• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    ad.adserverplus.com

    Estimados tengo problemas con esta pagina de miercoles hace varias semanas! Alguien podria ayudarme? Les dejo un informe del AT-Destroyer y del antivirus! AT DESTROYER: #################################################### A/T-Destroyer by InfoSpyware ############ A/T-Destroyer 1.0.7 By Infospyware www.infospyware.com ...

    1. #1
      Usuario Avatar de IarwainBenAdar
      Registrado
      dic 2011
      Ubicación
      Argentina
      Mensajes
      9

      ad.adserverplus.com

      Estimados tengo problemas con esta pagina de miercoles hace varias semanas! Alguien podria ayudarme?

      Les dejo un informe del AT-Destroyer y del antivirus!

      AT DESTROYER:
      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis 15/10/2012
      Hora iniciada en el analisis 18:24:38,07
      Usuario Actual : [C:\Users\Claudio]
      Sistema Operativo: Windows 7 Ultimate
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 8.0.7600.16385
      Modo Actual: Modo Normal.
      Privilegios: [Claudio-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox: 16.0.1

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======




      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Users\Claudio\Appdata\Local\GDIPFONTCACHEV1.DAT


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157


      "HKEY_USERS\S-1-5-21-719646835-4239414920-341080660-1000\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Local Page == C:\Windows\system32\blank.htm




      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("pref.browser.homepage.disable_button.restore_default", false);
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======






      ANTIVIRUS Avira Free



      Avira Free Antivirus
      Report file date: lunes, 15 de octubre de 2012 18:35

      Scanning for 4352755 virus strains and unwanted programs.

      The program is running as an unrestricted full version.
      Online services are available.

      Licensee : Avira AntiVir Personal - Free Antivirus
      Serial number : 0000149996-ADJIE-0000001
      Platform : Windows 7 Ultimate
      Windows version : (plain) [6.1.7600]
      Boot mode : Normally booted
      Username : SYSTEM
      Computer name : CLAUDIO-PC

      Version information:
      BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
      AVSCAN.EXE : 12.3.0.33 468472 Bytes 08/08/2012 23:37:08
      AVSCAN.DLL : 12.3.0.15 54736 Bytes 02/05/2012 18:31:39
      LUKE.DLL : 12.3.0.15 68304 Bytes 02/05/2012 04:31:47
      AVSCPLR.DLL : 12.3.0.14 97032 Bytes 02/05/2012 03:13:36
      AVREG.DLL : 12.3.0.17 232200 Bytes 26/05/2012 13:06:14
      VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 23:18:34
      VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 04:23:21
      VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 04:32:24
      VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 14:58:50
      VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 15:43:53
      VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 18:04:37
      VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 01:14:38
      VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 09:45:36
      VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 09:45:36
      VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 09:45:36
      VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 09:45:37
      VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 09:45:37
      VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 09:45:37
      VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 09:45:37
      VBASE014.VDF : 7.11.45.214 2048 Bytes 11/10/2012 09:45:38
      VBASE015.VDF : 7.11.45.215 2048 Bytes 11/10/2012 09:45:38
      VBASE016.VDF : 7.11.45.216 2048 Bytes 11/10/2012 09:45:38
      VBASE017.VDF : 7.11.45.217 2048 Bytes 11/10/2012 09:45:38
      VBASE018.VDF : 7.11.45.218 2048 Bytes 11/10/2012 09:45:39
      VBASE019.VDF : 7.11.45.219 2048 Bytes 11/10/2012 09:45:39
      VBASE020.VDF : 7.11.45.220 2048 Bytes 11/10/2012 09:45:39
      VBASE021.VDF : 7.11.45.221 2048 Bytes 11/10/2012 09:45:39
      VBASE022.VDF : 7.11.45.222 2048 Bytes 11/10/2012 09:45:40
      VBASE023.VDF : 7.11.45.223 2048 Bytes 11/10/2012 09:45:40
      VBASE024.VDF : 7.11.45.224 2048 Bytes 11/10/2012 09:45:40
      VBASE025.VDF : 7.11.45.225 2048 Bytes 11/10/2012 09:45:40
      VBASE026.VDF : 7.11.45.226 2048 Bytes 11/10/2012 09:45:41
      VBASE027.VDF : 7.11.45.227 2048 Bytes 11/10/2012 09:45:41
      VBASE028.VDF : 7.11.45.228 2048 Bytes 11/10/2012 09:45:41
      VBASE029.VDF : 7.11.45.229 2048 Bytes 11/10/2012 09:45:41
      VBASE030.VDF : 7.11.45.230 2048 Bytes 11/10/2012 09:45:42
      VBASE031.VDF : 7.11.46.60 201216 Bytes 15/10/2012 19:01:48
      Engine version : 8.2.10.184
      AEVDF.DLL : 8.1.2.10 102772 Bytes 28/07/2012 08:44:11
      AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 09:41:26
      AESCN.DLL : 8.1.9.2 131444 Bytes 26/09/2012 22:26:16
      AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 15:24:40
      AERDL.DLL : 8.1.9.15 639348 Bytes 21/01/2012 04:22:40
      AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 16:35:26
      AEOFFICE.DLL : 8.1.2.48 201082 Bytes 25/09/2012 13:11:57
      AEHEUR.DLL : 8.1.4.118 5423480 Bytes 12/10/2012 09:46:00
      AEHELP.DLL : 8.1.25.2 258423 Bytes 12/10/2012 09:45:44
      AEGEN.DLL : 8.1.5.38 434548 Bytes 26/09/2012 22:26:15
      AEEXP.DLL : 8.2.0.6 115060 Bytes 12/10/2012 09:46:00
      AEEMU.DLL : 8.1.3.2 393587 Bytes 28/07/2012 08:43:48
      AECORE.DLL : 8.1.28.2 201079 Bytes 26/09/2012 22:26:13
      AEBB.DLL : 8.1.1.0 53618 Bytes 21/01/2012 04:22:35
      AVWINLL.DLL : 12.3.0.15 27344 Bytes 02/05/2012 03:59:21
      AVPREF.DLL : 12.3.0.15 51920 Bytes 02/05/2012 03:44:31
      AVREP.DLL : 12.3.0.15 179208 Bytes 02/05/2012 03:13:35
      AVARKT.DLL : 12.3.0.15 211408 Bytes 02/05/2012 03:21:32
      AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 02/05/2012 03:28:49
      SQLITE3.DLL : 3.7.0.1 398288 Bytes 17/04/2012 02:11:02
      AVSMTP.DLL : 12.3.0.32 63480 Bytes 08/08/2012 23:37:09
      NETNT.DLL : 12.3.0.15 17104 Bytes 02/05/2012 04:33:29
      RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 08/08/2012 23:36:56
      RCTEXT.DLL : 12.3.0.31 97784 Bytes 08/08/2012 23:36:56

      Configuration settings for the scan:
      Jobname.............................: Complete system scan
      Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
      Logging.............................: default
      Primary action......................: Interactive
      Secondary action....................: Ignore
      Scan master boot sector.............: on
      Scan boot sector....................: on
      Boot sectors........................: C:, D:, F:,
      Process scan........................: on
      Extended process scan...............: on
      Scan registry.......................: on
      Search for rootkits.................: on
      Integrity checking of system files..: off
      Scan all files......................: All files
      Scan archives.......................: on
      Recursion depth.....................: 20
      Smart extensions....................: on
      Macro heuristic.....................: on
      File heuristic......................: extended

      Start of the scan: lunes, 15 de octubre de 2012 18:35

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!
      Boot sector 'F:\'
      [INFO] No virus was found!

      Starting search for hidden objects.
      An ARK library instance is already running.

      The scan of running processes will be started
      Scan process 'avscan.exe' - '88' Module(s) have been scanned
      Scan process 'avcenter.exe' - '91' Module(s) have been scanned
      Scan process 'svchost.exe' - '15' Module(s) have been scanned
      Scan process 'FlashPlayerPlugin_11_4_402_287.exe' - '65' Module(s) have been scanned
      Scan process 'FlashPlayerPlugin_11_4_402_287.exe' - '42' Module(s) have been scanned
      Scan process 'plugin-container.exe' - '69' Module(s) have been scanned
      Scan process 'avscan.exe' - '88' Module(s) have been scanned
      Scan process 'firefox.exe' - '96' Module(s) have been scanned
      Scan process 'explorer.exe' - '217' Module(s) have been scanned
      Scan process 'svchost.exe' - '54' Module(s) have been scanned
      Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
      Scan process 'wmpnetwk.exe' - '109' Module(s) have been scanned
      Scan process 'NMIndexStoreSvr.exe' - '51' Module(s) have been scanned
      Scan process 'SearchIndexer.exe' - '70' Module(s) have been scanned
      Scan process 'NMIndexingService.exe' - '45' Module(s) have been scanned
      Scan process 'MPAPI3s.exe' - '27' Module(s) have been scanned
      Scan process 'NclRSSrv.exe' - '17' Module(s) have been scanned
      Scan process 'NclUSBSrv.exe' - '26' Module(s) have been scanned
      Scan process 'svchost.exe' - '74' Module(s) have been scanned
      Scan process 'svchost.exe' - '37' Module(s) have been scanned
      Scan process 'ServiceLayer.exe' - '37' Module(s) have been scanned
      Scan process 'conhost.exe' - '14' Module(s) have been scanned
      Scan process 'avshadow.exe' - '22' Module(s) have been scanned
      Scan process 'tbhcn.exe' - '19' Module(s) have been scanned
      Scan process 'PcSync2.exe' - '67' Module(s) have been scanned
      Scan process 'PCSuite.exe' - '89' Module(s) have been scanned
      Scan process 'E_FATIFBB.EXE' - '27' Module(s) have been scanned
      Scan process 'DTLite.exe' - '35' Module(s) have been scanned
      Scan process 'NMBgMonitor.exe' - '47' Module(s) have been scanned
      Scan process 'sidebar.exe' - '75' Module(s) have been scanned
      Scan process 'AdobeARM.exe' - '77' Module(s) have been scanned
      Scan process 'avgnt.exe' - '83' Module(s) have been scanned
      Scan process 'jusched.exe' - '39' Module(s) have been scanned
      Scan process 'PlusService.exe' - '32' Module(s) have been scanned
      Scan process 'EEventManager.exe' - '69' Module(s) have been scanned
      Scan process 'PDVDServ.exe' - '26' Module(s) have been scanned
      Scan process 'GrooveMonitor.exe' - '49' Module(s) have been scanned
      Scan process 'taskhost.exe' - '50' Module(s) have been scanned
      Scan process 'Dwm.exe' - '31' Module(s) have been scanned
      Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
      Scan process 'WLIDSVC.EXE' - '79' Module(s) have been scanned
      Scan process 'svchost.exe' - '38' Module(s) have been scanned
      Scan process 'RichVideo.exe' - '25' Module(s) have been scanned
      Scan process 'IoctlSvc.exe' - '21' Module(s) have been scanned
      Scan process 'E_S40RP7.EXE' - '17' Module(s) have been scanned
      Scan process 'E_S40ST7.EXE' - '21' Module(s) have been scanned
      Scan process 'avguard.exe' - '60' Module(s) have been scanned
      Scan process 'svchost.exe' - '61' Module(s) have been scanned
      Scan process 'sched.exe' - '40' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
      Scan process 'atieclxx.exe' - '30' Module(s) have been scanned
      Scan process 'svchost.exe' - '84' Module(s) have been scanned
      Scan process 'svchost.exe' - '86' Module(s) have been scanned
      Scan process 'AUDIODG.EXE' - '41' Module(s) have been scanned
      Scan process 'svchost.exe' - '158' Module(s) have been scanned
      Scan process 'svchost.exe' - '94' Module(s) have been scanned
      Scan process 'svchost.exe' - '63' Module(s) have been scanned
      Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
      Scan process 'svchost.exe' - '34' Module(s) have been scanned
      Scan process 'svchost.exe' - '52' Module(s) have been scanned
      Scan process 'winlogon.exe' - '31' Module(s) have been scanned
      Scan process 'lsm.exe' - '16' Module(s) have been scanned
      Scan process 'lsass.exe' - '65' Module(s) have been scanned
      Scan process 'services.exe' - '33' Module(s) have been scanned
      Scan process 'csrss.exe' - '16' Module(s) have been scanned
      Scan process 'wininit.exe' - '26' Module(s) have been scanned
      Scan process 'csrss.exe' - '16' Module(s) have been scanned
      Scan process 'smss.exe' - '2' Module(s) have been scanned

      Starting to scan executable files (registry).
      The registry was scanned ( '4232' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\Program Files\WinRAR\rarnew.dat
      [WARNING] Error no files to extract
      C:\ProgramData\Age of Empires 3\Patches\AOE3Update1.cab
      [WARNING] The archive header is damaged
      C:\ProgramData\Yahoo!\YUpdater\YMSGR.YIM
      [WARNING] The archive header is damaged
      C:\Users\Claudio\AppData\Local\Temp\4h3DD65.exe
      [0] Archive type: Portable Executable Resource
      --> P22687807
      [1] Archive type: CAB (Microsoft)
      --> LanguageSelector64.7z
      [2] Archive type: 7-Zip
      --> LanguageSelector64.cab
      [3] Archive type: CAB (Microsoft)
      --> LanguageSelector64.msi
      [WARNING] The file could not be read!
      C:\Users\Claudio\AppData\Local\Temp\msgC2EA.exe
      [0] Archive type: Portable Executable Resource
      --> P22687807
      [1] Archive type: CAB (Microsoft)
      --> LanguageSelector64.7z
      [2] Archive type: 7-Zip
      --> LanguageSelector64.cab
      [3] Archive type: CAB (Microsoft)
      --> LanguageSelector64.msi
      [WARNING] The file could not be read!
      C:\Users\Claudio\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd
      [WARNING] The file is password protected
      C:\Users\Claudio\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\hosts.exe
      [DETECTION] Is the TR/Qhost.mju.53 Trojan
      C:\Users\Claudio\AppData\Local\Temp\ir_ext_temp_1\AutoPlay\autorun.cdd
      [WARNING] The file is password protected
      C:\Users\Claudio\AppData\Local\Temp\ir_ext_temp_1\AutoPlay\Scripts\hosts.exe
      [DETECTION] Is the TR/Qhost.mju.53 Trojan
      C:\Users\Claudio\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-09-2011 - 23-04-12.SBU
      [WARNING] The file is password protected
      C:\Users\Claudio\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 11-10-2010 - 22-35-01.SBU
      [WARNING] The file is password protected
      C:\Users\Claudio\Documents\WinDS PRO\windspro.cdd
      [WARNING] The file is password protected
      C:\Users\Claudio\Downloads\MsgPlusLive-483.exe
      [WARNING] The file is password protected
      C:\Windows\SoftwareDistribution\Download\0a4b4e086282402f614ca657800f2f78\BIT530C.tmp
      [0] Archive type: CAB SFX (self extracting)
      --> silverlight.7z
      [WARNING] The file could not be read!
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      C:\Windows\SoftwareDistribution\Download\3f064361a280e13db49d2edfe9da65d4\BITF0D9.tmp
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      C:\Windows\SoftwareDistribution\Download\5800e61703fb89a0c1579c09b2f79ffb\BITBCE2.tmp
      [WARNING] Invalid compressed data
      C:\Windows\SoftwareDistribution\Download\5a12fb0cb157724366d1cc90f0043c64\BIT49C6.tmp
      [WARNING] Invalid compressed data
      C:\Windows\SoftwareDistribution\Download\bea871d630db3f1ede26e8f2932a5936\BIT7B79.tmp
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      C:\Windows\SoftwareDistribution\Download\fe85e4cb6ad0555976b36a52a3203962\BIT2A4C.tmp
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
      [WARNING] Invalid end of file
      Begin scan in 'D:\'
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$R0ICM0Y.rar
      [WARNING] Error multiple volume
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$R724PJV.rar
      [WARNING] Error multiple volume
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RDDVQ5E.rar
      [WARNING] Error multiple volume
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RH06XH5.rar
      [WARNING] Error multiple volume
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RI3AL2J.rar
      [WARNING] Error multiple volume
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RLDPQCF.rar
      [WARNING] Error multiple volume
      D:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RPZUJOY.rar
      [WARNING] Error multiple volume
      D:\Download\Mnk_Isl_Pc_gme_ISO_CompucaliTv.Com_.part1.rar
      [WARNING] Error multiple volume
      D:\Download\Mnk_Isl_Pc_gme_ISO_CompucaliTv.Com_.part2.rar
      [WARNING] Error multiple volume
      D:\Download\Mnk_Isl_Pc_gme_ISO_CompucaliTv.Com_.part3.rar
      [WARNING] Error multiple volume
      D:\Download\Mnk_Isl_Pc_gme_ISO_CompucaliTv.Com_.part4.rar
      [WARNING] Error multiple volume
      D:\Download\Mnk_Isl_Pc_gme_ISO_CompucaliTv.Com_.part5.rar
      [WARNING] Error multiple volume
      D:\Download\MrA-JS8A.zip.part
      [WARNING] Invalid end of file
      Begin scan in 'F:\'
      F:\avira_free_antivirus_en.exe
      [WARNING] The file is password protected
      F:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RCA43RR.wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.H exploit
      F:\Claudio\Nokia 5130\Juegos\Gameloft_pack_Actualizado_2009.rar
      [WARNING] The file is password protected
      F:\Claudio\Teléfono\Backup\Temas\Dragon.thm
      [WARNING] Unexpected end of block
      F:\Claudio\Teléfono\themes\Dragon.thm
      [WARNING] Unexpected end of block
      F:\Download\Juegos\Juegos Gameloft\Other languages\Fort Boyard.rar
      [WARNING] The file is password protected
      F:\Download\Juegos\My Games\Aventuras Gráficas\Peke23c_M-I-3-para-tupac_ProgramasFull[1].net.part1.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Chesmaster_challenge\Chessmaster[1].Challenge\Chessmaster.Challenge.v1.0.0.123.WinALL.Incl.Keygen-ECLiPSE\Chessmaster[1].Challenge.rar
      [WARNING] The archive is password protected
      F:\Download\Juegos\My Games\Chess 3D v2.7\C3Dv2[1].7.rar
      [WARNING] The file is password protected
      F:\Download\Juegos\My Games\Pokemon\Rar\pokemon_diamante.part01.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Pokemon\Rar\pokemon_diamante.part02.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Pokemon\Rar\pokemon_diamante.part03.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Pokemon\Rar\pokemon_perla.part01.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Pokemon\Rar\pokemon_perla.part02.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Pokemon\Rar\pokemon_perla.part03.rar
      [WARNING] Error multiple volume
      F:\Download\Juegos\My Games\Rar\Monopoly Español+parche by Tongui.rar
      [0] Archive type: RAR
      --> Monopoly Español + Parche\Parcheador.exe
      [DETECTION] Is the TR/Offend.6345787 Trojan
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\Brilliant_Origami_-_David_Brill_-__AF.rar
      [WARNING] The file is password protected
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\origami_15.rar
      [WARNING] The file is password protected
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\origami_17.rar
      [WARNING] The file is password protected
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\origami_18.rar
      [WARNING] The file is password protected
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\origami_5.rar
      [WARNING] The file is password protected
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\Tanteidan_Convention_Book_1-5.rar
      [WARNING] The file is password protected
      F:\Download\Mis Libros Digitales\Origami\Archivos comprimidos\Toshikazu_Kawasaki_-_Origami_Dream_World_-_Flowers_and_Animals_-_AF.rar
      [WARNING] The file is password protected
      F:\Download\Programas\Eset Nod32 4 [Español]\Eset Nod32 4 [Español].rar
      [WARNING] The file is password protected
      F:\Download\Programas\Eset Nod32 4 [Español]\Eset Smat Security 4.0.1.zip
      [WARNING] The file is password protected
      F:\Download\Programas\Eset Nod32 4 [Español]\ESET.NOD32.Antivirus.v4.0.314.0.Business.Edition.Final.Spanish.x86.rar
      [WARNING] The file is password protected
      F:\Download\Programas\Herramientas y Programas\ares_2011_fulll.rar
      [0] Archive type: RAR
      --> ares 2011 fulll\Ares 3.1.5.3033.exe
      [DETECTION] Contains recognition pattern of the DR/Spy.Delf.iur.1 dropper
      F:\Download\Programas\Herramientas y Programas\PocketDivXEncoder_guachin_10.rar
      [WARNING] The file is password protected
      F:\My Shared Folder\08 testigo del sol lerner.wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.H exploit
      F:\My Shared Folder\leonardo favio nacio el nazareno (unpublished ver).wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.G exploit
      F:\My Shared Folder\pelicula rio (acoustic version).wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.H exploit
      F:\VALIDAR 7 Windows 7\CW.eXe
      [WARNING] The file is password protected

      Beginning disinfection:
      F:\My Shared Folder\pelicula rio (acoustic version).wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.H exploit
      [NOTE] A backup was created as '566935c4.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      F:\My Shared Folder\leonardo favio nacio el nazareno (unpublished ver).wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.G exploit
      [NOTE] A backup was created as '4efd1a6c.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      F:\My Shared Folder\08 testigo del sol lerner.wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.H exploit
      [NOTE] A backup was created as '1cd540d7.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      F:\Download\Programas\Herramientas y Programas\ares_2011_fulll.rar
      [DETECTION] Contains recognition pattern of the DR/Spy.Delf.iur.1 dropper
      [NOTE] A backup was created as '7a9f0f5b.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      F:\Download\Juegos\My Games\Rar\Monopoly Español+parche by Tongui.rar
      [DETECTION] Is the TR/Offend.6345787 Trojan
      [NOTE] A backup was created as '3f102263.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      F:\$RECYCLE.BIN\S-1-5-21-719646835-4239414920-341080660-1000\$RCA43RR.wma
      [DETECTION] Contains recognition pattern of the EXP/Wimad.H exploit
      [NOTE] A backup was created as '405e1028.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      C:\Users\Claudio\AppData\Local\Temp\ir_ext_temp_1\AutoPlay\Scripts\hosts.exe
      [DETECTION] Is the TR/Qhost.mju.53 Trojan
      [NOTE] A backup was created as '0cb63c4c.qua' ( QUARANTINE )
      [NOTE] The file was deleted!
      C:\Users\Claudio\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\hosts.exe
      [DETECTION] Is the TR/Qhost.mju.53 Trojan
      [NOTE] A backup was created as '70ae7c13.qua' ( QUARANTINE )
      [NOTE] The file was deleted!


      End of the scan: lunes, 15 de octubre de 2012 20:02
      Used time: 1:23:08 Hour(s)

      The scan has been done completely.

      20371 Scanned directories
      903048 Files were scanned
      8 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      8 Files were deleted
      0 Viruses and unwanted programs were repaired
      8 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      903040 Files not concerned
      18544 Archives were scanned
      58 Warnings
      8 Notes

    2. #2
      Usuario Avatar de IarwainBenAdar
      Registrado
      dic 2011
      Ubicación
      Argentina
      Mensajes
      9

      Re: ad.adserverplus.com

      Alguien podria ayudarme? Sigo con el problema!

    3. #3
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: ad.adserverplus.com

      Hola IarwainBenAdar
      Y bienvenido al foro

      Temas de interes:
      Porfavor, no te autorespondas. Si te autorespondes tu mensaje no aparecera con cero respuestas y pensaremos que ya estas siendo ayudado, cuando no es asi Si quieres añadir informacion usa la opcion Editar y no responder

      Ejecuta ATdestroyer y elige Desinstalar

      Antes de proceder con lo que marca tu antivirus, si te parece primero hagamos un proceso estandar para mandar eliminar lo que veo sospechoso en los reportes que marcas y los reportes de los programas que mandare en caso de no ser eliminados en el proceso.

      Realiza lo siguiente porfavor:
      Descarga y/o actualiza los siguientes programas pero no los ejecutes aun:
      Ejecuta Rkill (de usar windows vista o 7 ejecutalo como administrador) de preferncia colocandolo en el escritorio primero teniendo en cuenta esto.
      • Aparecera una ventana negra que indicara que la herramienta se ha ejecutado con exito.
      • Una vez ejecutado trata de no reiniciar hasta que en los demas pasos tengas que hacerlo o hasta que termines todo el procedimiento.
      • Si no sucede vuelve a ejecutarlo hasta que se ejecute (de ser necesario insiste, este paso es importante).


      Instala y actualiza Malwarebytes, te dejo su manual.
      • Realiza un escaneo Completo.
      • Cuando termine da en Mostrar resultados, y selecciona todo lo que aparesca y no este seleccionado.
      • Presiona en Eliminar Seleccionados, si te pide reiniciar procedes.


      Instala, y ejecuta glary utilities, despues ejecuta un mantenimiento one-click. Cualquier cosa te dejo su manual

      Realiza un escaneo con Bitdefender QuickScan segun su manual y desactiva temporalmente cualquier programa de seguridad:
      Y cuando termine presiona View Report (ver reporte), se abrira un reporte que puedes guardar en una ubicacion conocida o pegar directamente. En esta imagen te muestro donde se saca:
      Nos traerias los reporetes de Rkill (c:\rkill.log), Malwarebytes (de la pestaña Registros del programa) y BitDefender(si no lo guardaste esta en %appdata%\QuickScan\Report [año]-[mes]-[dia] [hora].[minuto].[segundo].txt) y nos comentarias como se encuentra el sistema.

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #4
      Usuario Avatar de IarwainBenAdar
      Registrado
      dic 2011
      Ubicación
      Argentina
      Mensajes
      9

      Re: ad.adserverplus.com

      Perdon por la demora DADIG!
      Te dejo los informes que me pediste:
      Por ahora no salta la pagina pero no sé si despues saldra! A veces pasa eso!
      Gracias por la ayuda que me estas dando!
      RKILL:

      Rkill 2.4.3 by Lawrence Abrams (Grinler)
      Bleeping Computer - Technical Support and Computer Help
      Copyright 2008-2012 BleepingComputer.com
      More Information about Rkill can be found at this link:
      RKill - What it does and What it Doesn't - A brief introduction to the program

      Program started at: 10/20/2012 12:01:09 PM in x86 mode.
      Windows Version: Windows 7 Ultimate

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * No malware processes found to kill.

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * Windows Firewall Disabled

      [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
      "EnableFirewall" = dword:00000000

      Checking Windows Service Integrity:

      * Centro de seguridad (wscsvc) is not Running.
      Startup Type set to: Disabled

      Searching for Missing Digital Signatures:

      * C:\Windows\System32\user32.dll [NoSig]
      +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811.520 : 07/13/2009 10:16 PM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]

      Checking HOSTS File:

      * Cannot edit the HOSTS file.
      * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: Hosts-perm.bat Download

      * HOSTS file entries found:

      127.0.0.1 genuine.microsoft.com
      127.0.0.1 mpa.one.microsoft.com
      127.0.0.1 sls.microsoft.com

      Program finished at: 10/20/2012 12:01:14 PM





      Malwarebytes:

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.10.20.05

      Windows 7 x86 NTFS
      Internet Explorer 8.0.7600.16385
      Claudio :: CLAUDIO-PC [administrador]

      20/10/2012 12:07:47
      mbam-log-2012-10-20 (12-07-47).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|F:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 421945
      Tiempo transcurrido: 1 hora(s), 24 minuto(s), 15 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 23
      HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\TypeLib\{8830ddf0-3042-404d-a62c-384a85e34833} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\wit4ie.WitBHO (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\tdataprotocol.CTData (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\updatebho.TimerBHO (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 3
      HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> datos: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> En cuarentena y eliminado con éxito.
      HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> datos: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> En cuarentena y eliminado con éxito.
      HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> datos: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> En cuarentena y eliminado con éxito.

      Elementos de Datos del Registro Detectados: 3
      HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 2
      C:\Users\Claudio\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Claudio\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> En cuarentena y eliminado con éxito.

      fin)






      Bitdefenders:


      QuickScan 32-bit v0.9.9.119
      ---------------------------
      Fecha de Análisis: Sat Oct 20 15:40:51 2012
      ID de la Máquina: 9A42198E



      ¡Análisis fallido! No se puede acceder al servidor QuickScan.
      -------------------------------------------------------------
      connect() timed out!



      Procesos
      --------
      Adobe Reader and Acrobat Manager 3168 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      Avira Free Antivirus 3148 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      DAEMON Tools Lite 3312 C:\Program Files\DAEMON Tools Lite\DTLite.exe
      EEventManager Application 3040 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
      EPSON Status Monitor 3 3400 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBB.EXE
      Firefox 3628 C:\Program Files\Mozilla Firefox\firefox.exe
      Firefox 1280 C:\Program Files\Mozilla Firefox\plugin-container.exe
      Java(TM) Platform SE Auto Updater 2 0 3108 C:\Program Files\Common Files\Java\Java Update\jusched.exe
      Messenger Plus! 5 3096 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
      Nero Home 3204 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      Nero Home 3412 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      Nokia Connectivity Library 3868 C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      PC Suite 3444 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      PC Sync 3456 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
      PowerDVD 2972 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      Sistema operativo Microsoft® Windows® 3180 C:\Program Files\Windows Sidebar\sidebar.exe
      Sistema operativo Microsoft® Windows® 2140 C:\Windows\explorer.exe
      tbhcn.exe 3504 C:\Users\Claudio\AppData\Roaming\BrowserCompanion\tbhcn.exe
      (verificado) GrooveMonitor Utility 2932 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      (verificado) Sistema operativo Microsoft® Windows® 2116 C:\Windows\System32\dwm.exe
      (verificado) Sistema operativo Microsoft® Windows® 2156 C:\Windows\System32\taskhost.exe


      Actividad de red
      ----------------
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 66.235.142.20
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 173.194.42.1
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 66.235.142.20
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 173.194.42.1
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 173.194.42.3
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 173.194.42.1
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 173.194.42.15
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 173.252.100.16
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 173.252.100.16
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 177.71.195.225
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 23.62.47.144
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 199.59.148.89
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 199.7.52.72
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 173.252.100.16
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 23.45.29.177
      Proceso firefox.exe (3628) conectado en el puerto 443 (HTTP over SSL) --> 23.45.29.177
      Proceso firefox.exe (3628) conectado en el puerto 80 (HTTP) --> 177.71.195.225

      Proceso EEventManager.exe (3040) escuchar en puertos: 2968


      Autoruns y archivos críticos
      ----------------------------
      Language Application C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
      Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
      Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      Avira Free Antivirus C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\DTLite.exe
      EEventManager Application C:\Program Files\Epson Software\Event Manager\EEventManager.exe
      EPSON Status Monitor 3 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBB.EXE
      Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
      Messenger Plus! 5 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
      Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      Nero Home C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      PC Suite C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      PC Sync C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
      Sistema operativo Microsoft® Windows® C:\Program Files\Windows Sidebar\sidebar.exe
      tbhcn.exe C:\Users\Claudio\AppData\Roaming\BrowserCompanion\tbhcn.exe
      (verificado) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      (verificado) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      (verificado) Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe


      Plugins del Navegador
      ---------------------
      AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
      Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
      Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
      Bitdefender QuickScan C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\zgnbno8c.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
      Epson Easy Photo Print (TBL) c:\program files\epson software\easy photo print\eptbl.dll
      Facebook Plugin C:\Users\Claudio\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
      Java Deployment Toolkit 7.0.50.255 C:\Windows\system32\npDeployJava1.dll
      Java(TM) Platform SE 7 U5 c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
      Java(TM) Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
      Java(TM) Platform SE 7 U5 c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
      Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
      Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
      NPSWF32_11_4_402_287.dll C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
      RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
      RealPlayer Version Plugin C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
      RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
      RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
      Uplay PC C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
      Windows® Internet Explorer C:\Windows\System32\ieframe.dll
      Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
      (verificado) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      (verificado) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
      (verificado) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
      (verificado) Sistema operativo Microsoft® Windows® C:\Windows\system32\mswsock.dll
      (verificado) Sistema operativo Microsoft® Windows® C:\Windows\system32\napinsp.dll
      (verificado) Sistema operativo Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll


      Analizar
      --------
      MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
      MD5: c98ff6c440e8967251f59c7919b505a1 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
      MD5: 85c55e94b8b5075310fd7bd7a8f5c457 C:\Program Files\Ares\chatServer.exe
      MD5: f4202f68bb3b9a08822238d9017ec638 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      MD5: c9a36ef935aced86aedf93e97e606911 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      MD5: 4200272ee793c5e139365e0afe9aab5b C:\Program Files\Avira\AntiVir Desktop\avipc.dll
      MD5: 19439b245c71a5c0c62af5671ed078e8 c:\program files\avira\antivir desktop\ccgen.dll
      MD5: 0a0f3612a73619a755c596a4441f25d9 c:\program files\avira\antivir desktop\ccgenrc.dll
      MD5: 126b2f509341c36d99bd15188592123a c:\program files\avira\antivir desktop\ccgrdrc.dll
      MD5: 7e6ba46e48a45dbad5aade3510598bdd c:\program files\avira\antivir desktop\ccgrdw.dll
      MD5: db7f445e3a62f96b8e5b4b61bcffd22e c:\program files\avira\antivir desktop\ccguard.dll
      MD5: 795d4835ce714f4a0c601766134f344b c:\program files\avira\antivir desktop\cclic.dll
      MD5: 5ac47e3ac56e5e8827c9c593cb86881e c:\program files\avira\antivir desktop\cclicrc.dll
      MD5: 82464461acdfba6b876bf9f74a66bcbb c:\program files\avira\antivir desktop\ccmainrc.dll
      MD5: 388129c269db1db1e36d89c8d27c330f c:\program files\avira\antivir desktop\ccmsg.dll
      MD5: 9d1c5d971235a5e84b1c25e7cefc52e4 c:\program files\avira\antivir desktop\ccmsgrc.dll
      MD5: 06f93da727d348689707611448470c9e c:\program files\avira\antivir desktop\ccupdate.dll
      MD5: 0800ff435a29dcd07d275798cfeb6ef2 c:\program files\avira\antivir desktop\ccupdrc.dll
      MD5: 5336c3171a5b80bb58220fe4ed795e47 C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
      MD5: 8e95eeecc7ec8624a360d4ee73e8e140 c:\program files\avira\antivir desktop\ccwgrd.dll
      MD5: 0915ef55171347230e465c98fa44dded C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
      MD5: 13b7445daad8ea6774d65fd9def5d199 c:\program files\avira\antivir desktop\cfglib.dll
      MD5: 80126bc6148cad0fdb4eff948232dc34 c:\program files\avira\antivir desktop\gpipc.dll
      MD5: 3ef34ffab47a2ecf4ce395edb6d15334 C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
      MD5: 3b31850fff112be58294896eb9f684f1 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
      MD5: 0a1cc583e8147004e4ad4625d7fbf88c C:\Program Files\Avira\AntiVir Desktop\sched.exe
      MD5: 885ba7ae8f650e7d7bcb5b966e00ddce c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
      MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      MD5: 2410f50d972e979167cecf127812dadf C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
      MD5: ee1a83c4fc6e9d0aff5a04612ed55516 C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll
      MD5: d36ed326635f4f04a330022343d3b486 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      MD5: 1b31d1266691edd4224b0036449f14b4 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      MD5: bdc7b7bfff3aa3f5cfa424eb97edcb44 C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll
      MD5: e7f8c75fbc41b4e483294eacb42ca835 C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll
      MD5: 5010b783a642bda49cab156df2ee608c C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll
      MD5: 193fa51dddd0bffded1c340f0434999a C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      MD5: 54926af226144e2ada2920cc6455a780 C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll
      MD5: 96e8cf4d3731d90058de39a3becad707 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      MD5: e3061b49684cab09ca250806f73b48ef C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
      MD5: 8045e8bb64dff679b492c04688024310 C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll
      MD5: 8818e2ee30a444051e6301ab942e5108 C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll
      MD5: 3b3a110d7f9b6990a10f47c2dd8ffe8b C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
      MD5: 241c7a225015e5c7d81cfff85e3a35cd C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll
      MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files\Common Files\Java\Java Update\jusched.exe
      MD5: 1264f787e46dc572fa274ca09b446e01 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
      MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
      MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
      MD5: fb01d4ae207b9efdbabfc55dc95c7e31 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      MD5: 12b95f15b418e60e8b2fc649836d631d C:\Program Files\Common Files\Nokia\Adapters\Nclaeo.dsc
      MD5: 86d8a5b74f984fcf0ea14c6aa8077eb2 C:\Program Files\Common Files\Nokia\Adapters\NclSet.dll
      MD5: 57a6f9c77d22a01735075beae21bf26b C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
      MD5: 72d15f55665a6ebad80363bfff2a3418 C:\Program Files\Common Files\Nokia\MPAPI\MPAPIps.dll
      MD5: d7fc7b3bdae8c0202961a4df17b0f293 C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll
      MD5: 405d6c6c1d5d255cb4ef1bfd1ce305e8 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
      MD5: 56f676060d70ba066459478824510bea C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      MD5: bd517c7fb119997effbe39d5e4b37b05 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      MD5: ea3329e06d7c794b788ceada90ab7000 c:\program files\epson software\easy photo print\eptbl.dll
      MD5: dfd0d26d2056f1d01adcdbb1e851119f C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\fioall32.dll
      MD5: 0bf1785d199b5da3cb6c61d7aeece654 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Ism.dll
      MD5: 5f725d2b7428ba815126f9efa21a1db9 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\SASM.dll
      MD5: d3f8a00d598090bfb18e70e02c12e38e C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
      MD5: 80117dbe266de563c7c661562530b556 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
      MD5: 7741f775060e84319198a7a67f1fe664 C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Tcm.dll
      MD5: 90a3525c7399b7784d28f99ea1a51c4c C:\Program Files\Epson Software\Event Manager\EEventManager.exe
      MD5: baf7bdd5a1eb63acd6eea20d4f731cb0 C:\Program Files\Epson Software\Event Manager\epnsm.dll
      MD5: 637124cdbff5819cb8a8478838a33048 C:\Program Files\Epson Software\Event Manager\ESPSUTL.dll
      MD5: 4d197238fdfaa5793d1b0961aaef649a C:\Program Files\Epson Software\Event Manager\MFC42.DLL
      MD5: 4ddc46c5feecf9eb92ad554d6ed37e0c C:\Program Files\Internet Explorer\ieproxy.dll
      MD5: d91afb6d2a0da7539b74fb5838775d94 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      MD5: dbc50c88618094aeee22723c11d6307a C:\Program Files\Mozilla Firefox\components\browsercomps.dll
      MD5: bc03475ec281aa1e685388896acade8d C:\Program Files\Mozilla Firefox\firefox.exe
      MD5: ea2a401f59cae941df233ac8b347f83b C:\Program Files\Mozilla Firefox\freebl3.dll
      MD5: 1cdb643f6561e4648d47b6bbf7333122 C:\Program Files\Mozilla Firefox\gkmedias.dll
      MD5: c2695f2c77081f68269d93014953657e C:\Program Files\Mozilla Firefox\mozalloc.dll
      MD5: cc6feb2186a2537dbd300da012428c8f C:\Program Files\Mozilla Firefox\mozglue.dll
      MD5: 461e8171cc252ce0be406f7928653493 C:\Program Files\Mozilla Firefox\mozjs.dll
      MD5: ad4e1f7a31b0d1df306e16aaeeac3a19 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
      MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll
      MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll
      MD5: bba763abf2de608fb5d196d4037695d8 C:\Program Files\Mozilla Firefox\nspr4.dll
      MD5: ae3023742879c317a1b1ca576185da98 C:\Program Files\Mozilla Firefox\nss3.dll
      MD5: 6ade2a1469d6cc8263d0bbe05fa60b5c C:\Program Files\Mozilla Firefox\nssckbi.dll
      MD5: 45357a45cb97c45a21a675cfc0070223 C:\Program Files\Mozilla Firefox\nssdbm3.dll
      MD5: a20918072f6e8d1175f1ccf4b3809e2c C:\Program Files\Mozilla Firefox\nssutil3.dll
      MD5: b67dd248876685c9c6f981b462876fad C:\Program Files\Mozilla Firefox\plc4.dll
      MD5: b1c8afe8e448dab0d8e9d4eaef2c5fe4 C:\Program Files\Mozilla Firefox\plds4.dll
      MD5: 0a9153fe672d620a8e8d921f2934749d C:\Program Files\Mozilla Firefox\plugin-container.exe
      MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
      MD5: 5453c8d0a33753de0cb32083a108b0fb C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
      MD5: 31a13d7d4e8e4946db38210e6a875762 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
      MD5: b5589f1f0aedc9cdfc6a3bab55b9a340 C:\Program Files\Mozilla Firefox\smime3.dll
      MD5: b6a4e9a4364ee9a6cd8d81ca3ab9ee36 C:\Program Files\Mozilla Firefox\softokn3.dll
      MD5: b2a0cb1c0a17a6c04625de4457b4b847 C:\Program Files\Mozilla Firefox\ssl3.dll
      MD5: f3ca1c3694eac2b2e44aef94406e3768 C:\Program Files\Mozilla Firefox\xpcom.dll
      MD5: c9cb0a6626b731206bf9e1007ce4755d C:\Program Files\Mozilla Firefox\xul.dll
      MD5: 4d7f2682d29b92a6251b17957aa0b985 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
      MD5: 3bae2bfcb6d69e19c8373f635dd544dc C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      MD5: ac503003201ac8aa0c0f38c24226f885 C:\Program Files\Nokia\Nokia PC Suite 7\CDC.dll
      MD5: fdc673e500a2f016d18f95a332c772ce C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
      MD5: c079635d98ff4d22704f947e7b3edf87 C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
      MD5: 4858cf335107cf78370bad27216847c3 C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\Lang\PcSync2_spa-co.nlr
      MD5: 1f9028f9898b2cc8efa1b5c64f805be3 C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa-co.nlr
      MD5: 00ebf6a8ead54ae120dbc6a9975014f9 C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL
      MD5: 43c517650dc4f71794e900507c74a0bb C:\Program Files\Nokia\Nokia PC Suite 7\PCSL.dll
      MD5: 69136be9b905f1f5b6f5ce91a4a0f834 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      MD5: abde7d0e6280dabc3a82d03321edd1cd C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
      MD5: 99ef3ec503b8da55715f662d062f64ab C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
      MD5: 596b5408b039688aefc70a9d893735fd C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
      MD5: 326bade62bf4906221ecc47382765672 C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll
      MD5: a818768a1c56b286eb111f0c855ede85 C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
      MD5: 23e9c312964094b04a335d7967ca2478 C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
      MD5: d6de3af053871787025483fbc14c2c07 C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\Resource\PcSync2_Nokia.ngr
      MD5: 52f2b75d5a6fb32056fd653d00c85a72 C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
      MD5: 6f383e65375bfd2aa2bd7beaf2c78f87 C:\Program Files\Nokia\Nokia PC Suite 7\styles\NGLStyle.dll
      MD5: 565b2e248ce57ad0d6a31d9fb200cb54 c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
      MD5: 18c6a57b569f088c2bd7b828a211ac06 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
      MD5: b82665cfecc58fb6479f33381abd9da2 c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
      MD5: 0551018c0fab2a10bfcae49dd123cb6d C:\Program Files\PC Connectivity Solution\ConfServer.dll
      MD5: 2573e4875ee11d254f0871e9a9192079 C:\Program Files\PC Connectivity Solution\ConnAPI.dll
      MD5: ae12c74234f1119f6537288082e6f57a C:\Program Files\PC Connectivity Solution\DAAPI.dll
      MD5: eff30dcb002c9040037ac23c67f3e889 C:\Program Files\PC Connectivity Solution\PCCS_ABAPI.dll
      MD5: 8c1f87f5fdd92229d1754b98f073913f C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      MD5: 5453c8d0a33753de0cb32083a108b0fb C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
      MD5: 31a13d7d4e8e4946db38210e6a875762 C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
      MD5: f835116b5ceeb4b88dd7b7b680c1ddde C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
      MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe
      MD5: ea6eadf6314e43783ba8eee79f93f73c C:\Program Files\Windows Sidebar\sidebar.exe
      MD5: 178c1c9dcd101e98fa82e51d311b8b3d C:\Program Files\Yahoo!\Shared\npYState.dll
      MD5: 38730da946574c0f60bc498c09ffc313 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
      MD5: 8fe6ab59cab8f2c038fea9522a5eeba7 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
      MD5: ec6a73cd8413f68655e5e0b99c415a21 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
      MD5: 8df4449b75c3c6743666844771cc3bea C:\Users\Claudio\AppData\Roaming\BrowserCompanion\tbhcn.exe
      MD5: d94c362e750f8c283bf52537d3df28b5 C:\Users\Claudio\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
      MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\zgnbno8c.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
      MD5: 15bc38a7492befe831966adb477cf76f C:\Windows\explorer.exe
      MD5: b19505648f033393e907e2e419fde8b3 C:\Windows\system32\atiesrxx.exe
      MD5: fabfc817547eabb19b74849cef410622 C:\Windows\system32\authui.dll
      MD5: d5541f0afb767e85fc412fc609d96a74 C:\Windows\system32\DRIVERS\avgntflt.sys
      MD5: 7d967a682d4694df7fa57d63a2db01fe C:\Windows\system32\DRIVERS\avipbb.sys
      MD5: 53e56450da16a1a7f0d002f511113f67 C:\Windows\system32\DRIVERS\avkmgr.sys
      MD5: cfe3462a9e94a57dcd9676f6b7fe7f67 C:\Windows\system32\drivers\ccdcmb.sys
      MD5: 8f2a94f991f8c73cec26b4b5620d1edc C:\Windows\system32\drivers\ccdcmbo.sys
      MD5: fd2041e9ba03db7764b2248f02475079 C:\Windows\system32\DRIVERS\pccsmcfd.sys
      MD5: 7dfd48e24479b68b258d8770121155a0 C:\Windows\system32\DRIVERS\Rt86win7.sys
      MD5: b5665baa2120b8a54e22e9cd07c05106 C:\Windows\System32\DRIVERS\srvnet.sys
      MD5: 88701eca76145e2c011c0eeff0f7b70e C:\Windows\system32\drivers\usbser.sys
      MD5: ec01da44b090d2651fc032c8b9257232 C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
      MD5: 4abd37cfbd710e64f01f9da8710c73f7 C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
      MD5: 3f753d64b3a3aba0690aeeb8e4f12460 C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
      MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\Windows\system32\dwmcore.dll
      MD5: 118d5c5b6fd11ef9120feb59f8b1c2b6 C:\Windows\system32\eswiaud.dll
      MD5: 875e4e0661f3a5994df9e5e3a0a4f96b C:\Windows\system32\IoctlSvc.exe
      MD5: 7852e03bb44413b0b4c987040c1d0ad8 C:\Windows\system32\IPROP.dll
      MD5: 4605f7ee9805f7e1c98d6c959dd2949c C:\Windows\system32\kernel32.dll
      MD5: 44c00a385ca9dbc1d5cf3781f8c26aea C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
      MD5: e7bc792810ec02dd1f7ed25d830e9324 C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
      MD5: 9328256796efad2ac9632fd9a76eed95 C:\Windows\system32\MFC100ESN.DLL
      MD5: f32077df74efd435a1dcdf415e189df1 C:\Windows\system32\mfc100u.dll
      MD5: 93a232664e26057d8652ee30b13fd86c C:\Windows\system32\MFC42LOC.DLL
      MD5: f5777c29e38e4bf12c6f93a0b2f1b2d7 C:\Windows\system32\MSASN1.dll
      MD5: e3c817f7fe44cc870ecdbcbc3ea36132 C:\Windows\system32\MSVCP100.dll
      MD5: bf38660a9125935658cfa3e53fdc7d65 C:\Windows\system32\MSVCR100.dll
      MD5: 2f4781f84c92e8c4b1586e47a78e8a61 C:\Windows\system32\npDeployJava1.dll
      MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\Windows\System32\pnidui.dll
      MD5: 7ac2182fa963efd2f72e8399bf0e67f9 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBB.EXE
      MD5: 208bb12b813b11900a703be2376b378e C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAUDFBB.DLL
      MD5: 4c287f9069fedbd791178876ee9de536 C:\Windows\system32\sppsvc.exe
      MD5: 8c7fe6b9559204765849bff308764fa5 C:\Windows\System32\SyncCenter.dll
      MD5: 04105c8da62353589c29bdaeb8d88bd8 C:\Windows\system32\sysmain.dll
      MD5: fad2a307838f66f2037868460a71dbbd C:\Windows\system32\t2embed.dll
      MD5: 8626f0c30d4e3564ffdd25c90f4426f1 C:\Windows\system32\USER32.dll
      MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\Windows\system32\wbengine.exe
      MD5: 9a6dedbe309aa0ce2c31ee6799b38e4f C:\Windows\System32\werconcpl.dll
      MD5: 80279007cab3549a5999348bd0c23732 C:\Windows\system32\wiadss.dll
      MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl
      MD5: a33408cc036f9c08142b11be5e93f0a1 C:\Windows\system32\wuaueng.dll
      MD5: 59306373078dd1175b4bbcd5081a2ea0 C:\Windows\TWAIN_32.DLL
      MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
      MD5: 154b11cc93fc5a4a03e21d3dedfb5879 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL


      Scan finished - communication took 20 sec
      Total traffic - 0.00 MB enviado, 0.00 KB recibido
      Scanned 820 files and modules - 21 seconds

      ==============================================================================

    5. #5
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: ad.adserverplus.com

      Hola

      Realiza lo siguiente porfavor:
      Actualiza Java de la siguiente forma:
      1. Descarga e instala Java de su pagina oficial: Descarga gratuita de software de Java
      2. Ejecuta JavaRa (Manual de JavaRa) y si descargas la version 2 procede de la siguiente forma:
        1. Ejecuta JavaRa como administrador, y presiona donde dice Update JavaRa Definitions,
        2. Ve a Remove JRE y elimina todos los que te aparescan anteriores a la actual.
        3. Despues ve a Aditional Task y marca donde dice Remove Outdated Firefox Extensions y presiona Run.
      3. Desinstala cualquier version de Java anterior a la actual, en este caso 7 update 9

      Nota: cuando quieras verificar tu version de Java puedes ir a este enlace: Verificar la versión de Java
      Descarga OTM y colocalo en el esritorio:

      Precaución: OTMoveIt es un programa muy potente, diseñado para remover archivos y carpetas rebeldes en el proceso de detección y eliminación de las infecciones causada por diversos tipos de malware. Se recomienda que sea "utilizado bajo la dirección y supervisión de un experto", no para uso privado. El uso de esta herramienta incorrecta y sin un control adecuado puede llevar a desastrosos problemas con su sistema operativo.
      • Despues ejecutalo segun su manual y desactivando temporalmente cualquier programa de seguridad.
      • Pegaras el siguiente texto en el marco izquierdo que pone Paste instruccions for items to be moved - (Se excluye la palabra "codigo").
        Código:
        :processes
        tbhcn.exe
        
        :files
        C:\Users\Claudio\AppData\LocalLow\bbrs_002.tb
        C:\Users\Claudio\AppData\Roaming\BrowserCompanion\tbhcn.exe
        C:\Users\Claudio\AppData\Roaming\BrowserCompanion
        
        :commands
        [emptyjava]
        [emptytemp]
        [emptyflash]
      • Presionas el boton MoveIt!.
      • El programa comenzara a hacer su trabajo, espera pacientemente a que termine.
      • Cuando termine te preguntara si quieres reiniciar para eliminr algunos archivos.
      • Le damos "Yes" para reiniciar de inmediato, Permite que se reinicie el equipo, esto es importante.. De no hacerlo reinicia manualmente

      Nota: Es posible que note archivos u carpetas visibles en el escritorio y/o en otro apartado del sistema, esto es normal, al finalizar los procedimientos, todo volverá a la normalidad.
      Nos traerias el reporte de OTM de C: \ _ OTM\MovedFiles\***_***.log (Donde sale "***_***" es la fecha y hora) comentandonos como se encuentra el sistema y si podemos dar el tema por solucionado.

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de IarwainBenAdar
      Registrado
      dic 2011
      Ubicación
      Argentina
      Mensajes
      9

      Re: ad.adserverplus.com

      Dadig-Bass:
      Hice todo lo marcado, hasta antes de reiniciar la pc la página seguia apareciendo.
      Luego de realizar lo que me dijiste con el OTM y reiniciar automaticamente la maquina me han aparecido archivos ocultos. En el escritorio son dos "desktop.ini", en el disco C son carpetas y algunos archivos:
      $Recycle.Bin, Archivos de programa, Documents and Settings (las tres tienen un iconito con forma de carpeta con un candado), MSOCache, ProgramData, Recovery, System Volume Information, y varios archivos más.
      Pasa lo mismo en las otras particiones!

      El reporte del OTM es el siguiente:

      All processes killed
      ========== PROCESSES ==========
      No active process named tbhcn.exe was found!
      ========== FILES ==========
      File/Folder C:\Users\Claudio\AppData\LocalLow\bbrs_002.tb not found.
      File/Folder C:\Users\Claudio\AppData\Roaming\BrowserCompanion\tbhcn.exe not found.
      File/Folder C:\Users\Claudio\AppData\Roaming\BrowserCompanion not found.
      ========== COMMANDS ==========

      [EMPTYJAVA]

      User: All Users

      User: Claudio
      ->Java cache emptied: 0 bytes

      User: Default

      User: Default User

      User: Invitado
      ->Java cache emptied: 0 bytes

      User: Public

      Total Java Files Cleaned = 0,00 mb


      [EMPTYTEMP]

      User: All Users

      User: Claudio
      ->Temp folder emptied: 1161846 bytes
      ->Temporary Internet Files folder emptied: 213211 bytes
      ->Java cache emptied: 0 bytes
      ->FireFox cache emptied: 372849343 bytes
      ->Flash cache emptied: 34680 bytes

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Invitado
      ->Temp folder emptied: 304841 bytes
      ->Temporary Internet Files folder emptied: 42780899 bytes
      ->Java cache emptied: 0 bytes
      ->Flash cache emptied: 1312 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 1232769 bytes
      %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3763418 bytes
      %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
      RecycleBin emptied: 281360 bytes

      Total Files Cleaned = 403,00 mb


      [EMPTYFLASH]

      User: All Users

      User: Claudio
      ->Flash cache emptied: 0 bytes

      User: Default

      User: Default User

      User: Invitado
      ->Flash cache emptied: 0 bytes

      User: Public

      Total Flash Files Cleaned = 0,00 mb


      OTM by OldTimer - Version 3.1.21.0 log created on 10212012_013257




      y este es un intento fallido:

      All processes killed
      Error: Unable to interpret <[emptytemp]> in the current context!
      Error: Unable to interpret <[emptyflash]> in the current context!

      OTM by OldTimer - Version 3.1.21.0 log created on 10212012_012824

    7. #7
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: ad.adserverplus.com

      Cita Originalmente publicado por dadig-Bass.exe Ver Mensaje
      Nota: Es posible que note archivos u carpetas visibles en el escritorio y/o en otro apartado del sistema, esto es normal, al finalizar los procedimientos, todo volverá a la normalidad.
      Si lees bien mi respuesta ya habia comentado que pasaria y que es algo normal n.n Asi que no es necesario preocuparse

      Comentas que antes de reiniciar seguia apareciendo pero no si despues.

      ¿Como sigue el problema?

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de IarwainBenAdar
      Registrado
      dic 2011
      Ubicación
      Argentina
      Mensajes
      9

      Re: ad.adserverplus.com

      Perdon, es que como se reinicio varias veces la pc obvie esa parte.
      Por ahora no aparece la página, pero en las anteriores oportunidades también paso esto y a lo largo del día volvía a aparecer.
      Gracias por la mano que me estas dando!

      Saludos!

    9. #9
      Moderador
      Avatar de @DavidG_EB
      Registrado
      jul 2009
      Ubicación
      Mexico
      Mensajes
      10.633

      Re: ad.adserverplus.com

      Buenas

      Ejecuta OTM y presiona CleanUp!, espera a que termine, y cuando te pida reiniciar procede. Esto debera limpiar el equipo del programa y deshacer los cambios.

      Prueba el equipo y nos coments si podemos dar el tema por solucionado o si persiste.

      Saludos
      ErdrickBass
      No importa lo fuerte que sea tu oponente. Lo importante es que estés de pie ante él

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de IarwainBenAdar
      Registrado
      dic 2011
      Ubicación
      Argentina
      Mensajes
      9

      Re: ad.adserverplus.com

      Estimado! Lamento informar que, luego de ejeturar el OTM y presionar CleanUp!, el problema persiste :(! Puede ser que sea tan invasivo, potente, dificil de erradicar, etc. este "virus"?

    Página 1 de 2 12 ÚltimoÚltimo