• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Reporte ComboFix

    Hice el analisis a travez del ComboFix, y vi que puedo compartir aqui el reporte para que alguien pueda interpretarlo, nose si esta en el sub-foro correcto, pero agradeceria mucho si alguien me ayudara. Agui ...

    1. #1
      Usuario Avatar de Yoshiro Sonoda
      Registrado
      nov 2012
      Mensajes
      1

      Reporte ComboFix

      Hice el analisis a travez del ComboFix, y vi que puedo compartir aqui el reporte para que alguien pueda interpretarlo, nose si esta en el sub-foro correcto, pero agradeceria mucho si alguien me ayudara.

      Agui el reporte:
      ComboFix 12-11-16.02 - Facundo 17/11/2012 1:31.1.2 - x64 NETWORK
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.54.3082.18.4091.2953 [GMT -3:00]
      Running from: d:\administrador\Downloads\ComboFix.exe
      AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
      SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files (x86)\ESET\MiNODLogin
      c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe
      c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.jar
      c:\program files (x86)\ESET\MiNODLogin\MiNODLoginLib.dll
      c:\program files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
      c:\program files (x86)\ESET\MiNODLogin\servidores.xml
      c:\windows\SysWow64\URTTemp
      c:\windows\SysWow64\URTTemp\regtlib.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-17 04:37 . 2012-11-17 04:37 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-11-17 00:10 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28A19D1B-83D2-4622-BCF8-87B91E22EE23}\mpengine.dll
      2012-11-14 14:43 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\es-ES\wdf01000.sys.mui
      2012-11-14 14:43 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
      2012-11-14 14:43 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
      2012-11-14 14:43 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
      2012-11-14 14:35 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
      2012-11-14 14:35 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
      2012-11-14 14:35 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
      2012-11-14 14:35 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
      2012-11-14 14:35 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
      2012-11-14 14:35 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
      2012-11-14 14:35 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
      2012-11-14 14:25 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
      2012-11-14 14:25 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
      2012-11-02 10:10 . 2012-11-02 10:10 -------- d-----w- c:\program files\ESET
      2012-10-25 20:44 . 2012-10-25 20:44 -------- d-----w- c:\program files (x86)\Common Files\Java
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-14 14:35 . 2012-04-28 14:11 66395536 ----a-w- c:\windows\system32\MRT.exe
      2012-10-10 22:26 . 2012-04-28 14:09 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-10-10 22:26 . 2012-04-28 14:09 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-24 18:32 . 2012-07-30 13:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
      2012-09-24 18:32 . 2012-04-27 23:25 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-09-14 19:19 . 2012-10-10 18:02 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-09-14 18:28 . 2012-10-10 18:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
      2012-08-31 18:19 . 2012-10-10 18:02 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
      2012-08-30 18:03 . 2012-10-10 18:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-30 17:12 . 2012-10-10 18:01 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2012-08-30 17:12 . 2012-10-10 18:01 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2012-08-24 18:05 . 2012-10-10 18:01 220160 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-24 16:57 . 2012-10-10 18:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
      2012-08-22 18:12 . 2012-09-14 00:14 376688 ----a-w- c:\windows\system32\drivers\netio.sys
      2012-08-22 18:12 . 2012-09-14 00:14 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
      2012-08-22 18:12 . 2012-09-14 00:14 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-08-21 21:01 . 2012-09-25 20:55 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
      2012-08-20 18:48 . 2012-10-10 18:02 243200 ----a-w- c:\windows\system32\wow64.dll
      2012-08-20 18:48 . 2012-10-10 18:02 362496 ----a-w- c:\windows\system32\wow64win.dll
      2012-08-20 18:48 . 2012-10-10 18:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll
      2012-08-20 18:48 . 2012-10-10 18:02 215040 ----a-w- c:\windows\system32\winsrv.dll
      2012-08-20 18:48 . 2012-10-10 18:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll
      2012-08-20 18:48 . 2012-10-10 18:02 424448 ----a-w- c:\windows\system32\KernelBase.dll
      2012-08-20 18:48 . 2012-10-10 18:02 1162240 ----a-w- c:\windows\system32\kernel32.dll
      2012-08-20 18:46 . 2012-10-10 18:02 338432 ----a-w- c:\windows\system32\conhost.exe
      2012-08-20 18:38 . 2012-10-10 18:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
      2012-08-20 18:38 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
      2012-08-20 17:40 . 2012-10-10 18:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
      2012-08-20 17:38 . 2012-10-10 18:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
      2012-08-20 17:38 . 2012-10-10 18:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe
      2012-08-20 17:37 . 2012-10-10 18:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
      2012-08-20 17:37 . 2012-10-10 18:02 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
      2012-08-20 17:32 . 2012-10-10 18:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
      2012-08-20 17:32 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
      2012-08-20 15:38 . 2012-10-10 18:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe
      2012-08-20 15:38 . 2012-10-10 18:02 2048 ----a-w- c:\windows\SysWow64\user.exe
      2012-08-20 15:33 . 2012-10-10 18:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
      2012-08-20 15:33 . 2012-10-10 18:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
      2012-08-20 15:33 . 2012-10-10 18:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
      2012-08-20 15:33 . 2012-10-10 18:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
      2012-05-25 15:38 281424 ----a-w- c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
      "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
      "Facebook Update"="c:\users\Facundo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-12 137536]
      "Samsung Drive Manager"="c:\program files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe" [2011-10-28 5798008]
      "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
      "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
      "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
      "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-07 801792]
      "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-24 1190920]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Actualizar la licencia de ESET.lnk - c:\program files (x86)\ESET\MiNODLogin\MiNODLogin.exe [N/A]
      Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-11 113664]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
      "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      .
      R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
      R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
      R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
      R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
      R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
      R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-14 11576]
      R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-03 2072896]
      R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 70144]
      R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-03 1431888]
      R3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-23 22336]
      R3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 101184]
      R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
      R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-28 1255736]
      R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
      R4 DMAgent;Servicio de administración del dispositivo Red Bend de Intel® PROSet/Wireless WiMAX;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 402432]
      R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
      R4 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-10-28 19456]
      R4 WiMAXAppSrv;Servicio de Intel® PROSet/Wireless WiMAX;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 1048576]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-04 283200]
      S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet: NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
      S3 netw5v64;Controlador del adaptador Intel(R) Wireless WiFi Link 5000 Series para Windows Vista de 64 bits;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 22:26]
      .
      2012-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606612182-3140268879-3465394950-1000Core.job
      - c:\users\Facundo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-12 08:20]
      .
      2012-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606612182-3140268879-3465394950-1000UA.job
      - c:\users\Facundo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-12 08:20]
      .
      2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 13:35]
      .
      2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 13:35]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606612182-3140268879-3465394950-1000Core.job
      - c:\users\Facundo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 19:02]
      .
      2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606612182-3140268879-3465394950-1000UA.job
      - c:\users\Facundo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-04 19:02]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
      "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
      "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-07-30 1425408]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyServer = proxyrcia.unne.edu.ar:3128
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.1
      FF - ProfilePath - c:\users\Facundo\AppData\Roaming\Mozilla\Firefox\Profiles\dzp7pzpj.default\
      FF - prefs.js: network.proxy.http - proxyrcia.unne.edu.ar
      FF - prefs.js: network.proxy.http_port - 3128
      FF - prefs.js: network.proxy.type - 0
      FF - ExtSQL: 2012-10-25 17:43; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
      FF - user.js: network.http.max-persistent-connections-per-server - 4
      FF - user.js: nglayout.initialpaint.delay - 600
      FF - user.js: content.notify.interval - 600000
      FF - user.js: content.max.tokenizing.time - 1800000
      FF - user.js: content.switch.threshold - 600000
      .
      - - - - ORPHANS REMOVED - - - -
      .
      HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
      AddRemove-MiNODLogin - c:\program files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000b5
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-11-17 01:40:14
      ComboFix-quarantined-files.txt 2012-11-17 04:40
      .
      Pre-Run: 36.711.112.704 bytes libres
      Post-Run: 36.446.089.216 bytes libres
      .
      - - End Of File - - 8C053482D8A832A3F644079FD2D46610

      Muchas gracias.

    2. #2
      Ex-Colaborador Avatar de RevesdeLiberte
      Registrado
      feb 2010
      Ubicación
      México
      Mensajes
      7.976

      Re: Reporte ComboFix

      Hola Yoshiro Sonoda
      Bienvenido al Foro de InfoSpyware.





      ¡Atención! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      Responde lo siguiente:

      ¿Que te llevo a usar ComboFix? ¿Podrías decirnos si solo quieres que revisemos tu log? Por favor se mas especifico, ya que no se que quieres que hagamos por ti exactamente, ademas de que ejecutaste ComboFix de una ubicación incorrecta. Corta ComboFix.exe de la carpeta Downloads y pegalo en tu Escritorio.


      ___________________________


      Te pido paciencia mientras analizamos tu reporte de ComboFix, que como veras es muy extenso y esto lleva su tiempo. Responderé en la mayor brevedad posible.


      IMPORTANTE:

      • NO descargues o instales mas programas mientras terminamos la desinfección.

      • NO ejecutes otras herramientas Antivirus/Antimalwares. Aunque puedes activar nuevamente tu Antivirus.

      • NO ejecutes nuevamente ComboFix hasta que vuelva con una respuesta.



      Saludos.
      La paciencia es un árbol de raíces amargas, pero de frutos dulces.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.