• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Adware cada vez que abro IE (Solucionado)

    Resumen del tema: Adware cada vez que abro IE (Solucionado) - Hola! necesito su ayuda, ya que desde hace dos dias, cada vez que abro internet explorer me sale un aviso del antivirus (microsoft security essentials) de un adware llamado win32:FastSaveApp, al abrir cualquier pagina me ...

      
    1. #1
      Usuario Avatar de charles
      Registrado
      dic 2012
      Ubicación
      chile
      Mensajes
      6

      Adware cada vez que abro IE (Solucionado)

      Hola! necesito su ayuda, ya que desde hace dos dias, cada vez que abro internet explorer me sale un aviso del antivirus (microsoft security essentials) de un adware llamado win32:FastSaveApp, al abrir cualquier pagina me sale el aviso y a pesar de que pongo la opción de limpiar, me vuelve a salir, probe con super anti spyware pero sigue igual. ¿que puedo hacer?

    2. #2
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.112

      Re: Adware cada vez que abro IE

      Hola



      • Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus

      • Descarga la Herramienta AT-Destroyer (by InfoSpyware)

      • Ejecuta la herramienta como administrador.
      • (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")

      • Aparecerá el Disclaimer de la herramienta. Presiona .

      • Presiona sobre la opción 1 (Buscar y Destruir)

      • La herramienta desconectará el escritorio moméntaneamente.

      • En caso de estar infectado,la herramienta lo indicará con lineas rojas donde se haya encontrado la infección,sino,serán lineas verdes.

      • Una vez terminado el escaneo,podrás volver a ver el escritorio y se te abrirá un reporte,que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.











      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de charles
      Registrado
      dic 2012
      Ubicación
      chile
      Mensajes
      6

      Re: Adware cada vez que abro IE

      segui todos los pasos, pero sigue sucediendo lo mismo, vuelve a salir el aviso cada vez que abro cualquier pagina en internet explorer, este es el reporte que arrojo:

      ######################## AT-Destroyer [2.1] By Infospyware.
      Hora/Día/Mes/Año: 15:39:12 \\\ 13/12/2012
      AT-Destroyer 2.1 By Infospyware ---> www.infospyware.com
      Última actualización: 30/11/2012
      Opción escogida: 2 :Buscar y Destruir
      Versión Internet Explorer:9.0.8112.16421
      Privilegios: Karloz - Administrador
      Modo Actual: Modo Normal.
      Nombre del pc: KARLOZ-PC
      Información del sistema operativo:X64-WIN_7-Service Pack 1
      nombre del usuario:Karloz
      Lenguaje del sistema: Español



      >>>>>>> Servicios <<<<<<<



      >>>>>> Carpetas <<<<<<

      C:\Program Files (x86)\Conduit\Community Alerts 92
      C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll 92
      C:\Program Files (x86)\Conduit 92


      >>>>>> Archivos <<<<<<

      C:\user.js


      >>>>>> Registro <<<<<<

      HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
      HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
      HKEY_CURRENT_USER\Software\ImInstaller
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
      HKEY_CURRENT_USER\Software\Conduit
      HKEY_LOCAL_MACHINE\SOFTWARE\Conduit
      HKEY_LOCAL_MACHINE\SOFTWARE\Incredimail
      HKCU\SOFTWARE\Incredimail
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar ----> {30F9B915-B755-4826-820B-08FBA6BD249D}


      >>>>>> Heurística <<<<<<



      >>>>>> Internet Explorer <<<<<<

      Start Page==www.google.com
      Local Page==C:\Windows\SysWOW64\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL==http://go.microsoft.com/fwlink/?LinkId=69157


      ''HKCU\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==


      HKEY_USERS\S-1-5-21-4009809174-2574073245-2453878831-1001\Software\Microsoft\Internet Explorer\Main''
      Start Page==www.google.com
      Local Page==C:\Windows\system32\blank.htm
      Search Page==http://go.microsoft.com/fwlink/?LinkId=54896
      Default_search_url==
      Default_Page_URL==


      >>>>>> Extensiones Firefox <<<<<<



      >>>>>> Plugins Firefox <<<<<<

      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
      HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader

      >>>>>> Google Chrome <<<<<<

      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      >>>>>> Extensiones Google Chrome <<<<<<

      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\10
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplehagehojnbajhfcoegeikbgnmeejd
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcegipepmgdepdbdhglgcboebcncdmg
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdifojhfkciiheoonhdlfokajblkbe
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgigkncdjnacedhdlikendmagmfeg
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      C:\Users\Karloz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppjemjejnnojomfekgbpbbnecicblllf

      ======== Listado ===========

      [17-12-2011 17:14] [27-04-2010 17:49] [DI] C:\Users\Karloz\AppData\Roaming\Ahead
      [22-09-2011 19:32] [22-09-2011 19:22] [DI] C:\Users\Karloz\AppData\Roaming\Apple Computer
      [26-11-2011 15:04] [26-11-2011 15:04] [DI] C:\Users\Karloz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
      [01-02-2011 20:01] [16-03-2010 18:43] [DI] C:\Users\Karloz\AppData\Roaming\Creative
      [16-03-2010 18:52] [16-03-2010 18:52] [DI] C:\Users\Karloz\AppData\Roaming\CyberLink
      [16-03-2010 18:19] [16-03-2010 18:19] [DI] C:\Users\Karloz\AppData\Roaming\Dell
      [13-07-2010 23:08] [13-07-2010 22:40] [DI] C:\Users\Karloz\AppData\Roaming\DivX
      [22-07-2010 18:15] [22-07-2010 14:53] [DI] C:\Users\Karloz\AppData\Roaming\Download Manager
      [13-12-2012 14:31] [29-07-2012 23:33] [DI] C:\Users\Karloz\AppData\Roaming\Dropbox
      [11-06-2010 20:27] [11-06-2010 0:05] [DI] C:\Users\Karloz\AppData\Roaming\f2fElementary
      [20-09-2012 18:03] [20-09-2012 18:02] [DI] C:\Users\Karloz\AppData\Roaming\Google
      [16-03-2010 18:18] [16-03-2010 18:18] [DI] C:\Users\Karloz\AppData\Roaming\Identities
      [16-03-2010 18:02] [16-03-2010 18:02] [DI] C:\Users\Karloz\AppData\Roaming\Macromedia
      [ 21-03-2010 2:09] [ 21-03-2010 2:09] [DI] C:\Users\Karloz\AppData\Roaming\Macrovision
      [ 14-07-2009 6:09] [ 16-03-2010 18:14] [DI] C:\Users\Karloz\AppData\Roaming\Media Center Programs
      [13-12-2012 15:28] [22-03-2010 21:08] [DI] C:\Users\Karloz\AppData\Roaming\Media Player Classic
      [16-03-2012 16:36] [16-03-2010 18:14] [SDI] C:\Users\Karloz\AppData\Roaming\Microsoft
      [ 25-12-2011 1:12] [ 25-12-2011 1:12] [DI] C:\Users\Karloz\AppData\Roaming\Mozilla
      [30-09-2011 19:20] [30-09-2011 19:20] [DI] C:\Users\Karloz\AppData\Roaming\NCH Swift Sound
      [14-03-2012 15:18] [10-04-2011 15:41] [DI] C:\Users\Karloz\AppData\Roaming\Nero
      [02-03-2011 22:01] [12-12-2010 15:09] [DI] C:\Users\Karloz\AppData\Roaming\PCDr
      [ 25-12-2011 1:13] [ 25-12-2011 1:13] [DI] C:\Users\Karloz\AppData\Roaming\Philips
      [ 25-12-2011 1:12] [ 25-12-2011 1:12] [DI] C:\Users\Karloz\AppData\Roaming\Philips-Songbird
      [01-02-2011 20:01] [29-08-2010 20:54] [DI] C:\Users\Karloz\AppData\Roaming\PhotoScape
      [03-03-2012 22:01] [03-03-2012 22:01] [DI] C:\Users\Karloz\AppData\Roaming\Publish Providers
      [16-03-2010 18:48] [16-03-2010 18:48] [DI] C:\Users\Karloz\AppData\Roaming\Reallusion
      [16-03-2010 18:18] [16-03-2010 18:18] [DI] C:\Users\Karloz\AppData\Roaming\Roxio
      [20-12-2011 21:17] [20-12-2011 21:17] [DI] C:\Users\Karloz\AppData\Roaming\Roxio Log Files
      [02-07-2010 19:47] [02-07-2010 19:47] [DI] C:\Users\Karloz\AppData\Roaming\Simple Star
      [10-04-2011 15:45] [26-11-2010 19:03] [DI] C:\Users\Karloz\AppData\Roaming\Skype
      [ 18-02-2011 3:01] [ 26-11-2010 19:07] [DI] C:\Users\Karloz\AppData\Roaming\skypePM
      [13-07-2010 15:06] [03-07-2010 16:21] [DI] C:\Users\Karloz\AppData\Roaming\Snapfish
      [03-03-2012 22:30] [03-03-2012 21:48] [DI] C:\Users\Karloz\AppData\Roaming\Sony
      [12-12-2012 21:50] [12-12-2012 21:50] [DI] C:\Users\Karloz\AppData\Roaming\SUPERAntiSpyware.com
      [16-03-2010 19:41] [16-03-2010 19:41] [DI] C:\Users\Karloz\AppData\Roaming\Template
      [29-08-2012 15:33] [29-08-2012 15:33] [DI] C:\Users\Karloz\AppData\Roaming\TuneUp Software
      [ 04-07-2012 0:13] [ 04-07-2012 0:12] [DI] C:\Users\Karloz\AppData\Roaming\VideoLAN
      [28-05-2010 22:55] [28-05-2010 22:55] [DI] C:\Users\Karloz\AppData\Roaming\WinRAR
      C:\Users\Karloz\AppData\Roaming\wklnhst.dat [AI] 1,12 KB ( )
      [17-03-2010 20:05] [17-03-2010 20:05] [D] C:\Program Files (x86)\Ares
      [01-08-2011 18:17] [01-08-2011 18:17] [D] C:\Program Files (x86)\Bhelpuri
      [28-02-2010 0:55] [28-02-2010 0:55] [D] C:\Program Files (x86)\Cisco
      [28-02-2010 0:58] [28-02-2010 0:58] [D] C:\Program Files (x86)\Citrix
      [12-12-2012 21:11] [13-07-2009 23:20] [D] C:\Program Files (x86)\Common Files
      [24-04-2011 1:35] [26-03-2011 16:29] [D] C:\Program Files (x86)\ConduitEngine
      [01-02-2012 13:12] [28-02-2010 1:14] [D] C:\Program Files (x86)\Creative
      [28-02-2010 1:14] [28-02-2010 1:14] [D] C:\Program Files (x86)\Creative Live! Cam
      [28-02-2010 1:03] [28-02-2010 1:03] [D] C:\Program Files (x86)\CyberLink
      [16-03-2010 18:25] [16-03-2010 18:25] [D] C:\Program Files (x86)\Dell
      [01-02-2012 13:12] [28-02-2010 1:14] [D] C:\Program Files (x86)\Dell Webcam
      C:\Program Files (x86)\desktop.ini [HSA] 174 bytes( 0)
      [16-10-2012 20:30] [16-10-2012 20:30] [D] C:\Program Files (x86)\Direccion Del Trabajo
      [01-11-2012 21:12] [13-07-2010 22:19] [D] C:\Program Files (x86)\DivX
      [21-09-2012 9:56] [29-08-2010 20:50] [D] C:\Program Files (x86)\Google
      [01-02-2012 13:06] [28-02-2010 1:03] [HD] C:\Program Files (x86)\InstallShield Installation Information
      [27-02-2010 17:45] [27-02-2010 17:45] [D] C:\Program Files (x86)\Intel
      [12-12-2012 17:05] [13-07-2009 23:20] [D] C:\Program Files (x86)\Internet Explorer
      [22-03-2010 21:08] [22-03-2010 21:08] [D] C:\Program Files (x86)\K-Lite Codec Pack
      [06-11-2010 15:20] [06-11-2010 15:20] [D] C:\Program Files (x86)\Messenger Plus! Live
      [24-04-2011 1:35] [26-03-2011 16:29] [D] C:\Program Files (x86)\Messenger_Plus_LATAM
      [12-12-2012 17:04] [10-01-2012 0:36] [D] C:\Program Files (x86)\Microsoft
      [21-06-2011 18:12] [21-06-2011 17:32] [D] C:\Program Files (x86)\Microsoft Antimalware
      [29-06-2011 21:05] [28-02-2010 1:05] [D] C:\Program Files (x86)\Microsoft Office
      [27-09-2012 0:26] [21-06-2011 18:12] [D] C:\Program Files (x86)\Microsoft Security Client
      [19-05-2012 1:27] [19-05-2012 1:27] [D] C:\Program Files (x86)\Microsoft Silverlight
      [30-09-2010 17:44] [30-09-2010 17:44] [D] C:\Program Files (x86)\Microsoft Visual Studio
      [30-09-2010 17:36] [30-09-2010 17:35] [D] C:\Program Files (x86)\Microsoft Visual Studio 8
      [09-11-2010 0:41] [30-09-2010 17:42] [D] C:\Program Files (x86)\Microsoft.NET
      [14-03-2012 19:12] [14-03-2012 19:12] [D] C:\Program Files (x86)\Movie Maker 2.6
      [31-03-2012 16:15] [31-03-2012 16:15] [D] C:\Program Files (x86)\Mozilla Firefox
      [30-09-2010 17:44] [14-07-2009 1:32] [D] C:\Program Files (x86)\MSBuild
      [06-07-2010 0:24] [06-07-2010 0:24] [D] C:\Program Files (x86)\MSECache
      [11-04-2011 0:21] [11-04-2011 0:21] [D] C:\Program Files (x86)\MSXML 4.0
      [29-08-2010 20:50] [29-08-2010 20:50] [D] C:\Program Files (x86)\PhotoScape
      [14-07-2009 1:32] [14-07-2009 1:32] [D] C:\Program Files (x86)\Reference Assemblies
      [14-07-2009 0:57] [14-07-2009 0:57] [HD] C:\Program Files (x86)\Uninstall Information
      [04-07-2012 0:13] [04-07-2012 0:13] [D] C:\Program Files (x86)\VideoLAN
      [14-07-2009 5:30] [14-07-2009 1:32] [D] C:\Program Files (x86)\Windows Defender
      [13-04-2012 19:45] [16-03-2010 19:24] [D] C:\Program Files (x86)\Windows Live
      [25-05-2011 23:25] [13-07-2009 23:20] [D] C:\Program Files (x86)\Windows Mail
      [04-07-2012 0:12] [14-07-2009 1:32] [D] C:\Program Files (x86)\Windows Media Player
      [14-07-2009 1:32] [13-07-2009 23:20] [D] C:\Program Files (x86)\Windows NT
      [25-05-2011 23:25] [14-07-2009 1:32] [D] C:\Program Files (x86)\Windows Photo Viewer
      [25-05-2011 23:25] [14-07-2009 1:32] [D] C:\Program Files (x86)\Windows Portable Devices
      [25-05-2011 23:25] [14-07-2009 1:32] [D] C:\Program Files (x86)\Windows Sidebar
      [28-05-2010 21:55] [28-05-2010 21:55] [D] C:\Program Files (x86)\WinRAR
      [24-04-2011 1:33] [24-04-2011 1:33] [D] C:\Program Files (x86)\Yuna Software
      [27-04-2010 17:46] [27-04-2010 17:46] [D] C:\ProgramData\Ahead
      [22-09-2011 19:19] [22-09-2011 19:19] [DI] C:\ProgramData\Apple
      [14-07-2009 1:08] [14-07-2009 1:08] [HSDLI] C:\ProgramData\Application Data
      [31-03-2012 16:15] [31-03-2012 16:14] [DI] C:\ProgramData\CodecC
      [29-08-2012 15:36] [29-08-2012 15:36] [HD] C:\ProgramData\Common Files
      [16-03-2010 18:48] [16-03-2010 18:43] [DI] C:\ProgramData\Creative
      [16-03-2010 19:11] [16-03-2010 18:52] [DI] C:\ProgramData\CyberLink
      [16-03-2010 18:14] [16-03-2010 18:14] [HSDLI] C:\ProgramData\Datos de programa
      [02-03-2011 22:15] [28-02-2010 0:53] [DI] C:\ProgramData\Dell
      [14-07-2009 1:08] [14-07-2009 1:08] [HSDLI] C:\ProgramData\Desktop
      [01-11-2012 21:12] [13-07-2010 22:18] [DI] C:\ProgramData\DivX
      [16-03-2010 18:14] [16-03-2010 18:14] [HSDLI] C:\ProgramData\Documentos
      [14-07-2009 1:08] [14-07-2009 1:08] [HSDLI] C:\ProgramData\Documents
      [24-11-2012 14:22] [24-11-2012 0:56] [DI] C:\ProgramData\Download and Sa
      [16-03-2010 18:14] [16-03-2010 18:14] [HSDLI] C:\ProgramData\Escritorio
      C:\ProgramData\ezsidmv.dat [HAI] 56 bytes 0
      [14-07-2009 1:08] [14-07-2009 1:08] [HSDLI] C:\ProgramData\Favorites
      [16-03-2010 18:14] [16-03-2010 18:14] [HSDLI] C:\ProgramData\Favoritos
      [20-09-2012 18:26] [29-08-2010 20:50] [DI] C:\ProgramData\Google
      [04-01-2012 23:40] [04-01-2012 23:40] [DI] C:\ProgramData\Hewlett-Packard
      [16-03-2012 16:40] [24-05-2011 16:58] [DI] C:\ProgramData\HP
      [24-11-2012 0:57] [31-03-2012 16:14] [DI] C:\ProgramData\InstallMate
      [28-02-2010 1:13] [28-02-2010 1:13] [DI] C:\ProgramData\Macrovision
      [21-06-2011 17:28] [28-02-2010 1:11] [DI] C:\ProgramData\McAfee
      [16-03-2010 18:14] [16-03-2010 18:14] [HSDLI] C:\ProgramData\Menú Inicio
      [20-02-2012 9:40] [24-04-2011 1:35] [DI] C:\ProgramData\Messenger Plus!
      [12-12-2012 17:04] [13-07-2009 23:20] [DI] C:\ProgramData\Microsoft
      [11-12-2012 22:54] [28-02-2010 1:06] [DI] C:\ProgramData\Microsoft Help
      [30-09-2011 19:21] [30-09-2011 19:21] [DI] C:\ProgramData\NCH Swift Sound
      [14-03-2012 15:06] [10-04-2011 14:32] [DI] C:\ProgramData\Nero
      [24-05-2011 20:53] [28-02-2010 0:58] [DI] C:\ProgramData\PCDr
      [16-03-2010 18:14] [16-03-2010 18:14] [HSDLI] C:\ProgramData\Plantillas
      [31-03-2012 16:15] [31-03-2012 16:15] [DI] C:\ProgramData\Premium
      [29-10-2010 23:39] [26-09-2010 13:54] [DI] C:\ProgramData\QuestBrowser
      [01-02-2011 20:01] [26-11-2010 19:03] [DI] C:\ProgramData\Skype
      [28-02-2010 1:14] [28-02-2010 1:13] [DI] C:\ProgramData\Sonic
      [03-03-2012 21:58] [03-03-2012 21:58] [DI] C:\ProgramData\Sony
      [12-06-2012 18:56] [12-06-2012 18:56] [DI] C:\ProgramData\Soulseek
      [14-07-2009 1:08] [14-07-2009 1:08] [HSDLI] C:\ProgramData\Start Menu
      [11-04-2010 15:29] [11-04-2010 15:29] [DI] C:\ProgramData\Sun
      [14-07-2009 1:08] [14-07-2009 1:08] [HSDLI] C:\ProgramData\Templates
      [29-08-2012 15:33] [29-08-2012 15:31] [DI] C:\ProgramData\TuneUp Software
      [08-06-2010 13:31] [30-03-2010 23:16] [DI] C:\ProgramData\WinZip
      [29-08-2012 15:31] [29-08-2012 15:31] [HSD] C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
      [22-09-2011 19:21] [22-09-2011 19:21] [DI] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
      [25-12-2011 1:10] [25-12-2011 1:10] [DI] C:\ProgramData\{F0489EF2-D393-4114-85BA-A94D71D89543}

      ==================== EOF ==================

    4. #4
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.112

      Re: Adware cada vez que abro IE

      Hola


      Si tenes el sistema operativo Actualizado, vas a usar la Herramienta Microsoft Malicious Software Removal Tool.

      Vas a Inicio --- Ejecutar y escribis MRT

      Haces un escaneo completo del sistema y eliminas Todo lo que encuentre.


      Si Tu sistema No está Actualizado, y no podes actualizarlo, Seguí El Manual de Esta Herramienta Para descargarla y Ejecutarla.



      Nos comentas como sigue.


      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de charles
      Registrado
      dic 2012
      Ubicación
      chile
      Mensajes
      6

      Re: Adware cada vez que abro IE

      realice lo que me recomendaste y no arrojo nada. sigue todo igual, vi los detalles de la ubicación del adware y me sale asi
      c:/users/Karloz/appdata/local/microsoft/windows/temporaryinternetfiles/low/content.IE5/M6MLL0PV/fs[1].js

      lo que esta en rojo cambia cada vez que aparece un aviso de alerta nuevo.

    6. #6
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.112

      Re: Adware cada vez que abro IE

      Hola




      Descargá la herramienta ComboFix.exe a Tu escritorio.

      • Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus
      • Cerrá todas las ventanas abiertas.
      • Hacá doble clic en el archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generará un registro en C:\ComboFix.txt.




      Notas Importantes:

      • Mientras CF este trabajando, no debes mover el mouse ya que pararía su proceso.
      • ComboFix Puede Reiniciar automáticamente el PC para completar el proceso de eliminación.
      • Una vez Terminado el Trabajo de ComboFix, podes activar Tu antivirus.
      • No Pongas los Reportes Dentro de Etiquetas Code ni HTML.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.



      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de charles
      Registrado
      dic 2012
      Ubicación
      chile
      Mensajes
      6

      Re: Adware cada vez que abro IE

      Hola!
      Lamentablemente sigue ocurriendo el mismo problema, pero ahora ademas al abrir internet aparece una advertencia
      que dice que voy abandonar una conexion segura a internet, y es posible que otras personas vean mi informacion.

      este es el reporte que dio el programa:

      ComboFix 12-12-13.02 - Karloz 13-12-2012 18:48:45.1.4 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.56.3082.18.2933.1420 [GMT -3:00]
      Running from: c:\users\Karloz\Desktop\ComboFix.exe
      AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
      SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\Download and Sa
      c:\programdata\Download and Sa\50b045c3aa0de.ocx
      c:\programdata\Download and Sa\50b045c3aa117.html
      c:\programdata\Download and Sa\50b045c3aa14f.js
      c:\programdata\Download and Sa\jmcegipepmgdepdbdhglgcboebcncdmg.crx
      c:\programdata\Download and Sa\settings.ini
      c:\programdata\QuestBrowser
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
      .
      .
      2012-12-13 22:14 . 2012-12-13 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-12-13 21:44 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B41B1AB2-139E-4914-BFB2-5F06042B83E0}\mpengine.dll
      2012-12-13 18:37 . 2012-12-13 18:50 -------- d-----w- C:\_AT-Destroyer
      2012-12-13 17:46 . 2012-12-13 17:45 289768 ----a-w- c:\windows\system32\javaws.exe
      2012-12-13 17:46 . 2012-12-13 17:45 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
      2012-12-13 17:46 . 2012-12-13 17:45 916456 ----a-w- c:\windows\system32\deployJava1.dll
      2012-12-13 17:46 . 2012-12-13 17:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
      2012-12-13 17:46 . 2012-12-13 17:45 189416 ----a-w- c:\windows\system32\javaw.exe
      2012-12-13 17:46 . 2012-12-13 17:45 188904 ----a-w- c:\windows\system32\java.exe
      2012-12-13 17:45 . 2012-12-13 17:45 -------- d-----w- c:\program files\Java
      2012-12-13 00:50 . 2012-12-13 00:50 -------- d-----w- c:\users\Karloz\AppData\Roaming\SUPERAntiSpyware.com
      2012-12-12 19:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2012-12-12 19:19 . 2012-12-12 19:20 -------- d-----w- c:\windows\rescache
      2012-12-11 21:34 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-12-11 21:33 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
      2012-12-11 21:33 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
      2012-12-09 18:19 . 2012-12-09 18:19 -------- d-----w- c:\program files\CPUID
      2012-11-29 19:14 . 2012-11-29 19:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{782CD03D-821A-4441-8BCC-45697487C96F}\gapaengine.dll
      2012-11-15 03:11 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\es-ES\wdf01000.sys.mui
      2012-11-15 03:11 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
      2012-11-15 03:11 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
      2012-11-15 03:11 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
      2012-11-15 02:56 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
      2012-11-15 02:56 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
      2012-11-15 02:56 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
      2012-11-15 02:56 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
      2012-11-15 02:56 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
      2012-11-15 02:56 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
      2012-11-15 02:56 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
      2012-11-14 17:09 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
      2012-11-14 17:09 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-12-12 01:54 . 2010-03-20 00:36 67413224 ----a-w- c:\windows\system32\MRT.exe
      2012-12-11 18:43 . 2012-03-31 13:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-12-11 18:43 . 2011-05-17 15:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-10-16 08:38 . 2012-11-27 19:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
      2012-10-16 08:38 . 2012-11-27 19:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
      2012-10-16 07:39 . 2012-11-27 19:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
      2012-10-04 16:40 . 2012-12-11 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
      2012-09-28 01:17 . 2011-08-11 21:32 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
      2012-09-24 18:32 . 2012-07-02 15:57 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
      2012-09-24 18:32 . 2010-05-15 04:21 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3B8EAD04-3866-4FB0-89E0-634F1BFA25F3}]
      2012-03-28 17:34 140800 ----a-w- c:\programdata\CodecC\bhoclass.dll
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{585941d7-21fa-4e24-8281-c134bfa894c1}]
      2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Messenger_Plus_LATAM\prxtbMess.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{585941d7-21fa-4e24-8281-c134bfa894c1}"= "c:\program files (x86)\Messenger_Plus_LATAM\prxtbMess.dll" [2011-01-17 175912]
      .
      [HKEY_CLASSES_ROOT\clsid\{585941d7-21fa-4e24-8281-c134bfa894c1}]
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 94208 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 94208 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 94208 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ares"="c:\program files (x86)\Ares\Ares.exe" [2008-12-13 882176]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
      "Facebook Update"="c:\users\Karloz\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
      "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]
      .
      c:\users\Karloz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
      Dropbox.lnk - c:\users\Karloz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
      .
      c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
      R3 netr7364;Controlador de tarjeta LAN inalámbrica USB RT73 para Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
      R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
      R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1255736]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-06-09 55856]
      S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
      S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
      S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
      S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
      S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
      S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:43]
      .
      2012-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4009809174-2574073245-2453878831-1001Core.job
      - c:\users\Karloz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-09 02:43]
      .
      2012-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4009809174-2574073245-2453878831-1001UA.job
      - c:\users\Karloz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-09 02:43]
      .
      2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 00:52]
      .
      2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 00:52]
      .
      2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4009809174-2574073245-2453878831-1001Core.job
      - c:\users\Karloz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 19:01]
      .
      2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4009809174-2574073245-2453878831-1001UA.job
      - c:\users\Karloz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 19:01]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 97792 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 97792 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 97792 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2012-06-30 04:19 97792 ----a-w- c:\users\Karloz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
      "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.cl/
      mStart Page = www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
      mSearchAssistant =
      TCP: DhcpNameServer = 192.168.1.1
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
      Toolbar-Locked - (no file)
      WebBrowser-{585941D7-21FA-4E24-8281-C134BFA894C1} - (no file)
      WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
      AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
      "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
      00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-12-13 19:16:40
      ComboFix-quarantined-files.txt 2012-12-13 22:16
      .
      Pre-Run: 3.586.801.664 bytes libres
      Post-Run: 3.436.711.936 bytes libres
      .
      - - End Of File - - C5D3C586EED5EC6E37CA811B5494FD7D

    8. #8
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.112

      Re: Adware cada vez que abro IE

      Hola de nuevo


      Realiza lo siguiente :

      • Clic en INICIO > EJECUTAR >
        • Y ahí pones notepad.exe y ACEPTAR
        • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad


      Código:
      KillAll::
      ClearJavaCache::
      File::
      c:\programdata\CodecC\bhoclass.dll
      c:\program files (x86)\Messenger_Plus_LATAM\prxtbMess.dll
      Folder::
      c:\programdata\CodecC
      DDS::
      mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
      Registry::
      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3B8EAD04-3866-4FB0-89E0-634F1BFA25F3}]
      [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{585941d7-21fa-4e24-8281-c134bfa894c1}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{585941d7-21fa-4e24-8281-c134bfa894c1}"=-
      [-HKEY_CLASSES_ROOT\clsid\{585941d7-21fa-4e24-8281-c134bfa894c1}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "PlusService"=-


      • Guarda este archivo con el nombre CFScript.txt
      • Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.



      • ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.




      Después de reiniciar, comprobas en funcionamiento y nos comentás.



      saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de charles
      Registrado
      dic 2012
      Ubicación
      chile
      Mensajes
      6

      Re: Adware cada vez que abro IE

      Hola!

      Esta vez funciono, el aviso ya no aparece mas, lamentablemente no alcance a guardar el reporte, pero al menos el problema se soluciono. muchisimas gracias por tu ayuda!!

    10. #10
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.112

      Re: Adware cada vez que abro IE

      Hola

      Desinstalá CF de la siguiente manera:
      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Si No podes desinstalalrlo asì, Descargá OTC.exe en el escritorio.

      Lo ejecutás y presionás Cleanup para Desinstalar ComboFix y sus carpetas creadas.

      Eso reiniciará tu pc.



      Nos comentas como sigue Todo ahora



      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo