• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 22

    dt kill no me funciona

    Le puse el c'odigo de windows que tenia en la pegatina y me dio el ok. Voy a probar con el Combofix este a ver que tal y pego el reporte. Gracias...

    1. #11
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      Le puse el c'odigo de windows que tenia en la pegatina y me dio el ok. Voy a probar con el Combofix este a ver que tal y pego el reporte. Gracias

    2. #12
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      Cerr'e los antivirus pero No pude cerrar el microsoft security essentials, no ve'ia c'omo hacerlo ya que no aparec'ia en el 'area de las notificaciones ni ve'ia el proceso. No s'e si sirve as'i>



      ComboFix 12-10-12.01 - atb 12/10/2012 18:29:26.2.2 - x86
      Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.3037.1948 [GMT 1:00]
      Running from: c:\users\atb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UB7NAG9N\ComboFix.exe
      AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
      AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
      FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
      SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
      SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\gestio~2\GESTio~1.exe
      c:\program files\Mozilla Firefox\plugins\npuuseep.dll
      c:\program files\OfferBox
      c:\program files\Setup.exe
      c:\users\atb\Documents\~WRL2892.tmp
      c:\users\atb\ncftp
      c:\users\atb\ncftp\firewall.txt
      c:\windows\security\Database\tmp.edb
      c:\windows\struct~.ini
      c:\windows\system32\drivers\etc\hosts.ics
      c:\windows\system32\gtapi_signed.dll
      c:\windows\system32\muzapp.exe
      c:\windows\system32\nsis_loader.dll
      c:\windows\system32\spsys.log
      c:\windows\system32\wpcap.dll
      c:\windows\system32\zip32.dll
      c:\windows\WindowsUpdate.log
      c:\windows\XSxS
      .
      Infected copy of c:\windows\system32\userinit.exe was found and disinfected
      Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-12 17:37 . 2012-10-12 17:37 -------- d-----w- c:\users\Mcx1-ATB-PC.atb-PC\AppData\Local\temp
      2012-10-12 17:37 . 2012-10-12 17:37 -------- d-----w- c:\users\Invitado\AppData\Local\temp
      2012-10-12 17:37 . 2012-10-12 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-10-12 17:37 . 2012-10-12 17:37 -------- d-----w- c:\users\atb\AppData\Local\temp
      2012-10-12 15:28 . 2011-03-10 17:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
      2012-10-12 11:49 . 2012-10-12 14:08 -------- d-----w- c:\users\atb\AppData\Roaming\Skype
      2012-10-11 13:27 . 2012-10-11 13:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2012-10-10 15:37 . 2012-10-10 15:37 -------- d-----w- C:\_OTL
      2012-10-10 10:57 . 2012-10-10 10:57 -------- d-----w- c:\users\atb\AppData\Roaming\Panda Security
      2012-10-10 10:56 . 2012-10-10 10:56 -------- d-----w- c:\program files\Toolbar Cleaner
      2012-10-10 10:56 . 2012-10-10 10:56 -------- d-----w- c:\users\atb\AppData\Local\panda2_0dn
      2012-10-10 10:56 . 2012-10-12 17:39 -------- d-----w- c:\programdata\Panda Security URL Filtering
      2012-10-10 10:55 . 2012-10-10 10:56 -------- d-----w- c:\program files\Panda Security
      2012-10-10 10:55 . 2012-10-10 10:55 -------- d-----w- c:\programdata\Panda Security
      2012-10-10 10:26 . 2012-10-10 10:26 -------- d-----w- C:\_DT-Kill
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\users\atb\AppData\Roaming\Malwarebytes
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\programdata\Malwarebytes
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-10-09 23:33 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-10-09 23:26 . 2012-10-09 23:26 -------- d-----w- c:\users\atb\AppData\Roaming\FLEXnet
      2012-10-09 22:43 . 2012-10-09 23:10 -------- d-----w- c:\users\atb\AppData\Roaming\Nuance
      2012-10-09 22:34 . 2012-10-09 23:11 -------- d-----w- C:\DTRToll
      2012-10-09 21:54 . 2012-10-09 21:54 -------- d-----w- c:\program files\Trend Micro
      2012-10-09 21:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
      2012-10-09 21:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
      2012-10-09 21:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
      2012-10-09 21:02 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2012-10-09 21:02 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
      2012-10-09 21:02 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-10-09 21:02 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-10-06 23:31 . 2012-10-10 05:51 -------- d-----w- c:\program files\SopCast
      2012-10-05 22:04 . 2012-10-09 22:41 -------- d-----w- C:\VPSL
      2012-10-02 22:19 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-09-24 13:21 . 2012-10-10 05:51 -------- d-----w- c:\program files\Common Files\IVA
      2012-09-24 13:21 . 2012-10-10 05:51 -------- d-----w- c:\program files\Common Files\Nuance
      2012-09-24 13:17 . 2012-10-10 05:51 -------- d-----w- c:\programdata\Nuance
      2012-09-16 22:57 . 2012-09-16 22:57 1409 ----a-w- c:\windows\QTFont.for
      2012-09-15 10:46 . 2012-09-15 10:46 -------- d-----w- c:\program files\Xenocode
      2012-09-15 10:45 . 2012-09-15 10:45 -------- d-----w- c:\program files\FNMT-RCM
      2012-09-13 21:06 . 2012-09-13 21:06 36104 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
      2012-09-13 19:26 . 2012-09-13 19:26 33512 ----a-w- c:\windows\system32\drivers\taphss.sys
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-12 17:22 . 2012-10-12 17:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E8E2874-1751-499B-9138-4A4B940C9D25}\MpKsl8fc042e9.sys
      2012-10-11 13:27 . 2012-08-28 10:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-10-11 13:27 . 2010-06-10 18:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
      2012-10-09 21:21 . 2012-04-18 08:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-09 21:21 . 2011-05-19 15:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-04 08:45 . 2012-10-05 09:09 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5A8E489-0FA2-45A2-AF8E-804A1FE86AA2}\gapaengine.dll
      2012-10-04 08:45 . 2012-07-04 10:04 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
      2012-08-30 21:03 . 2012-08-30 21:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
      2012-08-30 21:03 . 2012-03-20 19:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
      2012-08-30 08:17 . 2012-10-12 09:47 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E8E2874-1751-499B-9138-4A4B940C9D25}\mpengine.dll
      2012-08-30 08:17 . 2012-10-11 08:14 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2012-08-26 09:46 . 2012-08-26 09:46 121384 ----a-w- c:\windows\system32\drivers\PSINProt.sys
      2012-08-26 09:46 . 2012-08-26 09:46 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys
      2012-08-26 09:45 . 2012-08-26 09:45 175144 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
      2012-08-26 09:45 . 2012-08-26 09:45 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
      2012-08-26 09:45 . 2012-08-26 09:45 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
      2012-08-22 17:16 . 2012-09-12 10:20 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-08-22 17:16 . 2012-09-12 10:20 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-08-22 17:16 . 2012-09-12 10:20 240496 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-08-22 17:16 . 2012-09-12 10:20 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-08-02 16:57 . 2012-09-12 10:19 490496 ----a-w- c:\windows\system32\d3d10level9.dll
      2012-07-18 17:47 . 2012-08-17 12:24 2345984 ----a-w- c:\windows\system32\win32k.sys
      2009-10-07 15:21 . 2011-02-25 18:52 6410240 ----a-w- c:\program files\ABBYY FineReader 10 Professional Edition.msi
      2009-07-07 18:12 . 2011-02-25 18:52 245408 ----a-w- c:\program files\unicows.dll
      2009-07-07 18:12 . 2011-02-25 18:52 1822520 ----a-w- c:\program files\instmsiw.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
      2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
      .
      [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
      @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
      [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
      2010-01-28 21:56 135168 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "miCoach Manager"="c:\program files\adidas\miCoach Manager\SyncManager.exe" [2012-08-08 4339224]
      "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-30 222496]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-08-26 37152]
      "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
      "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-24 296056]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Etiqueta Virtual v1.0.lnk - c:\program files\Movistar\Etiqueta Virtual\EtiquetaVirtual.exe [2010-9-27 57344]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"
      .
      [HKLM\~\startupfolder\C:^Users^atb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
      path=c:\users\atb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
      backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
      backupExtension=.Startup
      .
      [HKLM\~\startupfolder\C:^Users^atb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
      path=c:\users\atb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
      backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
      backupExtension=.Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
      2010-02-08 14:51 1015808 ----a-w- c:\program files\Ares\Ares.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
      2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
      2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-03-21 11:58 136176 ----atw- c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
      2012-03-07 00:36 943504 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
      2012-03-24 13:52 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
      2012-03-07 00:36 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\miCoach Manager]
      2012-08-08 20:08 4339224 ----a-w- c:\program files\adidas\miCoach Manager\SyncManager.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
      2011-12-16 12:54 220744 ----a-w- c:\program files\PDF24\pdf24.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-05-24 08:27 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
      R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
      R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
      R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
      R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
      S1 aswSnx;aswSnx; [x]
      S1 MpKsl8fc042e9;MpKsl8fc042e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E8E2874-1751-499B-9138-4A4B940C9D25}\MpKsl8fc042e9.sys [x]
      S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
      S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
      S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
      S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
      S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
      S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
      S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
      S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
      S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
      S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
      S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
      S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
      S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
      S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
      S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      S3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
      S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      NETSVCS REQUIRES REPAIRS - current entries shown
      aelookupsvc
      certpropsvc
      scpolicysvc
      lanmanserver
      gpsvc
      ikeext
      audiosrv
      ias
      irmon
      rasauto
      rasman
      remoteaccess
      sens
      tapisrv
      wmi
      termservice
      wuauserv
      bits
      shellhwdetection
      iphlpsvc
      seclogon
      appinfo
      msiscsi
      mmcss
      wercplsupport
      eaphost
      profsvc
      schedule
      hkmsvc
      sessionenv
      winmgmt
      browser
      themes
      bdesvc
      appmgmt
      .
      Rebuilding ... You need to reboot your machine for this to take effect.
      .
      FastUserSwitchingCompatibility
      helpsvc
      LogonHours
      Nla
      Ntmssvc
      NWCWorkstation
      Nwsapagent
      PCAudit
      Sharedaccess
      SRService
      uploadmgr
      WmdmPmSp
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 21:21]
      .
      2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152185067-3705363877-1646377439-1000Core.job
      - c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 11:58]
      .
      2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152185067-3705363877-1646377439-1000UA.job
      - c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 11:58]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = https://www.google.es/
      mStart Page =
      IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
      IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
      IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
      IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
      Trusted Zone: aeat.es\www
      Trusted Zone: fnmt.es
      Trusted Zone: gob.es\agenciatributaria
      TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
      DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
      DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
      DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-10 - (no file)
      ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
      AddRemove-GoogleBooks - c:\program files\PDFsvg\Google Books Download\Uninstall.exe
      AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
      AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
      AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
      AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
      AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
      AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
      AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
      AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
      AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
      AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
      AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
      AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
      AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
      AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
      AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
      AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
      AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
      AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
      AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
      AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
      AddRemove-Dropbox - c:\users\atb\AppData\Roaming\Dropbox\bin\Uninstall.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(4504)
      c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll
      c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Microsoft Security Client\MsMpEng.exe
      c:\windows\system32\WLANExt.exe
      c:\windows\system32\conhost.exe
      c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
      c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
      c:\windows\system32\taskhost.exe
      c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\windows\system32\conhost.exe
      c:\windows\servicing\TrustedInstaller.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
      c:\windows\system32\sppsvc.exe
      c:\program files\Microsoft Security Client\MpCmdRun.exe
      .
      **************************************************************************
      .
      Completion time: 2012-10-12 18:44:19 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-10-12 17:44
      .
      Pre-Run: 279.500.820.480 bytes libres
      Post-Run: 279.549.497.344 bytes libres
      .
      - - End Of File - - 730ACE06C23BF8EB5EC7D58D6769F10D

    3. #13
      Ex-Colaborador Avatar de Kirigi
      Registrado
      jun 2007
      Ubicación
      Venezuela
      Mensajes
      7.437

      Re: dt kill no me funciona

      Hola karlosrr,

      Asegurate de ejecutar Combofix desde el escritorio porque el reporte indica que lo has ejecutado desde otra ruta:

      Running from: c:\users\atb\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\UB7NAG9N\ComboFix.exe
      Al regreso me vuelves a dejar su nuevo reporte.

      PD: No interfieras por nada del mundo en la ejecución de CF



      Salu2

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #14
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      A ver si ahora s'i y gracias de nuevo Kirigi


      ComboFix 12-10-08.03 - atb 13/10/2012 12:36:27.3.2 - x86
      Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.3037.1826 [GMT 1:00]
      Running from: c:\users\atb\Desktop\ComboFix.exe
      AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
      FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
      SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-13 11:43 . 2012-10-13 11:43 -------- d-----w- c:\users\Mcx1-ATB-PC\AppData\Local\temp
      2012-10-13 11:43 . 2012-10-13 11:43 -------- d-----w- c:\users\Mcx1-ATB-PC.atb-PC\AppData\Local\temp
      2012-10-13 11:43 . 2012-10-13 11:43 -------- d-----w- c:\users\Invitado\AppData\Local\temp
      2012-10-13 11:43 . 2012-10-13 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-10-12 17:37 . 2012-10-13 11:43 -------- d-----w- c:\users\atb\AppData\Local\temp
      2012-10-12 15:28 . 2011-03-10 17:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
      2012-10-12 11:49 . 2012-10-12 23:37 -------- d-----w- c:\users\atb\AppData\Roaming\Skype
      2012-10-11 13:27 . 2012-10-11 13:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2012-10-10 15:37 . 2012-10-10 15:37 -------- d-----w- C:\_OTL
      2012-10-10 10:57 . 2012-10-10 10:57 -------- d-----w- c:\users\atb\AppData\Roaming\Panda Security
      2012-10-10 10:56 . 2012-10-10 10:56 -------- d-----w- c:\program files\Toolbar Cleaner
      2012-10-10 10:56 . 2012-10-10 10:56 -------- d-----w- c:\users\atb\AppData\Local\panda2_0dn
      2012-10-10 10:56 . 2012-10-13 10:26 -------- d-----w- c:\programdata\Panda Security URL Filtering
      2012-10-10 10:55 . 2012-10-10 10:56 -------- d-----w- c:\program files\Panda Security
      2012-10-10 10:55 . 2012-10-10 10:55 -------- d-----w- c:\programdata\Panda Security
      2012-10-10 10:26 . 2012-10-10 10:26 -------- d-----w- C:\_DT-Kill
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\users\atb\AppData\Roaming\Malwarebytes
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\programdata\Malwarebytes
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-10-09 23:33 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-10-09 23:26 . 2012-10-09 23:26 -------- d-----w- c:\users\atb\AppData\Roaming\FLEXnet
      2012-10-09 22:43 . 2012-10-09 23:10 -------- d-----w- c:\users\atb\AppData\Roaming\Nuance
      2012-10-09 22:34 . 2012-10-09 23:11 -------- d-----w- C:\DTRToll
      2012-10-09 21:54 . 2012-10-09 21:54 -------- d-----w- c:\program files\Trend Micro
      2012-10-09 21:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
      2012-10-09 21:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
      2012-10-09 21:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
      2012-10-09 21:02 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2012-10-09 21:02 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
      2012-10-09 21:02 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-10-09 21:02 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-10-06 23:31 . 2012-10-10 05:51 -------- d-----w- c:\program files\SopCast
      2012-10-05 22:04 . 2012-10-09 22:41 -------- d-----w- C:\VPSL
      2012-10-02 22:19 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-09-24 13:21 . 2012-10-10 05:51 -------- d-----w- c:\program files\Common Files\IVA
      2012-09-24 13:21 . 2012-10-10 05:51 -------- d-----w- c:\program files\Common Files\Nuance
      2012-09-24 13:17 . 2012-10-10 05:51 -------- d-----w- c:\programdata\Nuance
      2012-09-16 22:57 . 2012-09-16 22:57 1409 ----a-w- c:\windows\QTFont.for
      2012-09-15 10:46 . 2012-09-15 10:46 -------- d-----w- c:\program files\Xenocode
      2012-09-15 10:45 . 2012-09-15 10:45 -------- d-----w- c:\program files\FNMT-RCM
      2012-09-13 21:06 . 2012-09-13 21:06 36104 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
      2012-09-13 19:26 . 2012-09-13 19:26 33512 ----a-w- c:\windows\system32\drivers\taphss.sys
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-11 13:27 . 2012-08-28 10:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-10-11 13:27 . 2010-06-10 18:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
      2012-10-09 21:21 . 2012-04-18 08:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-09 21:21 . 2011-05-19 15:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-08-26 09:46 . 2012-08-26 09:46 121384 ----a-w- c:\windows\system32\drivers\PSINProt.sys
      2012-08-26 09:46 . 2012-08-26 09:46 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys
      2012-08-26 09:45 . 2012-08-26 09:45 175144 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
      2012-08-26 09:45 . 2012-08-26 09:45 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
      2012-08-26 09:45 . 2012-08-26 09:45 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
      2012-08-22 17:16 . 2012-09-12 10:20 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-08-22 17:16 . 2012-09-12 10:20 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-08-22 17:16 . 2012-09-12 10:20 240496 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-08-22 17:16 . 2012-09-12 10:20 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-08-02 16:57 . 2012-09-12 10:19 490496 ----a-w- c:\windows\system32\d3d10level9.dll
      2012-07-18 17:47 . 2012-08-17 12:24 2345984 ----a-w- c:\windows\system32\win32k.sys
      2009-10-07 15:21 . 2011-02-25 18:52 6410240 ----a-w- c:\program files\ABBYY FineReader 10 Professional Edition.msi
      2009-07-07 18:12 . 2011-02-25 18:52 245408 ----a-w- c:\program files\unicows.dll
      2009-07-07 18:12 . 2011-02-25 18:52 1822520 ----a-w- c:\program files\instmsiw.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
      2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
      .
      [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
      @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
      [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
      2010-01-28 21:56 135168 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "miCoach Manager"="c:\program files\adidas\miCoach Manager\SyncManager.exe" [2012-08-08 4339224]
      "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-30 222496]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-08-26 37152]
      "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
      "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-24 296056]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Etiqueta Virtual v1.0.lnk - c:\program files\Movistar\Etiqueta Virtual\EtiquetaVirtual.exe [2010-9-27 57344]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKLM\~\startupfolder\C:^Users^atb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
      path=c:\users\atb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
      backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
      backupExtension=.Startup
      .
      [HKLM\~\startupfolder\C:^Users^atb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
      path=c:\users\atb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
      backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
      backupExtension=.Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
      2010-02-08 14:51 1015808 ----a-w- c:\program files\Ares\Ares.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
      2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
      2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-03-21 11:58 136176 ----atw- c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
      2012-03-07 00:36 943504 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
      2012-03-24 13:52 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
      2012-03-07 00:36 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\miCoach Manager]
      2012-08-08 20:08 4339224 ----a-w- c:\program files\adidas\miCoach Manager\SyncManager.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
      2011-12-16 12:54 220744 ----a-w- c:\program files\PDF24\pdf24.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-05-24 08:27 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
      R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
      R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
      R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
      R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
      S1 aswSnx;aswSnx; [x]
      S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
      S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
      S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
      S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
      S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
      S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
      S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
      S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
      S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
      S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
      S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
      S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
      S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [x]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - NisDrv
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 21:21]
      .
      2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152185067-3705363877-1646377439-1000Core.job
      - c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 11:58]
      .
      2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152185067-3705363877-1646377439-1000UA.job
      - c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 11:58]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = https://www.google.es/
      mStart Page =
      IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
      IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
      IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
      IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
      Trusted Zone: aeat.es\www
      Trusted Zone: fnmt.es
      Trusted Zone: gob.es\agenciatributaria
      TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
      DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
      DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
      DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(8132)
      c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      Completion time: 2012-10-13 12:44:44
      ComboFix-quarantined-files.txt 2012-10-13 11:44
      ComboFix2.txt 2012-10-12 17:44
      .
      Pre-Run: 279.058.448.384 bytes libres
      Post-Run: 279.092.166.656 bytes libres
      .
      - - End Of File - - 09A4692F7460391C8959DB586DAC1C8B

    5. #15
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      Por cierto, para poder pasar el combofix en condiciones, y como no sabía cómo cerrarlo, desinstalé el microsoft security essentials. No sé si tiene que ver, pero esta mañana ya me va el teclado perfecto y puedo poner las tildes y los signos tal y como son. Eso sí, el malware me sigue advirtiendo cuando abro el explorer de que bloquea el acceso de la ip aquella de la que hablé antes...

    6. #16
      Ex-Colaborador Avatar de Kirigi
      Registrado
      jun 2007
      Ubicación
      Venezuela
      Mensajes
      7.437

      Re: dt kill no me funciona

      Hola karlosrr,

      Descarga la nueva versión de DT-Kill 3.0.4.

      Inicia en Modo a Prueba de Fallos

      Ejecuta DT-Kill y guardas su reporte para que lo pegues aquí en tu próxima respuesta.


      Salu2

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #17
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      Gracias de nuevo por la ayuda. He pasado el DT-Kill 2 veces y en ninguna de ellas me ha dejado reporte alguno, al menos que yo sepa y vea. Lo del teclado ya lo arreglé. Se me había puesto por defecto el inglés como idioma en la barra de tareas y en cuanto puse de nuevo el ES se acabó el problema.

    8. #18
      Ex-Colaborador Avatar de Kirigi
      Registrado
      jun 2007
      Ubicación
      Venezuela
      Mensajes
      7.437

      Re: dt kill no me funciona

      Buenas,

      El reporte tendría que estar ubicado en C:\DT-Kill.txt.

      Desinstala CF de la siguiente manera:

      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:



      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Luego descarga y ejecuta nuevamente CF, también seria bueno que realizaras un Análisis Completo con MBAM para que en tu próxima respuesta me dejas los reportes de CF, MBAM y DT-Kill.

      PD: Solo quiero asegurarme de que los reportes no muestren algo nueva que tengamos que sacar, aunque por lo que comentas de la dirección IP que siempre te bloquea MBAM me hace pensar que si debamos sacar algo mas.


      Salu2

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #19
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      vamos por partes. pego el report de combofix

      ComboFix 12-10-17.05 - atb 20/10/2012 20:26:09.5.2 - x86
      Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.3037.1915 [GMT 1:00]
      Running from: c:\users\atb\Desktop\ComboFix.exe
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\windows\system32\msstdfmt.dll
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
      .
      .
      2012-10-20 19:32 . 2012-10-20 19:33 -------- d-----w- c:\users\atb\AppData\Local\temp
      2012-10-20 19:32 . 2012-10-20 19:32 -------- d-----w- c:\users\Mcx1-ATB-PC\AppData\Local\temp
      2012-10-20 19:32 . 2012-10-20 19:32 -------- d-----w- c:\users\Mcx1-ATB-PC.atb-PC\AppData\Local\temp
      2012-10-20 19:32 . 2012-10-20 19:32 -------- d-----w- c:\users\Invitado\AppData\Local\temp
      2012-10-20 19:32 . 2012-10-20 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-10-19 21:26 . 2012-10-19 21:26 -------- d-----w- c:\users\atb\AppData\Roaming\GrabPro
      2012-10-19 21:26 . 2012-10-19 21:26 -------- d-----w- c:\users\atb\AppData\Roaming\Orbit
      2012-10-19 16:30 . 2012-10-19 16:30 -------- d-----w- c:\users\atb\AppData\Roaming\Prisa TV
      2012-10-19 08:06 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1077DEFB-7DAB-45C7-B9A3-8FB593DB521D}\mpengine.dll
      2012-10-18 13:08 . 2012-10-19 08:40 6080 ----a-w- c:\programdata\NanoRepository.bin
      2012-10-18 00:10 . 2012-10-18 00:10 -------- d-----w- c:\users\atb\AppData\Roaming\calibre
      2012-10-18 00:00 . 2012-10-18 18:53 -------- d-----w- c:\users\atb\AppData\Local\ElevatedDiagnostics
      2012-10-17 23:03 . 2012-10-17 23:03 -------- d-----w- c:\users\atb\AppData\Local\CRE
      2012-10-17 23:02 . 2012-10-17 23:02 -------- d-----w- c:\program files\uTorrent
      2012-10-17 23:01 . 2012-10-20 19:29 -------- d-----w- c:\users\atb\AppData\Roaming\uTorrent
      2012-10-14 16:17 . 2012-10-16 20:58 -------- d-----w- c:\users\atb\AppData\Roaming\DivX
      2012-10-14 12:17 . 2012-10-14 12:17 -------- d-----w- c:\users\atb\.WebSigner
      2012-10-12 11:49 . 2012-10-19 21:12 -------- d-----w- c:\users\atb\AppData\Roaming\Skype
      2012-10-11 13:27 . 2012-10-11 13:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2012-10-10 15:37 . 2012-10-10 15:37 -------- d-----w- C:\_OTL
      2012-10-10 10:57 . 2012-10-10 10:57 -------- d-----w- c:\users\atb\AppData\Roaming\Panda Security
      2012-10-10 10:55 . 2012-10-20 10:11 -------- d-----w- c:\program files\Panda Security
      2012-10-10 10:55 . 2012-10-10 10:55 -------- d-----w- c:\programdata\Panda Security
      2012-10-10 10:26 . 2012-10-10 10:26 -------- d-----w- C:\_DT-Kill
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\users\atb\AppData\Roaming\Malwarebytes
      2012-10-09 23:33 . 2012-10-09 23:33 -------- d-----w- c:\programdata\Malwarebytes
      2012-10-09 23:33 . 2012-10-20 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-10-09 23:33 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-10-09 23:26 . 2012-10-09 23:26 -------- d-----w- c:\users\atb\AppData\Roaming\FLEXnet
      2012-10-09 22:43 . 2012-10-09 23:10 -------- d-----w- c:\users\atb\AppData\Roaming\Nuance
      2012-10-09 22:34 . 2012-10-09 23:11 -------- d-----w- C:\DTRToll
      2012-10-09 21:54 . 2012-10-09 21:54 -------- d-----w- c:\program files\Trend Micro
      2012-10-09 21:02 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
      2012-10-09 21:02 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
      2012-10-09 21:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
      2012-10-09 21:02 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2012-10-09 21:02 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
      2012-10-09 21:02 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-10-09 21:02 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-10-06 23:31 . 2012-10-10 05:51 -------- d-----w- c:\program files\SopCast
      2012-10-05 22:04 . 2012-10-09 22:41 -------- d-----w- C:\VPSL
      2012-10-02 22:19 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-09-24 13:21 . 2012-10-10 05:51 -------- d-----w- c:\program files\Common Files\IVA
      2012-09-24 13:21 . 2012-10-10 05:51 -------- d-----w- c:\program files\Common Files\Nuance
      2012-09-24 13:17 . 2012-10-10 05:51 -------- d-----w- c:\programdata\Nuance
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-20 19:35 . 2012-10-20 19:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1077DEFB-7DAB-45C7-B9A3-8FB593DB521D}\offreg.dll
      2012-10-11 13:27 . 2012-08-28 10:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-10-11 13:27 . 2010-06-10 18:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
      2012-10-09 21:21 . 2012-04-18 08:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-09 21:21 . 2011-05-19 15:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-09-16 22:57 . 2012-09-16 22:57 1409 ----a-w- c:\windows\QTFont.for
      2012-09-13 21:06 . 2012-09-13 21:06 36104 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
      2012-09-13 19:26 . 2012-09-13 19:26 33512 ----a-w- c:\windows\system32\drivers\taphss.sys
      2012-08-22 17:16 . 2012-09-12 10:20 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2012-08-22 17:16 . 2012-09-12 10:20 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-08-22 17:16 . 2012-09-12 10:20 240496 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-08-22 17:16 . 2012-09-12 10:20 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-08-02 16:57 . 2012-09-12 10:19 490496 ----a-w- c:\windows\system32\d3d10level9.dll
      2009-10-07 15:21 . 2011-02-25 18:52 6410240 ----a-w- c:\program files\ABBYY FineReader 10 Professional Edition.msi
      2009-07-07 18:12 . 2011-02-25 18:52 245408 ----a-w- c:\program files\unicows.dll
      2009-07-07 18:12 . 2011-02-25 18:52 1822520 ----a-w- c:\program files\instmsiw.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\atb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
      @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
      [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
      2010-01-28 21:56 135168 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "miCoach Manager"="c:\program files\adidas\miCoach Manager\SyncManager.exe" [2012-08-08 4339224]
      "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-30 222496]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-05-24 296056]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe [2010-9-28 845584]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKLM\~\startupfolder\C:^Users^atb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
      path=c:\users\atb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
      backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
      backupExtension=.Startup
      .
      [HKLM\~\startupfolder\C:^Users^atb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
      path=c:\users\atb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
      backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
      backupExtension=.Startup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
      2010-02-08 14:51 1015808 ----a-w- c:\program files\Ares\Ares.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
      2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
      2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
      2010-03-21 11:58 136176 ----atw- c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
      2012-03-07 00:36 943504 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
      2012-03-24 13:52 21416 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
      2012-03-07 00:36 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\miCoach Manager]
      2012-08-08 20:08 4339224 ----a-w- c:\program files\adidas\miCoach Manager\SyncManager.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
      2011-12-16 12:54 220744 ----a-w- c:\program files\PDF24\pdf24.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-05-24 08:27 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
      R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
      R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
      R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
      R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
      S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
      S1 aswSnx;aswSnx; [x]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
      S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
      S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
      S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
      S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 21:21]
      .
      2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152185067-3705363877-1646377439-1000Core.job
      - c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 11:58]
      .
      2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3152185067-3705363877-1646377439-1000UA.job
      - c:\users\atb\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 11:58]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      mStart Page =
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
      Trusted Zone: aeat.es\www
      Trusted Zone: fnmt.es
      Trusted Zone: gob.es\agenciatributaria
      TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
      DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
      DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
      DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-10-20 20:37:05
      ComboFix-quarantined-files.txt 2012-10-20 19:37
      ComboFix2.txt 2012-10-18 19:19
      ComboFix3.txt 2012-10-13 11:44
      .
      Pre-Run: 279.995.510.784 bytes libres
      Post-Run: 280.235.216.896 bytes libres
      .
      - - End Of File - - 2C2952353BC7C34F0E7B1B9E20E86A13

    10. #20
      Usuario Avatar de karlosrr
      Registrado
      oct 2012
      Ubicación
      tenerife
      Mensajes
      15

      Re: dt kill no me funciona

      He intentado varias veces pasar el DT kill ese pero siempre se me termina bloqueando el pc y lo tengo que desenchufar pq ni ctrl alt supr sirve. Voy a pasarle el del malware a ver que me dice