.DLL 
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} 
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent\Assemblies
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent\WebBooster
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent 
      HKEY_CURRENT_USER\SOFTWARE\Iminent
      HKEY_CURRENT_USER\SOFTWARE\Iminent\1
      HKEY_CURRENT_USER\SOFTWARE\Iminent\1\[email protected]
      HKEY_CURRENT_USER\SOFTWARE\Iminent\1\[email protected]
      HKEY_CURRENT_USER\SOFTWARE\Iminent\SearchTheWeb
      HKEY_CURRENT_USER\SOFTWARE\Iminent\UserOptions
      HKEY_CURRENT_USER\SOFTWARE\Iminent\WebBooster
      HKEY_CURRENT_USER\SOFTWARE\Iminent\WebBooster\Scripts
      HKEY_CURRENT_USER\SOFTWARE\Iminent\WebBooster\Scripts\minibar
      HKEY_CURRENT_USER\SOFTWARE\Iminent 
      
      
      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ====== 
      
      
      C:\Program Files\babylontoolbar\BabylonToolbar
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17
      C:\Program Files\babylontoolbar\BabylonToolbar\BabylonTB.xpi
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\bh
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\uninstall.exe
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
      "C:\Program Files\babylontoolbar" 
      C:\Users\Leonardo\AppData\Roaming\Babylon\log_file.txt
      "C:\Users\Leonardo\AppData\Roaming\Babylon" 
      "C:\ProgramData\Babylon" 
      C:\Program Files\mozilla firefox\searchplugins\babylon.xml 
      C:\Users\Leonardo\Appdata\Local\GDIPFONTCACHEV1.DAT 
      C:\user.js 
      
      
      ====== Información Extra ======  
       
       
                      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_ 
      "HKCU\Software\Microsoft\Internet Explorer\Main"  
      Start Page == http://www.google.com  
      Search Page == http://find.localstrike.net/  
      Local Page == C:\Windows\system32\blank.htm  
      Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157   
        
      "HKLM\Software\Microsoft\Internet Explorer\Main"  
      Start Page == http://www.google.com  
      Search Page == http://find.localstrike.net/  
      Local Page == C:\Windows\System32\blank.htm  
      Default_Search_URL == http://find.localstrike.net/   
      Default_Page_URL == http://find.localstrike.net/   
      
      
      "HKEY_USERS\S-1-5-21-546794098-2396994225-3740466331-1001\Software\Microsoft\Internet Explorer\Main"  
      Start Page == http://www.google.com  
      Search Page == http://find.localstrike.net/  
      Local Page == C:\Windows\system32\blank.htm  
      Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157   
      
      
       
       
                      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_ 
      user_pref("browser.startup.homepage", "http://google.com"); 
       
      
                        -_-_-_-_-_-_-_-_ Configuraciones de Opera-_-_-_-_-_-_-_-_ 
      Home URL=http://search.localstrike.com.ar
      
      
                               ======= EOF =======
      Malwarebytes' Anti-Malware:
      Código:
      Malwarebytes Anti-Malware 1.65.0.1400
      www.malwarebytes.org
      
      Versión de la Base de Datos: v2012.09.11.01
      
      Windows 7 Service Pack 1 x86 NTFS
      Internet Explorer 8.0.7601.17514
      Leonardo :: LEONARDO-PC [administrador]
      
      11/09/2012 12:53:56 a.m.
      mbam-log-2012-09-11 (00-53-56).txt
      
      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 363330
      Tiempo transcurrido: 1 hora(s), 10 minuto(s), 36 segundo(s)
      
      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)
      
      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)
      
      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)
      
      fin)
      ComboFix.exe:
      [CODE]
      ComboFix 12-08-22.03 - Leonardo 11/09/2012 8:38.1.2 - x86
      Microsoft Windows 7 Home Basic 6.1.7601.1.1252.58.3082.18.1981.1041 [GMT -4,5:30]
      Running from: c:\users\Leonardo\Desktop\ComboFix.exe
      AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
      FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
      SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\sXe Injected
      c:\program files\sXe Injected\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
      c:\program files\sXe Injected\Chrome\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
      c:\program files\sXe Injected\chromechange.exe
      c:\program files\sXe Injected\ddsxei.sys
      c:\program files\sXe Injected\default.reg
      c:\program files\sXe Injected\firechange.exe
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.html
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.js
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\example.html
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon128.png
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon19.png
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon200.png
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\manifest.json
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.css
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.html
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.js
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\README.md
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.html
      c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.js
      c:\program files\sXe Injected\localstrike-search.xml
      c:\program files\sXe Injected\newtaburl_local.xpi
      c:\program files\sXe Injected\Preferences
      c:\program files\sXe Injected\search.ini
      c:\program files\sXe Injected\speeddial.ini
      c:\program files\sXe Injected\sXe-I EULA.txt
      c:\program files\sXe Injected\sXe Injected.exe
      c:\program files\sXe Injected\sXe.dll
      c:\program files\sXe Injected\TopSites.plist
      c:\program files\sXe Injected\uninstall.exe
      c:\program files\sXe Injected\uninstall.ini
      c:\program files\sXe Injected\Web Data
      c:\program files\sXe Injected\web.dll
      c:\program files\Windows Live\Messenger\msacm32.dll
      c:\users\Leonardo\AppData\Roaming\Desktopicon
      c:\users\Leonardo\AppData\Roaming\Desktopicon\eBay.ico
      c:\users\Leonardo\AppData\Roaming\Desktopicon\uninst.exe
      c:\windows\VM305Cap.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-11 13:13 . 2012-09-11 13:14 -------- d-----w- c:\users\Leonardo\AppData\Local\temp
      2012-09-11 13:13 . 2012-09-11 13:13 -------- d-----w- c:\users\vit\AppData\Local\temp
      2012-09-11 13:13 . 2012-09-11 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-11 05:18 . 2012-06-29 18:25 22528 ----a-w- c:\windows\AT-Uninstall.exe
      2012-09-11 05:18 . 2012-03-13 03:57 11776 ----a-w- c:\windows\Colous.exe
      2012-09-11 05:18 . 2008-03-25 15:09 69660 ----a-w- c:\windows\Fart.exe
      2012-09-11 05:12 . 2012-09-11 05:12 -------- d-----w- c:\program files\CCleaner
      2012-09-11 05:12 . 2012-09-11 05:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F4F2BA3-9941-4129-B81F-AAB23660F482}\offreg.dll
      2012-09-10 22:40 . 2011-03-10 22:34 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
      2012-09-07 22:50 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F4F2BA3-9941-4129-B81F-AAB23660F482}\mpengine.dll
      2012-09-01 12:52 . 2012-09-01 12:52 -------- d-----w- c:\program files\Common Files\Java
      2012-09-01 12:50 . 2012-09-01 12:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2012-08-28 01:09 . 2012-08-28 02:46 -------- d-----w- c:\program files\Unlocker
      2012-08-26 16:30 . 2012-09-11 13:03 -------- d-----w- c:\users\Leonardo\AppData\Local\CrashDumps
      2012-08-26 16:28 . 2012-08-26 16:28 -------- d-----w- c:\users\Leonardo\AppData\Local\TechSmith
      2012-08-26 16:28 . 2012-08-26 16:28 -------- d-----w- c:\users\Leonardo\AppData\Roaming\TechSmith
      2012-08-26 16:26 . 2012-08-26 16:26 -------- d-----w- c:\program files\Common Files\TechSmith Shared
      2012-08-26 16:26 . 2012-08-26 16:26 -------- d-----w- c:\programdata\TechSmith
      2012-08-26 16:25 . 2012-08-26 16:26 -------- d-----w- c:\windows\72144B9D58C44C09A5CFC6A914B912E8.TMP
      2012-08-26 16:18 . 2012-08-26 16:18 -------- d-----w- c:\program files\TechSmith
      2012-08-15 01:53 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
      2012-08-15 01:53 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
      2012-08-15 01:53 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
      2012-08-15 01:53 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
      2012-08-15 01:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
      2012-08-15 01:53 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
      2012-08-15 01:53 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-07 21:34 . 2012-06-18 00:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-09-01 12:50 . 2012-05-23 01:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-09-01 12:50 . 2012-05-23 01:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
      2012-08-23 12:22 . 2012-03-30 17:18 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-08-23 12:22 . 2011-07-12 21:11 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-07-13 11:32 . 2012-07-13 11:32 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
      2012-07-13 11:32 . 2012-07-13 11:32 120872 ----a-w- c:\windows\system32\drivers\PSINProt.sys
      2012-07-13 11:32 . 2012-07-13 11:32 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
      2012-07-13 11:32 . 2012-07-13 11:32 148520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
      2012-07-13 11:32 . 2012-07-13 11:32 103464 ----a-w- c:\windows\system32\drivers\PSINFile.sys
      2012-07-12 15:48 . 2012-07-12 15:48 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
      2012-06-27 20:21 . 2012-06-27 20:21 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
      2012-06-27 20:21 . 2012-06-27 20:21 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys
      2012-06-27 20:21 . 2012-06-27 20:21 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
      2012-06-27 20:21 . 2012-06-27 20:21 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
      2012-06-27 20:21 . 2012-06-27 20:21 60968 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
      2012-06-27 20:21 . 2012-06-27 20:21 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
      2012-06-27 20:21 . 2012-06-27 20:21 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
      2012-06-27 20:21 . 2012-06-27 20:21 28712 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
      2012-06-27 20:21 . 2012-06-27 20:21 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys
      2012-06-27 20:21 . 2012-06-27 20:21 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
      2012-06-27 20:21 . 2012-06-27 20:21 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
      2012-09-07 01:34 . 2012-09-07 01:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-23 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-23 174104]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-23 151064]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-05 8555040]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
      "IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
      "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
      "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
      "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
      .
      c:\users\Leonardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2011-5-31 337264]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-9-5 25214]
      Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-2-18 1672480]
      w98Eject.lnk - c:\windows\System\w98eject.exe [2012-5-10 61440]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
      R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.364.0\BBSvc.exe [x]
      R2 gupdate;Google Update Servicio (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\DRIVERS\hwusbser.sys [x]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
      R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
      R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
      R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
      R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
      R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
      S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
      S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
      S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
      S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
      S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
      S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
      S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
      S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
      S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
      S2 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
      S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
      S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.364.0\SeaPort.exe [x]
      S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
      S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:22]
      .
      2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-546794098-2396994225-3740466331-1000Core.job
      - c:\users\vit\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-03 20:53]
      .
      2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-546794098-2396994225-3740466331-1000UA.job
      - c:\users\vit\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-03 20:53]
      .
      2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 16:12]
      .
      2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 16:12]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 200.44.32.12 200.11.248.12
      FF - ProfilePath - c:\users\Leonardo\AppData\Roaming\Mozilla\Firefox\Profiles\nosdwxv1.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://google.com
      FF - prefs.js: keyword.URL - hxxp://google.com
      FF - prefs.js: network.proxy.type - 0
      FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=060612_8_
      FF - user.js: extensions.BabylonToolbar_i.babExt -
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - 6033b5420000000000001078d2cb80ab
      FF - user.js: extensions.BabylonToolbar_i.hardId - 6033b5420000000000001078d2cb80ab
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15508
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:27
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      AddRemove-eBay Icon - c:\users\Leonardo\AppData\Roaming\Desktopicon\uninst.exe
      AddRemove-sXe Injected - c:\program files\sXe Injected\uninstall.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-09-11 08:46:03
      ComboFix-quarantined-files.txt 2012-09-11 13:16
      .
      Pre-Run: 192.120.508.416 bytes libres
      Post-Run: 192.283.951.104 bytes libres
      .
      - - End Of File - - CA3C91ACF67EBB6FF2CEDA426A7B78DA


      Parece ir bien el sistema

    4. #4
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: no logro identificar el virus que me afecta!

      Hola alejandrinis:


      Realiza lo siguiente:



      1.-Abrir el Notepad (Bloc de Notas)
      • Ir a INICIO > EJECUTAR >
      • Y ahí pones notepad.exe y ACEPTAR

      2.-Ahora copia y pega estos archivos dentro del Notepad

      Código:
      KillAll::
      
      ClearJavaCache:: 
      
      File:: 
      c:\windows\72144B9D58C44C09A5CFC6A914B912E8.TMP
      
      Folder::
      c:\program files\Iminent
      c:\users\vit\AppData\Local\Facebook
      
      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMBooster"=-
      
      AtJob::
      c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-546794098-2396994225-3740466331-1000Core.job
      c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-546794098-2396994225-3740466331-1000UA.job
      
      FireFox::
      FF - ProfilePath - c:\users\Leonardo\AppData\Roaming\Mozilla\Firefox\Profiles\nosdwxv1.default\
      FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=060612_8_
      FF - user.js: extensions.BabylonToolbar_i.babExt - 
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - 6033b5420000000000001078d2cb80ab
      FF - user.js: extensions.BabylonToolbar_i.hardId - 6033b5420000000000001078d2cb80ab
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15508
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:27
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
      3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

      4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

      • Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente?



      Salu2-

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de alejandrinis
      Registrado
      mar 2009
      Ubicación
      Venezuela
      Mensajes
      30

      Re: no logro identificar el virus que me afecta!

      SanMar como estas, adjunto el reporte del combofix. Te comento que ultimamente estaban saliendo mas paginas cuando le hacia click a cualquier otra. veré como sigue con esto último que me dijiste...

      Gracias, saludos.

      ComboFix 12-09-20.03 - Leonardo 21/09/2012 15:40:06.2.2 - x86
      Microsoft Windows 7 Home Basic 6.1.7601.1.1252.58.3082.18.1981.1183 [GMT -4,5:30]
      Running from: c:\users\Leonardo\Desktop\ComboFix.exe
      Command switches used :: c:\users\Leonardo\Desktop\CFScript.txt
      AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
      FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
      SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      FILE ::
      "c:\windows\72144B9D58C44C09A5CFC6A914B912E8.TMP"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Iminent
      c:\program files\Iminent\IMBooster\de\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\de\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\en\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\en\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\en\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\es\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\es\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\es\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\FlvEncoder.exe
      c:\program files\Iminent\IMBooster\fr\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\fr\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\fr\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\IMBooster.exe
      c:\program files\Iminent\IMBooster\IMBooster.exe.config
      c:\program files\Iminent\IMBooster\Iminent.Addon.Player.swf
      c:\program files\Iminent\IMBooster\Iminent.AxImp.dll
      c:\program files\Iminent\IMBooster\Iminent.Booster.UI.dll
      c:\program files\Iminent\IMBooster\Iminent.Business.dll
      c:\program files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
      c:\program files\Iminent\IMBooster\Iminent.Business.XmlSerializers.dll
      c:\program files\Iminent\IMBooster\Iminent.Services.dll
      c:\program files\Iminent\IMBooster\Iminent.WinCore.Aim.Proxy.dll
      c:\program files\Iminent\IMBooster\Iminent.WinCore.Aim7.dll
      c:\program files\Iminent\IMBooster\Iminent.WinCore.dll
      c:\program files\Iminent\IMBooster\Iminent.WinCore.WLM.WinEvents.dll
      c:\program files\Iminent\IMBooster\Iminent.WinCore.WLM15.dll
      c:\program files\Iminent\IMBooster\Iminent.WinCore.Yahoo.dll
      c:\program files\Iminent\IMBooster\Iminent.Windows.AxHost.dll
      c:\program files\Iminent\IMBooster\Iminent.Windows.dll
      c:\program files\Iminent\IMBooster\Iminent.Winks.Player.swf
      c:\program files\Iminent\IMBooster\Iminent.Workflow.dll
      c:\program files\Iminent\IMBooster\inst\Bootstrapper\Bootstrapper.exe
      c:\program files\Iminent\IMBooster\inst\main.ico
      c:\program files\Iminent\IMBooster\inst\msacm32.dll
      c:\program files\Iminent\IMBooster\inst\newappid.dat
      c:\program files\Iminent\IMBooster\it\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\it\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\it\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\Microsoft.VC90.CRT.manifest
      c:\program files\Iminent\IMBooster\msvcm90.dll
      c:\program files\Iminent\IMBooster\msvcp90.dll
      c:\program files\Iminent\IMBooster\msvcr90.dll
      c:\program files\Iminent\IMBooster\pt\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\pt\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\pt\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\ro\IMBooster.resources.dll
      c:\program files\Iminent\IMBooster\ro\Iminent.Booster.UI.resources.dll
      c:\program files\Iminent\IMBooster\ro\Iminent.Services.resources.dll
      c:\program files\Iminent\IMBooster\System.Data.SQLite.dll
      c:\program files\Iminent\IMBooster\Turbine.TVE2.dll
      c:\program files\Iminent\IMBooster\TVE2.dll
      c:\program files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome.manifest
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome\content\browser.js
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome\content\browser.xul
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome\content\config.js
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome\content\scriptExtender.js
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome\content\scriptInjector.js
      c:\program files\Iminent\IMBooster4Web\[email protected]\chrome\content\utils.js
      c:\program files\Iminent\IMBooster4Web\[email protected]\components\Iminent.WebBooster.XPCOM.18.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\components\IminentWebBoosterXPCOM.xpt
      c:\program files\Iminent\IMBooster4Web\[email protected]\components_20\Iminent.WebBooster.XPCOM.20.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\components_20\Iminent.WebBooster.XPCOM.50.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\components_20\Iminent.WebBooster.XPCOM.60.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\components_20\Iminent.WebBooster.XPCOM.70.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\components_20\Iminent.WebBooster.XPCOM.80.dll
      c:\program files\Iminent\IMBooster4Web\[email protected]\defaults\preferences\prefs.js
      c:\program files\Iminent\IMBooster4Web\[email protected]\install.rdf
      c:\program files\Iminent\MMServer\Iminent.MMPlayer.swf
      c:\program files\Iminent\MMServer\Iminent.MMServer.exe
      c:\program files\Iminent\MMServer\Iminent.MMServer.WinTracker.dll
      c:\program files\Iminent\MMServer\Iminent.MMServerPS.dll
      c:\users\vit\AppData\Local\Facebook
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
      c:\users\vit\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
      c:\users\vit\AppData\Local\Facebook\Update\FacebookUpdate.exe
      c:\users\vit\AppData\Local\Facebook\Video\Common\fb#3aac58denbg9wbon5v93eu3lnmkoyc2hgirwdz9clrcd_db3ushanjsmdukc2nlbcxs70\config.lck
      c:\users\vit\AppData\Local\Facebook\Video\Common\fb#3aac58denbg9wbon5v93eu3lnmkoyc2hgirwdz9clrcd_db3ushanjsmdukc2nlbcxs70\config.xml
      c:\users\vit\AppData\Local\Facebook\Video\Common\fb#3aac58denbg9wbon5v93eu3lnmkoyc2hgirwdz9clrcd_db3ushanjsmdukc2nlbcxs70\contactgroup256.dbb
      c:\users\vit\AppData\Local\Facebook\Video\Common\fb#3aac58denbg9wbon5v93eu3lnmkoyc2hgirwdz9clrcd_db3ushanjsmdukc2nlbcxs70\index2.dat
      c:\users\vit\AppData\Local\Facebook\Video\Common\fb#3aac58denbg9wbon5v93eu3lnmkoyc2hgirwdz9clrcd_db3ushanjsmdukc2nlbcxs70\main.lock
      c:\users\vit\AppData\Local\Facebook\Video\Common\fb#3aac58denbg9wbon5v93eu3lnmkoyc2hgirwdz9clrcd_db3ushanjsmdukc2nlbcxs70\profile256.dbb
      c:\users\vit\AppData\Local\Facebook\Video\Common\shared.lck
      c:\users\vit\AppData\Local\Facebook\Video\Common\shared.xml
      c:\users\vit\AppData\Local\Facebook\Video\Skype\third-party_attributions.txt
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-21 20:15 . 2012-09-21 20:18 -------- d-----w- c:\users\Leonardo\AppData\Local\temp
      2012-09-21 20:15 . 2012-09-21 20:15 -------- d-----w- c:\users\vit\AppData\Local\temp
      2012-09-21 20:15 . 2012-09-21 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-21 20:09 . 2012-09-21 20:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4B97064-3304-46CE-B9C8-0A9B2D42387F}\offreg.dll
      2012-09-21 19:53 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4B97064-3304-46CE-B9C8-0A9B2D42387F}\mpengine.dll
      2012-09-21 19:48 . 2011-03-10 22:34 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
      2012-09-12 12:07 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-09-12 12:07 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
      2012-09-12 12:07 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-09-12 12:07 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-09-12 12:07 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-09-12 12:07 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
      2012-09-11 05:18 . 2012-06-29 18:25 22528 ----a-w- c:\windows\AT-Uninstall.exe
      2012-09-11 05:18 . 2012-03-13 03:57 11776 ----a-w- c:\windows\Colous.exe
      2012-09-11 05:18 . 2008-03-25 15:09 69660 ----a-w- c:\windows\Fart.exe
      2012-09-11 05:12 . 2012-09-11 05:12 -------- d-----w- c:\program files\CCleaner
      2012-09-01 12:52 . 2012-09-01 12:52 -------- d-----w- c:\program files\Common Files\Java
      2012-09-01 12:50 . 2012-09-01 12:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2012-08-28 01:09 . 2012-08-28 02:46 -------- d-----w- c:\program files\Unlocker
      2012-08-26 16:30 . 2012-09-11 13:03 -------- d-----w- c:\users\Leonardo\AppData\Local\CrashDumps
      2012-08-26 16:28 . 2012-08-26 16:28 -------- d-----w- c:\users\Leonardo\AppData\Local\TechSmith
      2012-08-26 16:28 . 2012-08-26 16:28 -------- d-----w- c:\users\Leonardo\AppData\Roaming\TechSmith
      2012-08-26 16:26 . 2012-08-26 16:26 -------- d-----w- c:\program files\Common Files\TechSmith Shared
      2012-08-26 16:26 . 2012-08-26 16:26 -------- d-----w- c:\programdata\TechSmith
      2012-08-26 16:25 . 2012-08-26 16:26 -------- d-----w- c:\windows\72144B9D58C44C09A5CFC6A914B912E8.TMP
      2012-08-26 16:18 . 2012-08-26 16:18 -------- d-----w- c:\program files\TechSmith
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-07 21:34 . 2012-06-18 00:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-09-01 12:50 . 2012-05-23 01:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-09-01 12:50 . 2012-05-23 01:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
      2012-08-23 12:22 . 2012-03-30 17:18 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-08-23 12:22 . 2011-07-12 21:11 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-07-18 17:47 . 2012-08-15 01:53 2345984 ----a-w- c:\windows\system32\win32k.sys
      2012-07-13 11:32 . 2012-07-13 11:32 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
      2012-07-13 11:32 . 2012-07-13 11:32 120872 ----a-w- c:\windows\system32\drivers\PSINProt.sys
      2012-07-13 11:32 . 2012-07-13 11:32 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
      2012-07-13 11:32 . 2012-07-13 11:32 148520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
      2012-07-13 11:32 . 2012-07-13 11:32 103464 ----a-w- c:\windows\system32\drivers\PSINFile.sys
      2012-07-12 15:48 . 2012-07-12 15:48 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
      2012-07-04 21:14 . 2012-08-15 01:53 41984 ----a-w- c:\windows\system32\browcli.dll
      2012-07-04 21:14 . 2012-08-15 01:53 102912 ----a-w- c:\windows\system32\browser.dll
      2012-06-27 20:21 . 2012-06-27 20:21 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
      2012-06-27 20:21 . 2012-06-27 20:21 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys
      2012-06-27 20:21 . 2012-06-27 20:21 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
      2012-06-27 20:21 . 2012-06-27 20:21 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
      2012-06-27 20:21 . 2012-06-27 20:21 60968 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
      2012-06-27 20:21 . 2012-06-27 20:21 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
      2012-06-27 20:21 . 2012-06-27 20:21 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
      2012-06-27 20:21 . 2012-06-27 20:21 28712 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
      2012-06-27 20:21 . 2012-06-27 20:21 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys
      2012-06-27 20:21 . 2012-06-27 20:21 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
      2012-06-27 20:21 . 2012-06-27 20:21 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
      2012-06-27 05:53 . 2012-08-15 01:54 981504 ----a-w- c:\windows\system32\wininet.dll
      2012-06-27 04:10 . 2012-08-15 01:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
      2012-09-07 01:34 . 2012-09-07 01:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-23 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-23 174104]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-23 151064]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-05 8555040]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
      "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
      "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
      "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      .
      c:\users\Leonardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2011-5-31 337264]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-9-5 25214]
      Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-2-18 1672480]
      w98Eject.lnk - c:\windows\System\w98eject.exe [2012-5-10 61440]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
      R2 gupdate;Google Update Servicio (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
      R3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
      R3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\DRIVERS\hwusbser.sys [x]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
      R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
      R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
      R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
      R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
      R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
      S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
      S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
      S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
      S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
      S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
      S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
      S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
      S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
      S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
      S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
      S2 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
      S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
      S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
      S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
      S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:22]
      .
      2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 16:12]
      .
      2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 16:12]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 200.44.32.12 200.11.248.12
      FF - ProfilePath - c:\users\Leonardo\AppData\Roaming\Mozilla\Firefox\Profiles\nosdwxv1.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://google.com
      FF - prefs.js: keyword.URL - hxxp://google.com
      FF - prefs.js: network.proxy.type - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      AddRemove-IMBoosterARP - c:\program files\Iminent\IMBooster\inst\Bootstrapper\Bootstrapper.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
      c:\program files\Ralink\Common\RaRegistry.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\windows\system32\taskhost.exe
      c:\windows\system32\conhost.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
      c:\windows\system32\sppsvc.exe
      c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
      .
      **************************************************************************
      .
      Completion time: 2012-09-21 15:52:31 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-09-21 20:22
      ComboFix2.txt 2012-09-11 13:16
      .
      Pre-Run: 191.521.484.800 bytes libres
      Post-Run: 191.633.788.928 bytes libres
      .
      - - End Of File - - A403F620EAE0E181BE2DF5AFBDA1B1EA

    6. #6
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: no logro identificar el virus que me afecta!

      Hola:


      Prueba reiniciando un par de veces el equipo y nos comentas como va.



      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.