• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Problema con searchya.com

    Buen día, acudo a ustedes porque tengo un gran problema. Al parecer al querer descargar el jdownloader me traje también este desastroso virus que aparece ahora como página de inicio de mi buscador (google chrome). ...

    1. #1
      Usuario Avatar de paravariasopcio
      Registrado
      sep 2012
      Ubicación
      Peru
      Mensajes
      1

      Malware Problema con searchya.com

      Buen día, acudo a ustedes porque tengo un gran problema. Al parecer al querer descargar el jdownloader me traje también este desastroso virus que aparece ahora como página de inicio de mi buscador (google chrome). También tengo el Internet Explorer pero al parecer con ese no hay problema. El asunto es que al abrir el Chrome aparece la página searchya.com y es todo una molestia, además de que tengo entendido se trata de un virus.

      Bueno, seguí los pasos de este tema:
      Eliminar Search ya toolbar (Solucionado)

      Y este es el reporte que tengo del CF:

      ComboFix 12-09-18.07 - Anthony 19/09/2012 11:57:53.2.2 - x64
      Microsoft Windows 7 Home Basic 6.1.7601.1.1252.51.3082.18.5606.4348 [GMT -5:00]
      Running from: c:\users\Anthony\Downloads\ComboFix.exe
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      c:\windows\Temp\log.txt
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-19 17:04 . 2012-09-19 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-19 16:23 . 2012-09-19 16:23 -------- d-----w- c:\users\Anthony\AppData\Roaming\GlarySoft
      2012-09-19 16:08 . 2012-09-19 16:09 -------- d-----w- c:\program files (x86)\Glary Utilities
      2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\users\Anthony\AppData\Roaming\Malwarebytes
      2012-09-19 01:57 . 2011-07-08 12:55 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
      2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\programdata\Malwarebytes
      2012-09-19 01:57 . 2012-09-19 02:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-09-19 01:57 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-09-19 01:52 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF061D57-E7BC-42E4-BA57-43D434E5B93E}\mpengine.dll
      2012-09-18 21:26 . 2012-09-19 01:44 -------- d-----w- c:\program files (x86)\JDownloader
      2012-09-18 21:20 . 2012-09-18 21:20 -------- d-----w- c:\program files (x86)\SearchYa!
      2012-09-18 19:38 . 2012-09-18 19:38 -------- d-----w- c:\users\Anthony\AppData\Roaming\AVS4YOU
      2012-09-18 19:37 . 2012-09-18 19:37 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
      2012-09-18 19:37 . 2012-09-19 01:45 -------- d-----w- c:\program files (x86)\AVS4YOU
      2012-09-18 19:37 . 2012-09-18 19:38 -------- d-----w- c:\programdata\AVS4YOU
      2012-09-14 16:11 . 2012-09-14 16:11 -------- d-----w- c:\users\Anthony\AppData\Local\Macromedia
      2012-09-14 16:04 . 2012-09-14 16:04 -------- d-----w- c:\users\Anthony\AppData\Local\Mozilla
      2012-09-14 15:33 . 2012-09-14 15:33 -------- d-----w- c:\users\Anthony\AppData\Roaming\Philips
      2012-09-14 15:32 . 2012-09-14 15:33 -------- d-----w- c:\users\Anthony\AppData\Local\Philips-Songbird
      2012-09-14 15:32 . 2012-09-14 15:32 -------- d-----w- c:\users\Anthony\AppData\Roaming\Philips-Songbird
      2012-09-14 15:24 . 2012-09-14 15:24 -------- d-----w- c:\programdata\{F0489EF2-D393-4114-85BA-A94D71D89543}
      2012-09-14 15:23 . 2012-09-14 15:42 -------- d-----w- c:\program files (x86)\Philips
      2012-09-14 15:22 . 2012-09-19 01:45 -------- d-----w- C:\Philips
      2012-09-12 15:58 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-09-12 15:58 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
      2012-09-12 15:58 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
      2012-09-12 15:58 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
      2012-09-12 15:58 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-09-12 15:58 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-09-12 15:58 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-09-02 16:03 . 2012-09-02 16:03 -------- d-----w- C:\mluna
      2012-09-02 16:01 . 2012-09-02 16:04 -------- d-----w- c:\users\Anthony\.FBReader
      2012-09-02 16:00 . 2012-09-02 16:00 -------- d-----w- c:\program files (x86)\FBReader
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-07-18 18:15 . 2012-08-16 17:40 3148800 ----a-w- c:\windows\system32\win32k.sys
      2012-07-06 03:06 . 2012-06-12 15:00 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2012-07-06 03:06 . 2012-06-12 15:00 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-07-04 22:16 . 2012-08-16 17:40 73216 ----a-w- c:\windows\system32\netapi32.dll
      2012-07-04 22:13 . 2012-08-16 17:40 59392 ----a-w- c:\windows\system32\browcli.dll
      2012-07-04 22:13 . 2012-08-16 17:40 136704 ----a-w- c:\windows\system32\browser.dll
      2012-07-04 21:14 . 2012-08-16 17:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
      2012-06-29 04:55 . 2012-08-16 21:52 17809920 ----a-w- c:\windows\system32\mshtml.dll
      2012-06-29 04:09 . 2012-08-16 21:52 10925568 ----a-w- c:\windows\system32\ieframe.dll
      2012-06-29 03:56 . 2012-08-16 21:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
      2012-06-29 03:49 . 2012-08-16 21:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
      2012-06-29 03:49 . 2012-08-16 21:52 1392128 ----a-w- c:\windows\system32\wininet.dll
      2012-06-29 03:48 . 2012-08-16 21:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-06-29 03:47 . 2012-08-16 21:52 237056 ----a-w- c:\windows\system32\url.dll
      2012-06-29 03:45 . 2012-08-16 21:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
      2012-06-29 03:44 . 2012-08-16 21:52 816640 ----a-w- c:\windows\system32\jscript.dll
      2012-06-29 03:43 . 2012-08-16 21:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
      2012-06-29 03:42 . 2012-08-16 21:52 2144768 ----a-w- c:\windows\system32\iertutil.dll
      2012-06-29 03:40 . 2012-08-16 21:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
      2012-06-29 03:39 . 2012-08-16 21:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
      2012-06-29 03:35 . 2012-08-16 21:52 248320 ----a-w- c:\windows\system32\ieui.dll
      2012-06-29 00:16 . 2012-08-16 21:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
      2012-06-29 00:09 . 2012-08-16 21:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
      2012-06-29 00:08 . 2012-08-16 21:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2012-06-29 00:04 . 2012-08-16 21:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2012-06-29 00:00 . 2012-08-16 21:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
      "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
      "Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
      "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424]
      "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448]
      "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
      "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
      R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
      R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-08-01 1436424]
      R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
      S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
      S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
      S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-02-27 22648]
      S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-02-27 20520]
      S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-02-27 62776]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 204288]
      S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
      S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-15 352336]
      S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
      S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
      S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
      S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-12 10207232]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-12 317952]
      S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
      S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
      S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
      S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-04-12 51240]
      S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]
      S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-06 142632]
      S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]
      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
      S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-19 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-19 02:59]
      .
      2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212141566-3221234062-1058473899-1000Core.job
      - c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 16:23]
      .
      2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1212141566-3221234062-1058473899-1000UA.job
      - c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 16:23]
      .
      2012-09-13 c:\windows\Tasks\hpwebreg_CN1CG22MP605D2.job
      - c:\program files\HP\HP Deskjet 1000 J110 series\Bin\hpwebreg.exe [2010-11-17 02:29]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
      "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
      "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.fastergoogle.pe.kz
      uLocal Page = c:\windows\system32\blank.htm
      mStart Page = hxxp://acer.msn.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      IE: &Enviar a OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 190.81.125.5 200.108.96.220 200.108.96.217
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Toolbar-Locked - (no file)
      WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
      HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.10"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
      "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
      00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Launch Manager\LMworker.exe
      c:\program files (x86)\Launch Manager\LMutilps32.exe
      c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
      .
      **************************************************************************
      .
      Completion time: 2012-09-19 12:09:48 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-09-19 17:09
      .
      Pre-Run: 407,242,665,984 bytes libres
      Post-Run: 406,583,373,824 bytes libres
      .
      - - End Of File - - AEC23F073662CDE2559033DD04422D9A





      Espero que me puedan ayudar, es urgente ya que no es mi laptop y mi tía llega en unos días a por ella. Gracias de antemano.

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.638

      Re: Problema con searchya.com

      Hola



      • Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus

      • Descarga la Herramienta AT-Destroyer (by InfoSpyware)

      • Ejecuta la herramienta como administrador.
      • (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Aparecerá el Disclaimer de la herramienta. Presiona .

      • Presiona sobre la opción 1 (Buscar y Destruir)

      • La herramienta desconectará el escritorio moméntaneamente.

      • En caso de estar infectado,la herramienta lo indicará con lineas rojas donde se haya encontrado la infección,sino,serán lineas verdes.

      • Una vez terminado el escaneo,podrás volver a ver el escritorio y se te abrirá un reporte,que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.




      Ahora, Por favor, seguí este procedimiento:



      PASO 1

      Descargá estas herramientas a Tu escritorio, pero No ejecutes nada aún:


      º Glary Utilities y lo instalas según Su manual.

      º Malwarebytes y lo instalas y actualizas según su manual.



      PASO 2

      Ejecutá las herramientas en este órden:



      1.- Glary Utilities
      • Presioná el Boton Mantenimiento un Clic
      • Presioná el Boton Ver Resultados y esperá a que termine.
      • Cuando termine, presionas el Boton Reparar Problemas.





      2.- Malwarebytes

      Seleccionas hacer un "escaneo completo". Una vez finalizado, si detecta algo, pulsá "Quitar lo Seleccionado" como lo muestra Esta Imagen
      Si te pide reiniciar, lo haces.






      En Tu pròxima respuesta debes poner lo siguiente:

      º El Reporte de Malwarebytes (Está en Su Pestaña Registro)
      º El reporte de AT-Destroyer.
      º Como va tu ordenador ahora.





      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.