• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 24

    virus en services.exe

    Pues disculpe hize todo eso pero cuando se reinicio ya no estaba OTL y no se abrio ningun reporte...

    1. #11
      Usuario Avatar de RyGarT
      Registrado
      nov 2011
      Ubicación
      Cajamarca
      Mensajes
      14

      Re: virus en services.exe

      Pues disculpe hize todo eso pero cuando se reinicio ya no estaba OTL y no se abrio ningun reporte

    2. #12
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: virus en services.exe

      Ubica el reporte en C:\_OTL\MovedFiles\***_***.log (Donde sale "***_***" es la fecha y hora)

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de RyGarT
      Registrado
      nov 2011
      Ubicación
      Cajamarca
      Mensajes
      14

      Re: virus en services.exe

      All processes killed
      ========== OTL ==========
      Prefs.js: %7BB821BF60-5C2D-41EB-92DC-3E4CCD3A22E4%7D:3.0 removed from extensions.enabledAddons
      Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 removed from extensions.enabledAddons
      Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
      C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll moved successfully.
      Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ deleted successfully.
      File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
      Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
      File C:\Program Files (x86)\Iminent\[email protected] not found.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
      C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
      Registry value HKEY_USERS\S-1-5-21-2200019568-3828982897-1709191539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
      Registry value HKEY_USERS\S-1-5-21-2200019568-3828982897-1709191539-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
      C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
      Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn deleted successfully.
      Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn_XP deleted successfully.
      Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn deleted successfully.
      Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP deleted successfully.
      Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn not found.
      Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn_XP not found.
      Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn not found.
      Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP not found.
      Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-21-2200019568-3828982897-1709191539-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
      Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
      File Protocol\Handler\livecall - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
      File Protocol\Handler\ms-help - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
      File Protocol\Handler\msnim - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
      File Protocol\Handler\skype4com - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
      File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
      File Protocol\Handler\livecall - No CLSID value found not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
      File Protocol\Handler\msnim - No CLSID value found not found.
      64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      C:\Users\DAVID\Desktop\OTL.exe moved successfully.
      C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2200019568-3828982897-1709191539-1000UA.job moved successfully.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2200019568-3828982897-1709191539-1000UA.job moved successfully.
      File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
      File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
      C:\Windows\SysWOW64\zzmbkjttcv.ini moved successfully.
      C:\Windows\SysWOW64\zyadeizbstq.ini moved successfully.
      C:\Windows\SysWOW64\zvxuplfqaiv.dat moved successfully.
      C:\Windows\SysWOW64\zmulmsalvp.ini moved successfully.
      C:\Windows\SysWOW64\zmpm.dat moved successfully.
      C:\Windows\SysWOW64\zlvlgaoro.dat moved successfully.
      C:\Windows\SysWOW64\zhbezzk.ini moved successfully.
      C:\Windows\SysWOW64\zgtn.dat moved successfully.
      C:\Windows\SysWOW64\zbu.ini moved successfully.
      C:\Windows\SysWOW64\yztg.dat moved successfully.
      C:\Windows\SysWOW64\ywcotf.ini moved successfully.
      C:\Windows\SysWOW64\yruogei.ini moved successfully.
      C:\Windows\SysWOW64\yqwnxmuqkr.ini moved successfully.
      C:\Windows\SysWOW64\ynbpico.ini moved successfully.
      C:\Windows\SysWOW64\yft.ini moved successfully.
      C:\Windows\SysWOW64\yfguqg.dat moved successfully.
      C:\Windows\SysWOW64\yfddtyco.ini moved successfully.
      C:\Windows\SysWOW64\yeqc.ini moved successfully.
      C:\Windows\SysWOW64\ybcwdcj.ini moved successfully.
      C:\Windows\SysWOW64\xrjmwls.ini moved successfully.
      C:\Windows\SysWOW64\xratz.ini moved successfully.
      C:\Windows\SysWOW64\xnrwoffi.ini moved successfully.
      C:\Windows\SysWOW64\xkiazoygsu.dat moved successfully.
      C:\Windows\SysWOW64\xitroqxj.dat moved successfully.
      C:\Windows\xibfo.dat moved successfully.
      C:\Windows\SysWOW64\xhxj.ini moved successfully.
      C:\Windows\SysWOW64\xhliavnncf.ini moved successfully.
      C:\Windows\SysWOW64\xhi.dat moved successfully.
      C:\Windows\SysWOW64\xhepiahgu.ini moved successfully.
      C:\Windows\SysWOW64\xei.ini moved successfully.
      C:\Windows\SysWOW64\xdu.dat moved successfully.
      C:\Windows\SysWOW64\xbwudob.ini moved successfully.
      C:\Windows\SysWOW64\xbeumyws.ini moved successfully.
      C:\Windows\SysWOW64\xabxrnwognq.ini moved successfully.
      C:\Windows\SysWOW64\wztapis.ini moved successfully.
      C:\Windows\SysWOW64\wvpmojcpagc.ini moved successfully.
      C:\Windows\SysWOW64\wvmaql.ini moved successfully.
      C:\Windows\SysWOW64\wuienx.ini moved successfully.
      C:\Windows\SysWOW64\wtkvqxla.ini moved successfully.
      C:\Windows\SysWOW64\wmcwjfwebcg.dat moved successfully.
      C:\Windows\SysWOW64\wmaeoulj.ini moved successfully.
      C:\Windows\SysWOW64\wjjkwjxof.dat moved successfully.
      C:\Windows\SysWOW64\wjd.ini moved successfully.
      C:\Windows\SysWOW64\wgfzxqxc.dat moved successfully.
      C:\Windows\SysWOW64\vwx.ini moved successfully.
      C:\Windows\SysWOW64\vwvpxtf.dat moved successfully.
      C:\Windows\SysWOW64\vuzy.ini moved successfully.
      C:\Windows\SysWOW64\vtccpjjxhbl.ini moved successfully.
      C:\Windows\SysWOW64\vpymgh.ini moved successfully.
      C:\Windows\SysWOW64\vky.dat moved successfully.
      C:\Windows\SysWOW64\vhgdwwy.ini moved successfully.
      C:\Windows\SysWOW64\vexcv.ini moved successfully.
      C:\Windows\SysWOW64\vekhfmquvd.dat moved successfully.
      C:\Windows\SysWOW64\uvhkeoo.dat moved successfully.
      C:\Windows\SysWOW64\uuknvmo.ini moved successfully.
      C:\Windows\SysWOW64\upqsk.dat moved successfully.
      C:\Windows\SysWOW64\ujupkolaxz.ini moved successfully.
      C:\Windows\SysWOW64\uilhoi.dat moved successfully.
      C:\Windows\SysWOW64\uhgxcxne.ini moved successfully.
      C:\Windows\SysWOW64\ugh.ini moved successfully.
      C:\Windows\SysWOW64\udixx.ini moved successfully.
      C:\Windows\SysWOW64\ubomomrwsdk.dat moved successfully.
      C:\Windows\SysWOW64\uaqqwmjt.ini moved successfully.
      C:\Windows\SysWOW64\tubh.ini moved successfully.
      C:\Windows\SysWOW64\tttpgilubhz.ini moved successfully.
      C:\Windows\SysWOW64\tmksiwyo.ini moved successfully.
      C:\Windows\SysWOW64\tjerrruiu.ini moved successfully.
      C:\Windows\SysWOW64\tixbprzs.dat moved successfully.
      C:\Windows\SysWOW64\tgysztaa.ini moved successfully.
      C:\Windows\SysWOW64\tgp.dat moved successfully.
      C:\Windows\SysWOW64\tcu.ini moved successfully.
      C:\Windows\SysWOW64\szanch.dat moved successfully.
      C:\Windows\SysWOW64\swrosmstc.ini moved successfully.
      C:\Windows\SysWOW64\swmx.dat moved successfully.
      C:\Windows\SysWOW64\svh.dat moved successfully.
      C:\Windows\SysWOW64\surl.ini moved successfully.
      C:\Windows\SysWOW64\sthnpbr.ini moved successfully.
      C:\Windows\SysWOW64\srt.ini moved successfully.
      C:\Windows\SysWOW64\sqrvkkbktxz.dat moved successfully.
      C:\Windows\SysWOW64\sntlrnm.dat moved successfully.
      C:\Windows\SysWOW64\slfzi.ini moved successfully.
      C:\Windows\SysWOW64\skjqlknoa.ini moved successfully.
      C:\Windows\SysWOW64\skcx.dat moved successfully.
      C:\Windows\SysWOW64\sjzadmi.ini moved successfully.
      C:\Windows\SysWOW64\sfsz.dat moved successfully.
      C:\Windows\SysWOW64\rzuc.ini moved successfully.
      C:\Windows\SysWOW64\rvitifkhda.ini moved successfully.
      C:\Windows\SysWOW64\ruwy.dat moved successfully.
      C:\Windows\SysWOW64\rumiqlhw.dat moved successfully.
      C:\Windows\SysWOW64\rtsquze.dat moved successfully.
      C:\Windows\SysWOW64\rpz.ini moved successfully.
      C:\Windows\rnni.ini moved successfully.
      C:\Windows\SysWOW64\rnaxcorvnpm.ini moved successfully.
      C:\Windows\SysWOW64\rmkgnn.ini moved successfully.
      C:\Windows\SysWOW64\riffaw.ini moved successfully.
      C:\Windows\SysWOW64\rifbww.ini moved successfully.
      C:\Windows\SysWOW64\rhw.dat moved successfully.
      C:\Windows\SysWOW64\rfbddh.dat moved successfully.
      C:\Windows\refyhravcw.dat moved successfully.
      C:\Windows\SysWOW64\rckntimj.dat moved successfully.
      C:\Windows\SysWOW64\rbou.dat moved successfully.
      C:\Windows\SysWOW64\qzegqoobxiy.ini moved successfully.
      C:\Windows\SysWOW64\qxbus.dat moved successfully.
      C:\Windows\SysWOW64\qttwzyei.dat moved successfully.
      C:\Windows\SysWOW64\qsopsnklrnj.dat moved successfully.
      C:\Windows\SysWOW64\qrpcq.dat moved successfully.
      C:\Windows\SysWOW64\qqqt.ini moved successfully.
      C:\Windows\SysWOW64\qqqewpfdl.ini moved successfully.
      C:\Windows\SysWOW64\qpghwlpi.ini moved successfully.
      C:\Windows\SysWOW64\qnretzig.ini moved successfully.
      C:\Windows\SysWOW64\qheefqe.dat moved successfully.
      C:\Windows\qgqkumwr.ini moved successfully.
      C:\Windows\SysWOW64\qbdvroefxtf.ini moved successfully.
      C:\Windows\pxluctu.dat moved successfully.
      C:\Windows\SysWOW64\pvsbacopgo.ini moved successfully.
      C:\Windows\SysWOW64\puxozpwjj.dat moved successfully.
      C:\Windows\SysWOW64\ptfcgaof.dat moved successfully.
      C:\Windows\SysWOW64\psxulyb.ini moved successfully.
      C:\Windows\SysWOW64\psuezqksw.dat moved successfully.
      C:\Windows\SysWOW64\pqognjycvt.dat moved successfully.
      C:\Windows\SysWOW64\pqjjgvrcrr.ini moved successfully.
      C:\Windows\SysWOW64\pplmagu.ini moved successfully.
      C:\Windows\SysWOW64\pjtdqi.ini moved successfully.
      C:\Windows\SysWOW64\phcioojd.ini moved successfully.
      C:\Windows\SysWOW64\pefaimbebk.ini moved successfully.
      C:\Windows\SysWOW64\pedcjlq.ini moved successfully.
      C:\Windows\SysWOW64\pcpmvigyknw.dat moved successfully.
      C:\Windows\SysWOW64\pclkwlz.ini moved successfully.
      C:\Windows\SysWOW64\pathdekgnl.dat moved successfully.
      C:\Windows\SysWOW64\oxxpcqneqfk.dat moved successfully.
      C:\Windows\SysWOW64\ousspnt.ini moved successfully.
      C:\Windows\SysWOW64\otvbczqzr.dat moved successfully.
      C:\Windows\SysWOW64\otorwgb.ini moved successfully.
      C:\Windows\SysWOW64\oofzxmm.dat moved successfully.
      C:\Windows\SysWOW64\oofsbkfk.ini moved successfully.
      C:\Windows\SysWOW64\ooaomuyhvz.ini moved successfully.
      C:\Windows\SysWOW64\onuhfaqdr.dat moved successfully.
      C:\Windows\SysWOW64\olhdsirhbjm.dat moved successfully.
      C:\Windows\SysWOW64\olcfhmx.ini moved successfully.
      C:\Windows\SysWOW64\okbzdweogsf.ini moved successfully.
      C:\Windows\SysWOW64\oicryjbsxhd.ini moved successfully.
      C:\Windows\SysWOW64\ogn.ini moved successfully.
      C:\Windows\SysWOW64\ogknbwh.ini moved successfully.
      C:\Windows\SysWOW64\ocduhsoaeky.ini moved successfully.
      C:\Windows\SysWOW64\ntpp.ini moved successfully.
      C:\Windows\SysWOW64\npuailglpt.dat moved successfully.
      C:\Windows\SysWOW64\netcd.ini moved successfully.
      C:\Windows\SysWOW64\ndpxrjvfik.dat moved successfully.
      C:\Windows\SysWOW64\narceunvfsr.ini moved successfully.
      C:\Windows\SysWOW64\mxdvmytw.ini moved successfully.
      C:\Windows\SysWOW64\mwzhlh.ini moved successfully.
      C:\Windows\SysWOW64\mwuwz.dat moved successfully.
      C:\Windows\SysWOW64\mvhxlyyr.dat moved successfully.
      C:\Windows\SysWOW64\mpuqpwyjjoe.ini moved successfully.
      C:\Windows\SysWOW64\mlfml.ini moved successfully.
      C:\Windows\SysWOW64\minowwpnhw.dat moved successfully.
      C:\Windows\SysWOW64\mhymnl.ini moved successfully.
      C:\Windows\SysWOW64\mhefcltipun.ini moved successfully.
      C:\Windows\SysWOW64\mflohpswrxl.dat moved successfully.
      C:\Windows\SysWOW64\mcrrrdylbyb.dat moved successfully.
      C:\Windows\SysWOW64\mbufohzbd.dat moved successfully.
      C:\Windows\SysWOW64\mbpbf.ini moved successfully.
      C:\Windows\SysWOW64\maynwlp.ini moved successfully.
      C:\Windows\SysWOW64\lxjydaq.dat moved successfully.
      C:\Windows\SysWOW64\lwcnbd.ini moved successfully.
      C:\Windows\SysWOW64\lvzw.dat moved successfully.
      C:\Windows\SysWOW64\lvjfqnrfy.dat moved successfully.
      C:\Windows\SysWOW64\lqya.dat moved successfully.
      C:\Windows\SysWOW64\lnm.ini moved successfully.
      C:\Windows\SysWOW64\lmkwvtfa.ini moved successfully.
      C:\Windows\SysWOW64\liif.ini moved successfully.
      C:\Windows\SysWOW64\lhlcj.ini moved successfully.
      C:\Windows\SysWOW64\lffhqjpt.dat moved successfully.
      C:\Windows\SysWOW64\ldna.ini moved successfully.
      C:\Windows\SysWOW64\ktkvvqws.dat moved successfully.
      C:\Windows\kragnbr.dat moved successfully.
      C:\Windows\SysWOW64\kppamcnflm.dat moved successfully.
      C:\Windows\SysWOW64\kokjkgnayl.dat moved successfully.
      C:\Windows\SysWOW64\knk.ini moved successfully.
      C:\Windows\SysWOW64\kkrk.ini moved successfully.
      C:\Windows\SysWOW64\kjvzwobzke.ini moved successfully.
      C:\Windows\SysWOW64\kgqeevfnt.dat moved successfully.
      C:\Windows\SysWOW64\kfkegdfzsmf.dat moved successfully.
      C:\Windows\SysWOW64\kblu.ini moved successfully.
      C:\Windows\SysWOW64\kaddzumq.ini moved successfully.
      C:\Windows\SysWOW64\jxqxva.ini moved successfully.
      C:\Windows\SysWOW64\jvpytddxshm.ini moved successfully.
      C:\Windows\SysWOW64\jvanbm.ini moved successfully.
      C:\Windows\SysWOW64\jscxtijpp.ini moved successfully.
      C:\Windows\SysWOW64\jecbuzopv.ini moved successfully.
      C:\Windows\SysWOW64\jazdltqdat.ini moved successfully.
      C:\Windows\SysWOW64\ixrmyzmuf.ini moved successfully.
      C:\Windows\SysWOW64\ivz.ini moved successfully.
      C:\Windows\SysWOW64\itshnv.ini moved successfully.
      C:\Windows\SysWOW64\ithugwck.dat moved successfully.
      C:\Windows\SysWOW64\isnvgwxvzx.ini moved successfully.
      C:\Windows\SysWOW64\imisiwl.ini moved successfully.
      C:\Windows\SysWOW64\ilppyukvb.ini moved successfully.
      C:\Windows\SysWOW64\ikvd.ini moved successfully.
      C:\Windows\SysWOW64\ifvbafbi.dat moved successfully.
      C:\Windows\SysWOW64\iduxw.ini moved successfully.
      C:\Windows\SysWOW64\ict.ini moved successfully.
      C:\Windows\SysWOW64\ibqvywo.ini moved successfully.
      C:\Windows\SysWOW64\hxpuo.dat moved successfully.
      C:\Windows\SysWOW64\hxokmtz.ini moved successfully.
      C:\Windows\SysWOW64\hulemjbpzih.dat moved successfully.
      C:\Windows\SysWOW64\htzs.dat moved successfully.
      C:\Windows\SysWOW64\htubwk.ini moved successfully.
      C:\Windows\SysWOW64\hrfumedgw.ini moved successfully.
      C:\Windows\SysWOW64\hqwxnfwmq.ini moved successfully.
      C:\Windows\SysWOW64\hoboh.dat moved successfully.
      C:\Windows\SysWOW64\hmzimwaq.dat moved successfully.
      C:\Windows\SysWOW64\hiushfclfla.ini moved successfully.
      C:\Windows\SysWOW64\hhxjfatux.dat moved successfully.
      C:\Windows\SysWOW64\hgu.ini moved successfully.
      C:\Windows\SysWOW64\hgdxppghmnp.dat moved successfully.
      C:\Windows\SysWOW64\hfaptb.dat moved successfully.
      C:\Windows\SysWOW64\hbqnkzjqm.dat moved successfully.
      C:\Windows\SysWOW64\gzswrdxw.ini moved successfully.
      C:\Windows\SysWOW64\gxveh.dat moved successfully.
      C:\Windows\SysWOW64\gxiglgpq.ini moved successfully.
      C:\Windows\SysWOW64\gwegf.dat moved successfully.
      C:\Windows\SysWOW64\gswxesatox.ini moved successfully.
      C:\Windows\SysWOW64\gksspjwk.dat moved successfully.
      C:\Windows\SysWOW64\gjrxn.dat moved successfully.
      C:\Windows\SysWOW64\giemuzl.ini moved successfully.
      C:\Windows\SysWOW64\ghdvcccqxcv.ini moved successfully.
      C:\Windows\SysWOW64\ggjxmqh.ini moved successfully.
      C:\Windows\SysWOW64\gecrm.ini moved successfully.
      C:\Windows\SysWOW64\gcgii.ini moved successfully.
      C:\Windows\SysWOW64\gbx.ini moved successfully.
      C:\Windows\SysWOW64\fzzu.dat moved successfully.
      C:\Windows\SysWOW64\fyvyvw.ini moved successfully.
      C:\Windows\SysWOW64\fqat.dat moved successfully.
      C:\Windows\SysWOW64\fnyj.ini moved successfully.
      C:\Windows\SysWOW64\fnxe.dat moved successfully.
      C:\Windows\SysWOW64\fmlgoxxnn.ini moved successfully.
      C:\Windows\SysWOW64\fkuuzbgv.dat moved successfully.
      C:\Windows\SysWOW64\fhagevihj.dat moved successfully.
      C:\Windows\fas.ini moved successfully.
      C:\Windows\SysWOW64\ezafudvoiyt.ini moved successfully.
      C:\Windows\err.ini moved successfully.
      C:\Windows\SysWOW64\epuzw.ini moved successfully.
      C:\Windows\SysWOW64\ehe.dat moved successfully.
      C:\Windows\SysWOW64\egskehx.ini moved successfully.
      C:\Windows\eewo.ini moved successfully.
      C:\Windows\SysWOW64\eesejbzog.ini moved successfully.
      C:\Windows\SysWOW64\edsljcdivuy.ini moved successfully.
      C:\Windows\ecisfvuhpa.ini moved successfully.
      C:\Windows\SysWOW64\dxrnzku.ini moved successfully.
      C:\Windows\SysWOW64\dqajfj.ini moved successfully.
      C:\Windows\SysWOW64\dmuuqmc.ini moved successfully.
      C:\Windows\SysWOW64\dmtlsnues.dat moved successfully.
      C:\Windows\SysWOW64\dkfd.ini moved successfully.
      C:\Windows\SysWOW64\djzobvavx.ini moved successfully.
      C:\Windows\SysWOW64\dgppwo.dat moved successfully.
      C:\Windows\SysWOW64\dgckkqqq.ini moved successfully.
      C:\Windows\SysWOW64\dfswulgomz.ini moved successfully.
      C:\Windows\SysWOW64\detwvkklv.ini moved successfully.
      C:\Windows\SysWOW64\defhdp.ini moved successfully.
      C:\Windows\SysWOW64\ctxnogspj.ini moved successfully.
      C:\Windows\SysWOW64\cqbt.ini moved successfully.
      C:\Windows\SysWOW64\cntaml.ini moved successfully.
      C:\Windows\SysWOW64\civwzqm.ini moved successfully.
      C:\Windows\SysWOW64\cfclssx.ini moved successfully.
      C:\Windows\SysWOW64\cdntf.dat moved successfully.
      C:\Windows\SysWOW64\cbqynozbpo.ini moved successfully.
      C:\Windows\SysWOW64\cbgvboorrjj.dat moved successfully.
      C:\Windows\SysWOW64\bzyz.dat moved successfully.
      C:\Windows\SysWOW64\byoqvakieh.ini moved successfully.
      C:\Windows\SysWOW64\bxqecmpfn.ini moved successfully.
      C:\Windows\SysWOW64\bulcyfilrrd.dat moved successfully.
      C:\Windows\SysWOW64\bsxkwl.dat moved successfully.
      C:\Windows\SysWOW64\bsmobir.dat moved successfully.
      C:\Windows\SysWOW64\blxcchdo.dat moved successfully.
      C:\Windows\SysWOW64\betjex.ini moved successfully.
      C:\Windows\baxqskha.dat moved successfully.
      C:\Windows\SysWOW64\azuxhafgo.ini moved successfully.
      C:\Windows\SysWOW64\ayyyufnvi.ini moved successfully.
      C:\Windows\SysWOW64\auemdu.ini moved successfully.
      C:\Windows\SysWOW64\aso.dat moved successfully.
      C:\Windows\SysWOW64\arembuqqlhl.ini moved successfully.
      C:\Windows\SysWOW64\apluecjxljh.ini moved successfully.
      C:\Windows\SysWOW64\akjgqsepny.ini moved successfully.
      C:\Windows\SysWOW64\ajnzyssdz.dat moved successfully.
      C:\Windows\SysWOW64\ajfm.ini moved successfully.
      C:\Windows\SysWOW64\aesvs.dat moved successfully.
      C:\Windows\SysWOW64\aclcvmx.ini moved successfully.
      C:\Windows\Installer\{9dd5faf7-53f3-ae13-66d3-c45fdde173b8}\L folder moved successfully.
      C:\Windows\Installer\{9dd5faf7-53f3-ae13-66d3-c45fdde173b8}\U folder moved successfully.
      C:\Users\DAVID\AppData\Local\{9dd5faf7-53f3-ae13-66d3-c45fdde173b8}\@ moved successfully.
      C:\Users\DAVID\AppData\Local\{9dd5faf7-53f3-ae13-66d3-c45fdde173b8}\L folder moved successfully.
      C:\Users\DAVID\AppData\Local\{9dd5faf7-53f3-ae13-66d3-c45fdde173b8}\U folder moved successfully.
      C:\Windows\assembly\Desktop.ini moved successfully.
      C:\{BE0BFE4E-DC0C-4B49-BE02-BCF7357D4879} moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: DAVID
      ->Temp folder emptied: 5836543 bytes
      ->Temporary Internet Files folder emptied: 2090238 bytes
      ->Java cache emptied: 435671 bytes
      ->FireFox cache emptied: 222030177 bytes
      ->Google Chrome cache emptied: 347087001 bytes
      ->Flash cache emptied: 59163 bytes

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 56478 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: Public
      ->Temp folder emptied: 0 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 1053096 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83307 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 552.00 mb


      OTL by OldTimer - Version 3.2.69.0 log created on 02012013_100228

    4. #14
      Usuario Avatar de RyGarT
      Registrado
      nov 2011
      Ubicación
      Cajamarca
      Mensajes
      14

      Re: virus en services.exe

      Y aun me aparece el aviso en mi Panda cloud antivirus

    5. #15
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: virus en services.exe

      Realiza lo siguiente:

      Descarga OTC by OldTimer a tu escritorio.
      • Ejecuta OTC.exe, Si usas Vista o 7 presiona clic derecho ejecutar como administrador.
      • Presiona clic en el botón CleanUp! y luego en "Yes"
      • Permite que el equipo se reinicie presionando nuevamente en "Yes" >>> Esto es importante.
      Después del reinicio.


      - Descarga una nueva copia de la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
        • *Nota* No vuelvas a utilizar ComboFix ni ningun otro programa antivirus hasta que no te de una respuesta.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.
      Última edición por Dany3j fecha: 01/02/13 a las 18:15:28

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #16
      Usuario Avatar de RyGarT
      Registrado
      nov 2011
      Ubicación
      Cajamarca
      Mensajes
      14

      Re: virus en services.exe

      ComboFix 13-01-28.02 - DAVID 01/02/2013 14:50:37.3.4 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.51.3082.18.4078.2719 [GMT -5:00]
      Running from: c:\users\DAVID\Downloads\ComboFix.exe
      AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
      FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
      SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\DAVID\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
      .
      .
      2013-02-01 19:59 . 2013-02-01 19:59 -------- d-----w- c:\users\Public\AppData\Local\temp
      2013-02-01 19:59 . 2013-02-01 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
      2013-02-01 19:48 . 2012-11-07 14:00 58360 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
      2013-02-01 06:02 . 2013-02-01 06:02 -------- d-----w- C:\adobeTemp
      2013-01-28 11:24 . 2013-01-28 11:24 -------- d-----w- C:\GAMES
      2013-01-28 11:19 . 2007-06-03 23:17 229376 ----a-w- c:\windows\system32\glide.dll
      2013-01-28 11:19 . 2007-06-03 23:16 262144 ----a-w- c:\windows\system32\glide2x.dll
      2013-01-28 11:19 . 2007-06-01 01:43 29412 ----a-w- c:\windows\system32\glide2x.ovl
      2013-01-28 11:17 . 2013-01-28 11:26 -------- d-----w- c:\program files\Ignition
      2013-01-28 01:21 . 2013-02-01 15:13 -------- d-----w- c:\program files (x86)\Steam
      2013-01-25 13:41 . 2013-01-16 20:09 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
      2013-01-25 13:41 . 2013-01-16 20:09 157712 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
      2013-01-25 13:41 . 2013-01-16 20:08 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
      2013-01-25 13:41 . 2013-01-16 20:08 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
      2013-01-25 13:41 . 2013-01-16 20:09 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
      2013-01-18 05:43 . 2013-01-18 05:43 -------- d-----w- c:\users\DAVID\AppData\Roaming\LolClient
      2013-01-18 01:19 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
      2013-01-18 01:19 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
      2013-01-18 01:19 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
      2013-01-18 01:06 . 2013-01-18 01:06 -------- d-----w- C:\Riot Games
      2013-01-17 19:39 . 2013-02-01 15:02 -------- d-----w- c:\users\DAVID\AppData\Local\PMB Files
      2013-01-17 19:39 . 2013-01-18 21:32 -------- d-----w- c:\programdata\PMB Files
      2013-01-17 19:39 . 2013-01-17 19:39 -------- d-----w- c:\program files (x86)\Pando Networks
      2013-01-17 19:38 . 2013-01-17 19:38 -------- d-----w- c:\users\DAVID\.swt
      2013-01-17 04:17 . 2013-01-17 04:17 -------- d-----w- c:\users\DAVID\AppData\Local\SplitMediaLabs
      2013-01-17 04:16 . 2013-01-17 04:16 -------- d-----w- c:\programdata\SplitMediaLabs
      2013-01-17 04:16 . 2013-01-17 04:16 -------- d-----w- c:\program files (x86)\SplitMediaLabs
      2013-01-17 04:14 . 2013-01-17 04:14 -------- d-----w- c:\users\DAVID\AppData\Roaming\SplitMediaLabs
      2013-01-09 15:45 . 2013-01-09 15:45 -------- d-----w- c:\program files\CCleaner
      2013-01-07 18:36 . 2013-01-07 18:36 -------- d-----w- c:\users\DAVID\AppData\Roaming\raidcall
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-01-30 02:19 . 2012-04-20 02:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-01-30 02:19 . 2012-02-16 02:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-01-25 06:35 . 2012-10-01 05:17 6400 ----a-w- c:\programdata\NanoRepository.bin
      2012-12-14 21:49 . 2012-02-13 18:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-12-05 13:57 . 2012-12-05 13:57 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
      2012-11-11 23:40 . 2012-11-11 23:40 131072 ----a-w- c:\windows\system32\drivers\SteelBus64.sys
      2012-11-10 00:01 . 2012-11-10 00:01 204328 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
      2012-11-10 00:01 . 2012-11-10 00:01 133160 ----a-w- c:\windows\system32\drivers\PSINProt.sys
      2012-11-10 00:01 . 2012-11-10 00:01 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
      2012-11-10 00:01 . 2012-11-10 00:01 167976 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
      2012-11-10 00:01 . 2012-11-10 00:01 119848 ----a-w- c:\windows\system32\drivers\PSINFile.sys
      2012-11-09 16:24 . 2012-11-09 16:24 291368 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
      2012-11-09 16:24 . 2012-11-09 16:24 148520 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
      2012-11-09 16:24 . 2012-11-09 16:24 150568 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
      2012-11-09 16:24 . 2012-11-09 16:24 135208 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
      2012-11-09 16:24 . 2012-11-09 16:24 397864 ----a-w- c:\windows\system32\drivers\NNSProt.sys
      2012-11-09 16:24 . 2012-11-09 16:24 83496 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
      2012-11-09 16:24 . 2012-11-09 16:24 139304 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
      2012-11-09 16:24 . 2012-11-09 16:24 154152 ----a-w- c:\windows\system32\drivers\NNSIds.sys
      2012-11-09 16:24 . 2012-11-09 16:24 134696 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
      2012-11-09 16:24 . 2012-11-09 16:24 136232 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
      2012-11-09 16:24 . 2012-11-09 16:24 127016 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
      2012-10-15 13:02 87176 ----a-w- c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2012-10-15 87176]
      .
      [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-11-28 237056]
      "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832]
      "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
      R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
      R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
      R3 BthMtpEnum;Enumerador de dispositivos Bluetooth MTP;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]
      R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
      R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
      R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
      R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
      R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-15 1431888]
      R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
      R3 Gun;Gun;c:\game\SoftnyxGame\GunboundLS\Gun64.sys [2012-08-26 45176]
      R3 h647906;DragonRise HID7906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys [2008-12-01 62576]
      R3 hid7906;DragonRise HID7906 x86 Driver;c:\windows\system32\drivers\hid7906.sys [x]
      R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328]
      R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-10-15 38016]
      R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
      R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
      R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
      R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
      R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
      R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
      R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 145384]
      R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x]
      R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
      R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
      R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
      R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
      R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-16 1255736]
      R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
      R4 MSSQLServerADHelper100;Servicio auxiliar de SQL Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 61976]
      R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
      R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672]
      R4 SQLAgent$SQLEXPRESS;Agente SQL Server (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
      S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-11-09 127016]
      S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-11-09 136232]
      S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-11-09 154152]
      S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-10-22 33320]
      S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-11-09 134696]
      S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-11-09 83496]
      S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-11-09 139304]
      S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-11-09 397864]
      S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-11-09 150568]
      S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-11-09 135208]
      S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-11-09 291368]
      S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-11-09 148520]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-11-10 204328]
      S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
      S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
      S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
      S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-12 2429544]
      S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-11-12 140064]
      S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-11-10 167976]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-11-10 119848]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-11-10 123944]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-11-10 133160]
      S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-11-15 36640]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-12 380224]
      S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
      S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
      S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
      S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000]
      S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232]
      S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216]
      S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-04-29 29344]
      S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-04-29 166048]
      S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040]
      S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-04-29 283296]
      S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]
      S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-11-11 131072]
      S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 283200]
      S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-11 76912]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
      S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-12 340072]
      S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
      S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - PSKMAD
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2200019568-3828982897-1709191539-1000Core.job
      - c:\users\DAVID\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-29 16:44]
      .
      2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2200019568-3828982897-1709191539-1000Core.job
      - c:\users\DAVID\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 19:08]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://sony.msn.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = local
      IE: &Enviar a OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
      FF - ProfilePath - c:\users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\8jvlgl6r.default\
      FF - prefs.js: browser.search.selectedEngine -
      FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
      FF - ExtSQL: 2012-12-28 13:46; [email protected]; c:\users\DAVID\AppData\Roaming\Mozilla\Firefox\Profiles\8jvlgl6r.default\extensions\[email protected]
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKCU-Run-AdobeBridge - (no file)
      HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
      AddRemove-FlexUnits - c:\windows\system32\Unwise32.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
      "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
      "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-2200019568-3828982897-1709191539-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
      @DACL=(02 0000)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2013-02-01 15:01:38
      ComboFix-quarantined-files.txt 2013-02-01 20:01
      .
      Pre-Run: 30,935,310,336 bytes libres
      Post-Run: 30,604,509,184 bytes libres
      .
      - - End Of File - - 8B81C8E4E8ABDAB6DB3CD74472C2FA9E

      Todavia sale el aviso en panda cloud y la maquina se vuelve lenta cuando lo encuentra, lamento no haber podido responder antes pero tuve que hacer un viaje inesperado

    7. #17
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: virus en services.exe

      Realiza lo siguiente:

      Descarga >> Malwarebytes Anti-Rootkit Beta.zip y descomprimes el contenido en tu escritorio.

      • Abre la carpeta Mbar, haces doble clic en el archivo Mbar.exe
      • En la ventana que saldrá pulsas en "Next".
      • Pulsar en "Update", y cuando termine en "Next"
      • Ahora inicias el análisis pulsando en el botón "Scan"
      • Al terminar, si existe infección pulsamos en "CleanUp" y si no hay infección pulsamos en ""Exit"


      Al terminar busca en la carpeta Mbar, y abres los archivos mbar-log.txt y system-log.txt, nos copias el contenido en la siguiente respuesta y comentas resultados.

      Saludos.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de RyGarT
      Registrado
      nov 2011
      Ubicación
      Cajamarca
      Mensajes
      14

      Re: virus en services.exe

      Malwarebytes Anti-Rootkit BETA 1.01.0.1017
      Malwarebytes : Free anti-malware download

      Database version: v2013.02.04.07

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      DAVID :: RYGART-VAIO [administrator]

      04/02/2013 02:50:28 p.m.
      mbar-log-2013-02-04 (14-50-28).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 33974
      Time elapsed: 13 minute(s), 44 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 2
      c:\Users\DAVID\Desktop\PSD Crack Youtube Pixelo\32-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Delete on reboot.
      c:\Users\DAVID\Desktop\PSD Crack Youtube Pixelo\64-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Delete on reboot.

      (end)





      SYSTEM LOG:


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1017

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7601 Windows 7 Service Pack 1 x64

      Account is Administrative

      Internet Explorer version: 9.0.8112.16421

      Java version: 1.6.0_31

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
      CPU speed: 2.394000 GHz
      Memory total: 4275945472, free: 2291388416

      ------------ Kernel report ------------
      02/04/2013 14:35:43
      ------------ Loaded modules -----------
      \SystemRoot\system32\ntoskrnl.exe
      \SystemRoot\system32\hal.dll
      \SystemRoot\system32\kdcom.dll
      \SystemRoot\system32\mcupdate_GenuineIntel.dll
      \SystemRoot\system32\PSHED.dll
      \SystemRoot\system32\CLFS.SYS
      \SystemRoot\system32\CI.dll
      \SystemRoot\system32\drivers\Wdf01000.sys
      \SystemRoot\system32\drivers\WDFLDR.SYS
      \SystemRoot\system32\drivers\ACPI.sys
      \SystemRoot\system32\drivers\WMILIB.SYS
      \SystemRoot\system32\drivers\msisadrv.sys
      \SystemRoot\system32\drivers\pci.sys
      \SystemRoot\system32\drivers\vdrvroot.sys
      \SystemRoot\System32\drivers\partmgr.sys
      \SystemRoot\system32\DRIVERS\compbatt.sys
      \SystemRoot\system32\DRIVERS\BATTC.SYS
      \SystemRoot\system32\drivers\volmgr.sys
      \SystemRoot\System32\drivers\volmgrx.sys
      \SystemRoot\System32\drivers\mountmgr.sys
      \SystemRoot\system32\drivers\iaStor.sys
      \SystemRoot\system32\drivers\amdxata.sys
      \SystemRoot\system32\drivers\fltmgr.sys
      \SystemRoot\system32\drivers\fileinfo.sys
      \SystemRoot\System32\Drivers\Ntfs.sys
      \SystemRoot\System32\Drivers\msrpc.sys
      \SystemRoot\System32\Drivers\ksecdd.sys
      \SystemRoot\System32\Drivers\cng.sys
      \SystemRoot\System32\drivers\pcw.sys
      \SystemRoot\System32\Drivers\Fs_Rec.sys
      \SystemRoot\system32\drivers\ndis.sys
      \SystemRoot\system32\drivers\NETIO.SYS
      \SystemRoot\System32\Drivers\ksecpkg.sys
      \SystemRoot\System32\drivers\tcpip.sys
      \SystemRoot\System32\drivers\fwpkclnt.sys
      \SystemRoot\system32\drivers\wd.sys
      \SystemRoot\system32\drivers\volsnap.sys
      \SystemRoot\System32\Drivers\spldr.sys
      \SystemRoot\System32\drivers\rdyboost.sys
      \SystemRoot\System32\Drivers\mup.sys
      \SystemRoot\System32\drivers\hwpolicy.sys
      \SystemRoot\System32\DRIVERS\fvevol.sys
      \SystemRoot\system32\drivers\disk.sys
      \SystemRoot\system32\drivers\CLASSPNP.SYS
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\drivers\VIDEOPRT.SYS
      \SystemRoot\System32\drivers\watchdog.sys
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\system32\drivers\rdpencdd.sys
      \SystemRoot\system32\drivers\rdprefmp.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\tdx.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\drivers\afd.sys
      \SystemRoot\System32\DRIVERS\netbt.sys
      \SystemRoot\system32\drivers\ws2ifsl.sys
      \SystemRoot\system32\DRIVERS\wfplwf.sys
      \SystemRoot\system32\DRIVERS\pacer.sys
      \SystemRoot\system32\DRIVERS\vwififlt.sys
      \SystemRoot\system32\DRIVERS\NNSNAHSL.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\system32\DRIVERS\termdd.sys
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\DRIVERS\psinknc.sys
      \SystemRoot\system32\drivers\nsiproxy.sys
      \SystemRoot\system32\DRIVERS\NNSTlsc.sys
      \SystemRoot\system32\DRIVERS\NNSStrm.sys
      \SystemRoot\system32\DRIVERS\NNSSmtp.sys
      \SystemRoot\system32\DRIVERS\NNSPrv.sys
      \SystemRoot\system32\DRIVERS\NNSProt.sys
      \SystemRoot\system32\DRIVERS\NNSPop3.sys
      \SystemRoot\system32\DRIVERS\NNSPihsw.sys
      \SystemRoot\system32\DRIVERS\NNSPicc.sys
      \SystemRoot\system32\DRIVERS\NNSIds.sys
      \SystemRoot\system32\DRIVERS\NNSHttp.sys
      \SystemRoot\system32\DRIVERS\NNSAlpc.sys
      \SystemRoot\system32\DRIVERS\mssmbios.sys
      \SystemRoot\System32\drivers\discache.sys
      \SystemRoot\System32\Drivers\dfsc.sys
      \SystemRoot\system32\DRIVERS\blbdrive.sys
      \SystemRoot\system32\DRIVERS\tunnel.sys
      \SystemRoot\system32\DRIVERS\nvlddmkm.sys
      \SystemRoot\System32\Drivers\nvBridge.kmd
      \SystemRoot\System32\drivers\dxgkrnl.sys
      \SystemRoot\System32\drivers\dxgmms1.sys
      \SystemRoot\system32\DRIVERS\HDAudBus.sys
      \SystemRoot\system32\DRIVERS\HECIx64.sys
      \SystemRoot\system32\DRIVERS\usbehci.sys
      \SystemRoot\system32\DRIVERS\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\athrx.sys
      \SystemRoot\system32\DRIVERS\vwifibus.sys
      \SystemRoot\system32\DRIVERS\RtsPStor.sys
      \SystemRoot\system32\DRIVERS\L1C62x64.sys
      \SystemRoot\system32\DRIVERS\CmBatt.sys
      \SystemRoot\system32\DRIVERS\i8042prt.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\SynTP.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\SFEP.sys
      \SystemRoot\system32\DRIVERS\intelppm.sys
      \SystemRoot\system32\DRIVERS\wmiacpi.sys
      \SystemRoot\system32\DRIVERS\CompositeBus.sys
      \SystemRoot\system32\DRIVERS\AgileVpn.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\rassstp.sys
      \SystemRoot\system32\DRIVERS\swenum.sys
      \SystemRoot\system32\DRIVERS\ks.sys
      \SystemRoot\system32\DRIVERS\btath_bus.sys
      \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
      \SystemRoot\system32\DRIVERS\SteelBus64.sys
      \SystemRoot\system32\DRIVERS\umbus.sys
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\DRIVERS\usbccgp.sys
      \SystemRoot\system32\drivers\nvhda64v.sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\system32\drivers\ksthunk.sys
      \SystemRoot\system32\drivers\CHDRT64.sys
      \SystemRoot\system32\DRIVERS\hidusb.sys
      \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\system32\DRIVERS\kbdhid.sys
      \SystemRoot\system32\DRIVERS\mouhid.sys
      \SystemRoot\System32\Drivers\usbvideo.sys
      \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\system32\DRIVERS\SAlpham64.sys
      \SystemRoot\system32\drivers\usbaudio.sys
      \SystemRoot\System32\Drivers\crashdmp.sys
      \SystemRoot\System32\Drivers\dump_iaStor.sys
      \SystemRoot\System32\Drivers\dump_dumpfve.sys
      \SystemRoot\system32\DRIVERS\monitor.sys
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\cdd.dll
      \SystemRoot\system32\DRIVERS\PSINAflt.sys
      \SystemRoot\system32\DRIVERS\PSINProt.sys
      \SystemRoot\System32\ATMFD.DLL
      \??\C:\Windows\system32\drivers\mbam.sys
      \SystemRoot\system32\DRIVERS\PSINFile.sys
      \SystemRoot\system32\DRIVERS\PSINProc.sys
      \SystemRoot\system32\drivers\WudfPf.sys
      \??\C:\Program Files\Sandboxie\SbieDrv.sys
      \SystemRoot\system32\DRIVERS\RMCAST.sys
      \SystemRoot\system32\DRIVERS\lltdio.sys
      \SystemRoot\system32\DRIVERS\nwifi.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\DRIVERS\rspndr.sys
      \SystemRoot\system32\drivers\HTTP.sys
      \SystemRoot\System32\DRIVERS\srvnet.sys
      \SystemRoot\system32\DRIVERS\bowser.sys
      \SystemRoot\System32\drivers\mpsdrv.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\system32\DRIVERS\mrxsmb10.sys
      \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      \SystemRoot\System32\DRIVERS\srv2.sys
      \SystemRoot\System32\DRIVERS\srv.sys
      \SystemRoot\system32\DRIVERS\vwifimp.sys
      \SystemRoot\system32\drivers\peauth.sys
      \SystemRoot\System32\Drivers\secdrv.SYS
      \SystemRoot\System32\drivers\tcpipreg.sys
      \SystemRoot\System32\drivers\ipnat.sys
      \SystemRoot\System32\DRIVERS\PSKMAD.sys
      \SystemRoot\system32\drivers\spsys.sys
      \??\C:\Windows\system32\drivers\mbamchameleon.sys
      \??\C:\Windows\system32\drivers\mbamswissarmy.sys
      \Windows\System32\ntdll.dll
      \Windows\System32\smss.exe
      \Windows\System32\apisetschema.dll
      ----------- End -----------
      <<<1>>>
      Upper Device Name: \Device\Harddisk0\DR0
      Upper Device Object: 0xfffffa80065ee060
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\Ide\IAAStorageDevice-1\
      Lower Device Object: 0xfffffa8004866050
      Lower Device Driver Name: \Driver\iaStor\
      Driver name found: iaStor
      Initialization returned 0x0
      Load Function returned 0x0
      Downloaded database version: v2013.02.04.07
      Downloaded database version: v2013.01.23.01
      Initializing...
      Done!
      <<<2>>>
      Device number: 0, partition: 3
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xfffffa80065ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xfffffa80065eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xfffffa80065ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xfffffa8004866050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
      ------------ End ----------
      Upper DeviceData: 0xfffff8a001e96cc0, 0xfffffa80065ee060, 0xfffffa80045bb090
      Lower DeviceData: 0xfffff8a0047827a0, 0xfffffa8004866050, 0xfffffa8004276310
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning directory: C:\Windows\system32\drivers...
      Done!
      Drive 0
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: 49F5FE09

      Partition information:

      Partition 0 type is Other (0x27)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 2048 Numsec = 30980096

      Partition 1 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 30982144 Numsec = 204800
      Partition file system is NTFS
      Partition is bootable

      Partition 2 type is Primary (0x7)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 31186944 Numsec = 473944112

      Partition 3 type is Extended with LBA (0xf)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 505133056 Numsec = 471638016

      Disk Size: 500107862016 bytes
      Sector size: 512 bytes

      Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
      Done!
      Performing system, memory and registry scan...
      Read File: File "c:\ProgramData\{122DEDD6-6836-4B5F-BC64-5B214DA18102}\instance.dat" is compressed (flags = 1)
      Read File: File "c:\ProgramData\{122DEDD6-6836-4B5F-BC64-5B214DA18102}\VAIO Messenger Setup 2.0.118.0.dat" is compressed (flags = 1)
      Read File: File "c:\ProgramData\{122DEDD6-6836-4B5F-BC64-5B214DA18102}\instance.dat" is compressed (flags = 1)
      Read File: File "c:\ProgramData\{122DEDD6-6836-4B5F-BC64-5B214DA18102}\VAIO Messenger Setup 2.0.118.0.dat" is compressed (flags = 1)
      Read File: File "c:\ProgramData\{122DEDD6-6836-4B5F-BC64-5B214DA18102}\instance.dat" is compressed (flags = 1)
      Read File: File "c:\ProgramData\{122DEDD6-6836-4B5F-BC64-5B214DA18102}\VAIO Messenger Setup 2.0.118.0.dat" is compressed (flags = 1)
      Infected: c:\Users\DAVID\Desktop\PSD Crack Youtube Pixelo\32-bit\amtlib.dll --> [PUP.RiskwareTool.CK]
      Infected: c:\Users\DAVID\Desktop\PSD Crack Youtube Pixelo\64-bit\amtlib.dll --> [PUP.RiskwareTool.CK]
      Done!
      Scan finished
      Creating System Restore point...
      Scheduling clean up...
      <<<2>>>
      Device number: 0, partition: 3
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Removal scheduling successful. System shutdown needed.
      System shutdown occurred
      =======================================


      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.01.0.1017

      (c) Malwarebytes Corporation 2011-2012

      OS version: 6.1.7601 Windows 7 Service Pack 1 x64

      Account is Administrative

      Internet Explorer version: 9.0.8112.16421

      Java version: 1.6.0_31

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
      CPU speed: 2.394000 GHz
      Memory total: 4275945472, free: 3010654208

      Removal queue found; removal started
      Removing c:\Users\DAVID\Desktop\PSD Crack Youtube Pixelo\32-bit\amtlib.dll...
      Removing c:\Users\DAVID\Desktop\PSD Crack Youtube Pixelo\64-bit\amtlib.dll...
      Removal finished
      =======================================

    9. #19
      Usuario Avatar de RyGarT
      Registrado
      nov 2011
      Ubicación
      Cajamarca
      Mensajes
      14

      Re: virus en services.exe

      Y sigue apareciendome el virus en panda cloud antivirus :s

    10. #20
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: virus en services.exe

      Déjame una captura de pantalla del antivirus.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.