• Registrarse
  • Iniciar sesión


  • Página 1 de 3 123 ÚltimoÚltimo
    Resultados 1 al 10 de 25

    posible virus

    [workstation HP, win 7 ultimate, intel xeon 5160@ 3.00GHZ, 4 de memoria ram, 64bits] de la noche a la manana mi computadora comenzo a correr muuuy lenta, al grado que antes podia tener abierto photoshop, ...

    1. #1
      Usuario Avatar de rusty s
      Registrado
      feb 2013
      Ubicación
      canada
      Mensajes
      14

      Malware posible virus



      [workstation HP, win 7 ultimate, intel xeon 5160@ 3.00GHZ, 4 de memoria ram, 64bits]
      de la noche a la manana mi computadora comenzo a correr muuuy lenta, al grado que antes podia tener abierto photoshop, maya, firefox, itunes, bittorrent, etc, y corria normal, ahora rara vez puedo acceder a mi pc, documentos, o incluso task manager, y ni siquiera el menu de inicio me lo abre bien cuando intento reiniciar o apagar mediante el boton en inicio y termino apagandola manualmente, entonces supongo que hay algo por ahi que no se detectarlo, intente un chequeo con el Panda, pero se queda trabado a la mitad y tengo que apagar la computadora nuevamente manualmente.

      algunos errores menores extras como un mensaje de error firefox de [java script application], no poder acceder a paginas de antivirus, o ser redirigido a otras paginas, ejemplo: rapidshare a amazon.
      uno que lei por ahi que me ponia doble acento, y tener western union aveces de homepage, en fin, algunos segun yo son minimos, como lo de java

      Ok, baje el Avast y ese segun me detecto algunos bichos y los borro, pero sigue igual
      Trato de seguir la "guia de deteccion de malwares", se supone que malwarebytes me borro los que encontro, reinicie, pero aun sige estando lenta
      tengo el reporte de malwarebytes y un screen q salve del task manager, de los procesadores que estan trabajando por si encuentran uno raro.

      ----

      Database version: v2013.02.18.11

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      win :: WIN-PC [administrator]

      Protection: Enabled

      2/18/2013 8:07:34 PM
      MBAM-log-2013-02-18 (20-54-30).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 206741
      Time elapsed: 45 minute(s), 56 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 34
      HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
      HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> No action taken.
      HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> No action taken.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> No action taken.
      HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
      HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
      HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
      HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
      HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
      HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
      HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
      HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
      HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
      HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
      HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
      HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
      HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
      HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
      HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
      HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
      HKCR\f (PUP.Funmoods) -> No action taken.
      HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
      HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> No action taken.
      HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> No action taken.
      HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
      HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.
      HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
      HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> No action taken.

      Registry Values Detected: 3
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: http://searchfunmoods.com/?f=2&a=as1212&chnl=as1212&cd=2XzuyEtN2Y1L1QzutDtDtC0FtC0FzzyB0FyB0BtAzyzy0E0AtN0D0Tzu0CtAtAzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1957751475 -> No action taken.

      Registry Data Items Detected: 1
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=as1212&chnl=as1212&cd=2XzuyEtN2Y1L1QzutDtDtC0FtC0FzzyB0FyB0BtAzyzy0E0AtN0D0Tzu0CtAtAzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1957751475) Good: (http://www.google.com) -> No action taken.

      Folders Detected: 5
      C:\Users\win\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
      C:\Users\win\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> No action taken.

      Files Detected: 15
      C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> No action taken.
      C:\Users\win\wgsdgsdgdsgsd.exe (Trojan.Happili) -> No action taken.
      C:\Users\win\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.
      C:\Users\win\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
      C:\Users\win\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> No action taken.
      C:\Users\win\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> No action taken.

      (end)

      ----------------


      nose que mas poner aca..... :l


      gracias!
      Última edición por rusty s fecha: 19/02/13 a las 04:08:18

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      re: posible virus

      Hola rusty s

      al Foro.

      Consejos para antes de publicar un nuevo mensaje

      Políticas del Foro de InfoSpyware

      Políticas Foro Oficial de HijackThis en español
      --------------------------------------------------


      El reporte de Malwarebytes dice No Actiom Taken = Ninguna acción tomada.

      Esto puede ser por dos razones:

      • 1.- Corriste Malwarebytes pero olvidaste marcar la opción de Quitar lo Seleeccionado >> Revisa su Manual. ver Imagen
      • 2.- Tomaste el reporte de Malwarebytes antes del reinicio.



      Si tu caso es el punto 1: Lo actualizas y vuelves a correrlo, siguiendo el Manual para hacerlo correctamente.

      Si tu caso es el punto 2: Vas a la Pestaña Registros del programa, y nos pegas el último informe que aparezca.

      Descarga >>> Adwcleaner.exe <<< a tu escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner. (Si usa Windows Vista o 7 presione clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del programa pulsar el botón Supresión.
      • Sigue las instrucciones, si te pide Reiniciar el Sistema >>> Presione Aceptar.
      • Luego de reiniciar se abrirá un Block de Notas con el reporte, que debes pegar en tu próxima respuesta.
      • El mismo se encuentra en C:\AdwCleaner[S1].txt



      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de rusty s
      Registrado
      feb 2013
      Ubicación
      canada
      Mensajes
      14

      re: posible virus

      Gracias!
      Y bueno ya q tome el informe antes del reinicio, este es el ultimo informe de malwarebytes:

      ----
      2013/02/19 01:26:42 -0800 WIN-PC win MESSAGE Starting protection
      2013/02/19 01:26:42 -0800 WIN-PC win MESSAGE Protection started successfully
      2013/02/19 01:26:42 -0800 WIN-PC win MESSAGE Starting IP protection
      2013/02/19 01:26:49 -0800 WIN-PC win MESSAGE IP Protection started successfully
      2013/02/19 01:41:20 -0800 WIN-PC win MESSAGE Starting protection
      2013/02/19 01:41:20 -0800 WIN-PC win MESSAGE Protection started successfully
      2013/02/19 01:41:20 -0800 WIN-PC win MESSAGE Starting IP protection
      2013/02/19 01:41:25 -0800 WIN-PC win MESSAGE IP Protection started successfully
      ----






      y el reporte de AdwCleaner:






      ----
      # AdwCleaner v2.112 - Logfile created 02/19/2013 at 02:03:32
      # Updated 10/02/2013 by Xplode
      # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
      # User : win - WIN-PC
      # Boot Mode : Normal
      # Running from : C:\Users\win\Desktop\adwcleaner0.exe
      # Option [Delete]


      ***** [Services] *****

      Stopped & Deleted : WajamUpdater

      ***** [Files / Folders] *****

      File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
      Folder Deleted : C:\Program Files (x86)\BitTorrentControl_v12
      Folder Deleted : C:\Program Files (x86)\Conduit
      Folder Deleted : C:\Program Files (x86)\Wajam
      Folder Deleted : C:\ProgramData\APN
      Folder Deleted : C:\ProgramData\blekko toolbars
      Folder Deleted : C:\ProgramData\boost_interprocess
      Folder Deleted : C:\ProgramData\Tarma Installer
      Folder Deleted : C:\Users\win\AppData\Local\Conduit
      Folder Deleted : C:\Users\win\AppData\Local\Wajam
      Folder Deleted : C:\Users\win\AppData\LocalLow\BitTorrentControl_v12
      Folder Deleted : C:\Users\win\AppData\LocalLow\Conduit
      Folder Deleted : C:\Users\win\AppData\Roaming\Microsoft\windows\Start Menu\Programs\Wajam

      ***** [Registry] *****

      Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
      Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
      Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
      Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
      Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
      Key Deleted : HKCU\Software\AppDataLow\Toolbar
      Key Deleted : HKCU\Software\Conduit
      Key Deleted : HKCU\Software\Cr_Installer
      Key Deleted : HKCU\Software\InstallCore
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Key Deleted : HKCU\Software\Wajam
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
      Key Deleted : HKLM\Software\BitTorrentControl_v12
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
      Key Deleted : HKLM\Software\Conduit
      Key Deleted : HKLM\Software\Funmoods
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
      Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
      Key Deleted : HKLM\Software\Wajam
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DBE1985-8046-4A8B-9752-F6F6D7B945A9}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E70A6F01-EAFE-435E-8D9A-F43E60CFF627}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
      Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
      Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
      Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
      Key Deleted : HKLM\SOFTWARE\Tarma Installer
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
      Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=as1212&chnl=as1212&cd=2XzuyEtN2Y1L1QzutDtDtC0FtC0FzzyB0FyB0BtAzyzy0E0AtN0D0Tzu0CtAtAzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1957751475 --> hxxp://www.google.com

      -\\ Mozilla Firefox v18.0.2 (en-US)

      File : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\prefs.js

      C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\user.js ... Deleted !

      [OK] File is clean.

      -\\ Google Chrome v24.0.1312.57

      File : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Preferences

      Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
      Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48"[...]
      Deleted [l.55] : keyword = "blekko",
      Deleted [l.58] : search_url = "hxxp://pandasecurityr.mystart.com/?source=5b97eeb3&v=4_0&tbp=rbox&toolbarid=pan[...]
      Deleted [l.1908] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
      Deleted [l.2346] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]

      *************************

      AdwCleaner[S1].txt - [10780 octets] - [19/02/2013 02:03:32]

      ########## EOF - C:\AdwCleaner[S1].txt - [10841 octets] ##########

    4. #4
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: posible virus

      Hola:


      El reporte que colocas de Malwarebytes no es el correcto.


      Vuelve a ejecutar Malwarebytes pero esta vez no olvides marcar y darle a eliminar todo lo seleccionado tal como dice su manual.


      Comenta como sigue el problema.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de rusty s
      Registrado
      feb 2013
      Ubicación
      canada
      Mensajes
      14

      Re: posible virus

      hola que tal!

      intento ejecutar malwarebytes pero se congela y ya no avanza por mucho mucho tiempo, y termino apagando la computadora manualmente,
      es la 4 vez que intento.

      Ayer use la computadora, usando itunes, firefox, y hasta maya, incluyendo renders y corria bien, son algunas acciones en windows lo que la alenta o cuando corro mediaplayer o una pelicula online.
      tambien baje un nuevo driver para mi nvidia (quadro fx 4500)
      Esta ves me esperare mas de lo normal, a ver si avanza el malwarebytes.

      alguna sugerencia u otro programa que pueda usar en ves de malware?
      estoy seguro que si marque y elimine lo seleccionado, solo que saque el reporte antes, solo que fue un chequeo rapido, por eso es que termino antes de conjelarse
      a proposito tengo csrss.exe corriendo de los mas altos, podra ser parte del problema?

      saludos!

    6. #6
      Usuario Avatar de rusty s
      Registrado
      feb 2013
      Ubicación
      canada
      Mensajes
      14

      Re: posible virus

      creeo que encontre el reporte del primero que hize, este es el correcto si no me equivoco:
      (repito fue un quick scan, en este momento estoy haciendo uno completo, esperemos no se quede a la mitad)

      -----


      Malwarebytes Anti-Malware (Trial) 1.70.0.1100
      Malwarebytes : Free anti-malware download

      Database version: v2013.02.18.11

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      win :: WIN-PC [administrator]

      Protection: Enabled

      2/18/2013 8:07:34 PM
      mbam-log-2013-02-18 (20-07-34).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 206741
      Time elapsed: 45 minute(s), 56 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 34
      HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
      HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

      Registry Values Detected: 3
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Data: Funmoods Search -> Quarantined and deleted successfully.

      Registry Data Items Detected: 1
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (Funmoods Search) Good: (Google) -> Quarantined and repaired successfully.

      Folders Detected: 5
      C:\Users\win\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Users\win\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Quarantined and deleted successfully.

      Files Detected: 15
      C:\Users\win\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
      C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
      C:\Users\win\wgsdgsdgdsgsd.exe (Trojan.Happili) -> Quarantined and deleted successfully.
      C:\Users\win\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
      C:\Users\win\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Users\win\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Quarantined and deleted successfully.
      C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

      (end)

    7. #7
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: posible virus

      Hola :


      Paso 1.- Descarga a tu escritorio las siguientes herramientas:





      Paso 2.- Ejecutar CCleaner usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Paso 3.-
      • Antes de ejecutar ComboFix....

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
      • Si te pide actualizar, Aceptas.
      • Cuando termine, generará un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

      Luego de reiniciar nos pegas el reporte de C:\ComboFix.txt en tu próximo mensaje.


      Saludos.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de rusty s
      Registrado
      feb 2013
      Ubicación
      canada
      Mensajes
      14

      Re: posible virus

      Listo eh aqui el reporte:


      ------


      ComboFix 13-02-20.01 - win 02/21/2013 0:26.1.2 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2866 [GMT -8:00]
      Running from: c:\users\win\Desktop\ComboFix.exe
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
      FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\temp25.log
      c:\users\win\AppData\Local\uninst.log
      c:\users\win\AppData\Roaming\Alkoab
      c:\users\win\AppData\Roaming\Alkoab\ylisk.kyf
      c:\users\win\AppData\Roaming\Doacir
      c:\users\win\AppData\Roaming\Doacir\efzot.qoa
      c:\users\win\AppData\Roaming\Ehfe
      c:\users\win\AppData\Roaming\Ehfe\relup.aca
      c:\users\win\AppData\Roaming\Emxydo
      c:\users\win\AppData\Roaming\Emxydo\zofy.oqs
      c:\users\win\AppData\Roaming\Exzyiz
      c:\users\win\AppData\Roaming\Exzyiz\virud.rih
      c:\users\win\AppData\Roaming\Fuzo
      c:\users\win\AppData\Roaming\Fuzo\uhmu.upl
      c:\users\win\AppData\Roaming\Naofof
      c:\users\win\AppData\Roaming\Naofof\fyvo.siu
      c:\users\win\AppData\Roaming\Neha
      c:\users\win\AppData\Roaming\Neha\uwdu.idw
      c:\users\win\AppData\Roaming\Ofilak
      c:\users\win\AppData\Roaming\Ofilak\oxcia.myo
      c:\users\win\AppData\Roaming\Omob
      c:\users\win\AppData\Roaming\Omob\atro.ysm
      c:\users\win\AppData\Roaming\Owgeem
      c:\users\win\AppData\Roaming\Owgeem\epixn.acl
      c:\users\win\AppData\Roaming\Rumub
      c:\users\win\AppData\Roaming\Rumub\woqab.iwt
      c:\users\win\AppData\Roaming\Suaqo
      c:\users\win\AppData\Roaming\Suaqo\nupyx.gii
      c:\users\win\AppData\Roaming\Tuqe
      c:\users\win\AppData\Roaming\Tuqe\seur.ytu
      c:\users\win\AppData\Roaming\Umezog
      c:\users\win\AppData\Roaming\Umezog\owry.evu
      c:\users\win\AppData\Roaming\uninst.log
      c:\users\win\AppData\Roaming\Viwy
      c:\users\win\AppData\Roaming\Viwy\ufmo.ade
      c:\users\win\AppData\Roaming\Ypuqn
      c:\users\win\AppData\Roaming\Ypuqn\hyve.obe
      c:\windows\SysWow64\DEBUG.log
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
      .
      .
      2013-02-21 08:34 . 2013-02-21 08:34 -------- d-----w- c:\users\Default\AppData\Local\temp
      2013-02-20 04:46 . 2013-02-21 03:32 -------- d-----w- c:\programdata\boost_interprocess
      2013-02-20 04:35 . 2013-02-20 04:35 -------- d-----w- c:\users\win\AppData\Roaming\NVIDIA
      2013-02-20 02:05 . 2013-02-20 02:07 -------- d-----w- c:\users\Guest
      2013-02-18 22:49 . 2013-02-18 22:49 -------- d-----w- c:\users\win\AppData\Roaming\Malwarebytes
      2013-02-18 22:49 . 2013-02-18 22:49 -------- d-----w- c:\programdata\Malwarebytes
      2013-02-18 22:49 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-02-18 22:49 . 2013-02-18 22:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2013-02-18 22:48 . 2013-02-18 22:48 -------- d-----w- c:\users\win\AppData\Local\Programs
      2013-02-18 21:08 . 2012-11-07 17:00 58360 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
      2013-02-17 07:43 . 2013-02-18 20:39 6080 ----a-w- c:\programdata\NanoRepository.bin
      2013-02-16 22:18 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2013-02-16 22:18 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2013-02-16 22:18 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
      2013-02-16 22:18 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2013-02-16 22:18 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2013-02-16 22:18 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2013-02-16 22:18 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
      2013-02-16 22:17 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
      2013-02-16 22:17 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
      2013-02-16 22:16 . 2013-02-16 22:16 -------- d-----w- c:\programdata\AVAST Software
      2013-02-16 22:16 . 2013-02-16 22:16 -------- d-----w- c:\program files\AVAST Software
      2013-02-16 21:39 . 2013-02-19 22:06 -------- d-----w- c:\users\win\AppData\Roaming\Ovep
      2013-02-16 00:47 . 2013-02-16 00:47 -------- d-----w- c:\users\win\AppData\Local\panda4_0dn
      2013-02-16 00:47 . 2013-02-16 00:47 -------- d-----w- c:\programdata\Panda Security URL Filtering
      2013-02-16 00:47 . 2013-02-16 00:47 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
      2013-02-16 00:46 . 2013-02-16 00:46 -------- d-----w- c:\users\win\AppData\Roaming\Panda Security
      2013-02-16 00:44 . 2013-02-16 00:47 -------- d-----w- c:\program files (x86)\pandasecuritytb
      2013-02-16 00:43 . 2013-02-16 00:43 -------- d-----w- c:\programdata\Panda Security
      2013-02-16 00:43 . 2013-02-16 00:43 -------- d-----w- c:\program files (x86)\Panda Security
      2013-02-15 18:12 . 2013-02-15 18:12 -------- d-----w- C:\found.002
      2013-02-15 17:00 . 2013-02-17 00:13 -------- d-----w- c:\users\win\AppData\Roaming\Ocdor
      2013-02-09 19:50 . 2013-02-09 19:50 16365936 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
      2013-02-05 11:17 . 2013-02-05 11:17 -------- d-----w- c:\program files (x86)\7-Zip
      2013-02-04 08:59 . 2013-02-04 08:59 -------- d-----w- C:\found.001
      2013-02-03 06:19 . 2013-02-03 06:19 -------- d-----w- C:\found.000
      2013-01-30 18:04 . 2013-01-30 18:04 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-02-09 19:50 . 2012-12-06 02:25 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-02-09 19:50 . 2011-10-25 16:48 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-01-31 20:33 . 2011-10-19 16:12 2826040 ----a-w- c:\windows\system32\nvapi64.dll
      2013-01-30 16:32 . 2011-10-19 16:12 6391584 ----a-w- c:\windows\system32\nvcpl.dll
      2013-01-30 16:32 . 2011-10-19 16:12 3460384 ----a-w- c:\windows\system32\nvsvc64.dll
      2013-01-30 16:32 . 2011-10-19 16:12 884512 ----a-w- c:\windows\system32\nvvsvc.exe
      2013-01-30 16:32 . 2011-10-19 16:12 63776 ----a-w- c:\windows\system32\nvshext.dll
      2013-01-30 16:32 . 2011-10-19 16:12 56096 ----a-w- c:\windows\system32\nv3dappshextr.dll
      2013-01-30 16:32 . 2011-10-19 16:12 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
      2013-01-30 16:32 . 2011-10-19 16:12 118560 ----a-w- c:\windows\system32\nvmctray.dll
      2013-01-30 16:32 . 2011-10-19 16:12 1000224 ----a-w- c:\windows\system32\nv3dappshext.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1843584 ----a-w- c:\windows\system32\Wintab32.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1974144 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1981312 ----a-w- c:\windows\system32\Pen_Tablet.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1840000 ----a-w- c:\windows\system32\WacomMT.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1621888 ----a-w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1509760 ----a-w- c:\windows\SysWow64\Wintab32.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1505664 ----a-w- c:\windows\SysWow64\WacomMT.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1628544 ----a-w- c:\windows\SysWow64\Pen_Tablet.dll
      2012-12-04 00:36 . 2012-12-13 07:12 81824 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
      2012-12-04 00:36 . 2012-12-13 07:12 13728 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
      2012-10-15 13:02 87176 ----a-w- c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2012-10-15 87176]
      .
      [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Akamai NetSession Interface"="c:\users\win\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
      "Driver Detective"="c:\program files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2013-02-04 3547032]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-12-13 646744]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
      "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]
      "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-10-22 33320]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
      R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
      R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
      R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-25 1431888]
      R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-04 13728]
      R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
      R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
      R3 MRV6X64U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x64;c:\windows\system32\DRIVERS\MRVW24C.sys [2007-11-30 347144]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
      R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-04 81824]
      R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
      R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 15776]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736]
      R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-11-09 83496]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-11-09 127016]
      S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-11-09 136232]
      S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-11-09 154152]
      S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-11-09 134696]
      S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-11-09 139304]
      S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-11-09 397864]
      S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-11-09 150568]
      S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-11-09 135208]
      S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-11-09 291368]
      S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-11-09 148520]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-11-10 204328]
      S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
      S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-13 166400]
      S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-13 128512]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-11-12 140064]
      S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-07-17 132056]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-11-10 167976]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-11-10 119848]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-11-10 123944]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-11-10 133160]
      S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-11-15 36640]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-30 383264]
      S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
      S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2012-11-07 58360]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 19:50]
      .
      2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000Core.job
      - c:\users\win\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-04 21:21]
      .
      2013-02-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000UA.job
      - c:\users\win\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-04 21:21]
      .
      2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000Core.job
      - c:\users\win\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 14:55]
      .
      2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000UA.job
      - c:\users\win\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 14:55]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 2041192]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://westernunion.com
      mStart Page = hxxp://www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = <local>;*.local
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
      FF - ProfilePath - c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\
      FF - prefs.js: browser.startup.homepage - hxxp://westernunion.com
      FF - ExtSQL: 2013-01-20 17:49; {a3a5c777-f583-4fef-9380-ad83b81bc4b7}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{a3a5c777-f583-4fef-9380-ad83b81bc4b7}.xpi
      FF - ExtSQL: 2013-02-13 23:27; {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
      FF - ExtSQL: 2013-02-13 23:27; [email protected]; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\[email protected]
      FF - ExtSQL: 2013-02-15 16:44; {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
      FF - ExtSQL: 2013-02-16 14:21; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
      FF - ExtSQL: 2013-02-18 23:06; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKCU-Run-AdobeBridge - (no file)
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-1497939310-3903897186-3725360457-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="WindowsLiveMail.Email.1"
      .
      [HKEY_USERS\S-1-5-21-1497939310-3903897186-3725360457-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="WindowsLiveMail.VCard.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2013-02-21 00:37:28
      ComboFix-quarantined-files.txt 2013-02-21 08:37
      .
      Pre-Run: 31,361,155,072 bytes free
      Post-Run: 31,746,584,576 bytes free
      .
      - - End Of File - - BD3A88F79431AB64C91ED8612B04BCFD

    9. #9
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: posible virus

      Hola:


      Tienes dos antivirus instalados.

      Desinstala Panda Cloud o Avast con >>> Herramientas de desinstalación de Antivirus, AntiSpyware y Firewall.

      Reinicias.

      Vuelve a ejecutar Combofix como te indique anteriormente y nos traes ese nuevo reporte.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de rusty s
      Registrado
      feb 2013
      Ubicación
      canada
      Mensajes
      14

      Re: posible virus

      hola!
      aqui esta el nuevo reporte:


      ----

      ComboFix 13-02-21.02 - win 02/21/2013 17:01:31.2.2 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2706 [GMT -8:00]
      Running from: c:\users\win\Desktop\ComboFix.exe
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
      .
      .
      2013-02-22 01:32 . 2013-02-22 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
      2013-02-22 00:52 . 2013-02-22 00:59 -------- d-----w- C:\SMCLpav
      2013-02-20 04:46 . 2013-02-21 03:32 -------- d-----w- c:\programdata\boost_interprocess
      2013-02-20 04:35 . 2013-02-20 04:35 -------- d-----w- c:\users\win\AppData\Roaming\NVIDIA
      2013-02-20 02:05 . 2013-02-20 02:07 -------- d-----w- c:\users\Guest
      2013-02-18 22:49 . 2013-02-18 22:49 -------- d-----w- c:\users\win\AppData\Roaming\Malwarebytes
      2013-02-18 22:49 . 2013-02-18 22:49 -------- d-----w- c:\programdata\Malwarebytes
      2013-02-18 22:49 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-02-18 22:49 . 2013-02-18 22:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2013-02-18 22:48 . 2013-02-18 22:48 -------- d-----w- c:\users\win\AppData\Local\Programs
      2013-02-17 07:43 . 2013-02-18 20:39 6080 ----a-w- c:\programdata\NanoRepository.bin
      2013-02-16 22:18 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2013-02-16 22:18 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2013-02-16 22:18 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
      2013-02-16 22:18 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2013-02-16 22:18 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2013-02-16 22:18 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2013-02-16 22:18 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
      2013-02-16 22:17 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
      2013-02-16 22:17 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
      2013-02-16 22:16 . 2013-02-16 22:16 -------- d-----w- c:\programdata\AVAST Software
      2013-02-16 22:16 . 2013-02-16 22:16 -------- d-----w- c:\program files\AVAST Software
      2013-02-16 21:39 . 2013-02-19 22:06 -------- d-----w- c:\users\win\AppData\Roaming\Ovep
      2013-02-16 00:47 . 2013-02-16 00:47 -------- d-----w- c:\users\win\AppData\Local\panda4_0dn
      2013-02-16 00:47 . 2013-02-16 00:47 -------- d-----w- c:\programdata\Panda Security URL Filtering
      2013-02-16 00:47 . 2013-02-16 00:47 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
      2013-02-16 00:46 . 2013-02-22 00:54 -------- d-----w- c:\users\win\AppData\Roaming\Panda Security
      2013-02-16 00:44 . 2013-02-16 00:47 -------- d-----w- c:\program files (x86)\pandasecuritytb
      2013-02-16 00:43 . 2013-02-22 00:53 -------- d-----w- c:\programdata\Panda Security
      2013-02-16 00:43 . 2013-02-22 00:53 -------- d-----w- c:\program files (x86)\Panda Security
      2013-02-15 18:12 . 2013-02-15 18:12 -------- d-----w- C:\found.002
      2013-02-15 17:00 . 2013-02-17 00:13 -------- d-----w- c:\users\win\AppData\Roaming\Ocdor
      2013-02-09 19:50 . 2013-02-09 19:50 16365936 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
      2013-02-05 11:17 . 2013-02-05 11:17 -------- d-----w- c:\program files (x86)\7-Zip
      2013-02-04 08:59 . 2013-02-04 08:59 -------- d-----w- C:\found.001
      2013-02-03 06:19 . 2013-02-03 06:19 -------- d-----w- C:\found.000
      2013-01-30 18:04 . 2013-01-30 18:04 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-02-09 19:50 . 2012-12-06 02:25 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2013-02-09 19:50 . 2011-10-25 16:48 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-01-31 20:33 . 2011-10-19 16:12 2826040 ----a-w- c:\windows\system32\nvapi64.dll
      2013-01-30 16:32 . 2011-10-19 16:12 6391584 ----a-w- c:\windows\system32\nvcpl.dll
      2013-01-30 16:32 . 2011-10-19 16:12 3460384 ----a-w- c:\windows\system32\nvsvc64.dll
      2013-01-30 16:32 . 2011-10-19 16:12 884512 ----a-w- c:\windows\system32\nvvsvc.exe
      2013-01-30 16:32 . 2011-10-19 16:12 63776 ----a-w- c:\windows\system32\nvshext.dll
      2013-01-30 16:32 . 2011-10-19 16:12 56096 ----a-w- c:\windows\system32\nv3dappshextr.dll
      2013-01-30 16:32 . 2011-10-19 16:12 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
      2013-01-30 16:32 . 2011-10-19 16:12 118560 ----a-w- c:\windows\system32\nvmctray.dll
      2013-01-30 16:32 . 2011-10-19 16:12 1000224 ----a-w- c:\windows\system32\nv3dappshext.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1843584 ----a-w- c:\windows\system32\Wintab32.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1974144 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1981312 ----a-w- c:\windows\system32\Pen_Tablet.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1840000 ----a-w- c:\windows\system32\WacomMT.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1621888 ----a-w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1509760 ----a-w- c:\windows\SysWow64\Wintab32.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1505664 ----a-w- c:\windows\SysWow64\WacomMT.dll
      2012-12-11 21:07 . 2011-11-23 21:32 1628544 ----a-w- c:\windows\SysWow64\Pen_Tablet.dll
      2012-12-04 00:36 . 2012-12-13 07:12 81824 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
      2012-12-04 00:36 . 2012-12-13 07:12 13728 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
      2012-10-15 13:02 87176 ----a-w- c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2012-10-15 87176]
      .
      [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Akamai NetSession Interface"="c:\users\win\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
      "Driver Detective"="c:\program files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe" [2013-02-04 3547032]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-12-13 646744]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
      "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
      R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
      R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
      R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-25 1431888]
      R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-04 13728]
      R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
      R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
      R3 MRV6X64U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x64;c:\windows\system32\DRIVERS\MRVW24C.sys [2007-11-30 347144]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
      R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-04 81824]
      R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
      R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 15776]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
      S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-13 166400]
      S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-13 128512]
      S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-07-17 132056]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-30 383264]
      S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - NNSNAHSL
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 19:50]
      .
      2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000Core.job
      - c:\users\win\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-04 21:21]
      .
      2013-02-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000UA.job
      - c:\users\win\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-04 21:21]
      .
      2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000Core.job
      - c:\users\win\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 14:55]
      .
      2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1497939310-3903897186-3725360457-1000UA.job
      - c:\users\win\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16 14:55]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 2041192]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://westernunion.com
      mStart Page = hxxp://www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = <local>;*.local
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
      FF - ProfilePath - c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\
      FF - prefs.js: browser.startup.homepage - hxxp://westernunion.com
      FF - ExtSQL: 2013-01-20 17:49; {a3a5c777-f583-4fef-9380-ad83b81bc4b7}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{a3a5c777-f583-4fef-9380-ad83b81bc4b7}.xpi
      FF - ExtSQL: 2013-02-13 23:27; {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
      FF - ExtSQL: 2013-02-13 23:27; [email protected]; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\[email protected]
      FF - ExtSQL: 2013-02-15 16:44; {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
      FF - ExtSQL: 2013-02-16 14:21; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
      FF - ExtSQL: 2013-02-18 23:06; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\users\win\AppData\Roaming\Mozilla\Firefox\Profiles\aps6lwm5.default-1358595843701\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-1497939310-3903897186-3725360457-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="WindowsLiveMail.Email.1"
      .
      [HKEY_USERS\S-1-5-21-1497939310-3903897186-3725360457-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="WindowsLiveMail.VCard.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2013-02-21 17:35:57
      ComboFix-quarantined-files.txt 2013-02-22 01:35
      ComboFix2.txt 2013-02-21 08:37
      .
      Pre-Run: 31,978,983,424 bytes free
      Post-Run: 31,454,134,272 bytes free
      .
      - - End Of File - - 904B37E72C2726F2108474F819D32214



      ((( parece que va jalando mejor mi computadora pero no estoy muy seguro, gracias de nuevo y espero tu respuesta)))

    Página 1 de 3 123 ÚltimoÚltimo