• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    www.22apple, pagina sospechosa

    HOLA ayer baje un programa para hacer una particion de memoria 2sd para mi celular ese programa se llama "mini tool partition wizard home edition" tambien se instalo algo que decia 22 apple , que ...

    1. #1
      clo
      clo está offline
      Usuario Avatar de clo
      Registrado
      feb 2013
      Ubicación
      argentina
      Mensajes
      2

      Malware www.22apple, pagina sospechosa

      HOLA ayer baje un programa para hacer una particion de memoria 2sd para mi celular ese programa se llama "mini tool partition wizard home edition" tambien se instalo algo que decia 22 apple , que luego desinstale, o crei haberlo hecho, cuando hoy quise entrar al navegador chrome automaticamente se cargaba esta pagina EDITADO enlace a código malicioso. , intente eliminarla desde la configuracion del buscador para cambiar la pagina de inicio pero nada pasa. Poca idea tengo sobre estas cosas por eso pido ayuda no se como hacer desaparecer esa pag. muchas gracias.

    2. #2
      Ex-Colaborador Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      23.694

      Re: www.22apple, pagina sospechosa

      Hola clo bienvenid@ al foro de InfoSpyware


      Realizá lo siguiente:

      Descargar OTL en el escritorio.
      • Haga doble clic sobre el icono para ejecutarla.
        • Asegúrese de que todas las ventanas estén cerradas y que no se interrumpa la ejecución.
      • Marque la opción Analizar todos
      • Haga clic en el botón Analizar.
      • No modifique alguna otra configuración a menos que se le indique.
      • Sea paciente, el escaneo se puede llevar un tiempo.
        • Cuando finalice la exploración, se abrirán dos ventanas con el block de notas: OTL.Txt y Extras.Txt, estos se guardan en el escritorio.
        • Copie (Editar-> Seleccionar todo, Editar-> Copiar) el contenido del archivo OTL.txt y péguelo en la siguiente respuesta.
      • Cierre la herramienta al terminar el proceso.


      Salu2!!.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      clo
      clo está offline
      Usuario Avatar de clo
      Registrado
      feb 2013
      Ubicación
      argentina
      Mensajes
      2

      Re: www.22apple, pagina sospechosa

      Cita Originalmente publicado por Damianl_77 Ver Mensaje
      Hola clo bienvenid@ al foro de InfoSpyware


      Realizá lo siguiente:

      Descargar OTL en el escritorio.
      • Haga doble clic sobre el icono para ejecutarla.
        • Asegúrese de que todas las ventanas estén cerradas y que no se interrumpa la ejecución.
      • Marque la opción Analizar todos
      • Haga clic en el botón Analizar.
      • No modifique alguna otra configuración a menos que se le indique.
      • Sea paciente, el escaneo se puede llevar un tiempo.
        • Cuando finalice la exploración, se abrirán dos ventanas con el block de notas: OTL.Txt y Extras.Txt, estos se guardan en el escritorio.
        • Copie (Editar-> Seleccionar todo, Editar-> Copiar) el contenido del archivo OTL.txt y péguelo en la siguiente respuesta.
      • Cierre la herramienta al terminar el proceso.


      Salu2!!.
      hola gracias por responder aca esta el resultado del analisis

      OTL logfile created on: 19/02/2013 21:19:10 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\michanu\Downloads
      Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      1,91 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 71,89% Memory free
      3,82 Gb Paging File | 2,87 Gb Available in Paging File | 75,11% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
      Drive C: | 180,00 Gb Total Space | 140,87 Gb Free Space | 78,26% Space Free | Partition Type: NTFS
      Drive D: | 267,76 Gb Total Space | 223,71 Gb Free Space | 83,55% Space Free | Partition Type: NTFS

      Computer Name: PC90 | User Name: michanu | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2013/02/19 21:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\michanu\Downloads\OTL.exe
      PRC - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
      PRC - [2012/10/30 19:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
      PRC - [2012/10/30 19:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      PRC - [2012/09/24 21:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
      PRC - [2011/10/18 07:49:40 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe
      PRC - [2011/10/18 07:49:28 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe
      PRC - [2011/09/27 19:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Easy Settings\EasySpeedUpManager.exe
      PRC - [2011/09/15 05:54:40 | 000,948,736 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
      PRC - [2011/09/06 04:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Settings\SmartSetting.exe
      PRC - [2011/09/06 04:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Settings\dmhkcore.exe
      PRC - [2011/08/19 00:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Settings\MovieColorEnhancer.exe
      PRC - [2011/08/17 04:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
      PRC - [2011/07/29 19:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Support Center\SSCKbdHk.exe
      PRC - [2011/06/24 05:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
      PRC - [2011/06/03 08:51:40 | 000,102,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
      PRC - [2011/05/05 09:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      PRC - [2011/05/05 09:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2010/11/20 18:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


      ========== Modules (No Company Name) ==========

      MOD - [2012/10/30 15:37:26 | 000,348,032 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madExcept_.bpl
      MOD - [2012/10/30 15:37:24 | 000,050,048 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madDisAsm_.bpl
      MOD - [2012/10/30 15:37:22 | 000,182,656 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madBasic_.bpl
      MOD - [2012/09/19 17:19:14 | 000,142,208 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
      MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files\Samsung\Easy Settings\WinCRT.dll
      MOD - [2010/05/07 11:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
      MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
      MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Settings\HookDllPS2.dll


      ========== Services (SafeList) ==========

      SRV - [2013/02/14 09:54:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
      SRV - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
      SRV - [2012/10/30 19:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
      SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2011/10/18 07:49:40 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
      SRV - [2011/10/18 07:49:36 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
      SRV - [2011/10/18 07:49:28 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
      SRV - [2011/09/15 05:54:40 | 000,948,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
      SRV - [2011/06/03 08:51:40 | 000,102,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
      SRV - [2011/05/05 09:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
      SRV - [2011/05/05 09:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
      SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


      ========== Driver Services (SafeList) ==========

      DRV - [2012/10/30 19:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
      DRV - [2012/10/30 19:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
      DRV - [2012/10/30 19:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
      DRV - [2012/10/30 19:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
      DRV - [2012/10/30 19:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
      DRV - [2012/10/15 12:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
      DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
      DRV - [2012/08/23 11:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
      DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV - [2012/07/16 04:02:56 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
      DRV - [2012/01/18 15:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
      DRV - [2012/01/18 15:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
      DRV - [2011/12/09 19:45:00 | 000,047,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
      DRV - [2011/11/15 01:04:00 | 000,263,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
      DRV - [2011/09/17 14:25:46 | 007,515,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
      DRV - [2011/09/15 05:48:14 | 000,243,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
      DRV - [2011/09/15 05:48:14 | 000,243,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
      DRV - [2011/08/29 12:24:40 | 000,043,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmaux.sys -- (btmaux)
      DRV - [2011/08/17 04:19:40 | 000,027,760 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
      DRV - [2011/05/18 21:16:58 | 000,042,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
      DRV - [2011/04/29 05:18:42 | 000,249,504 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
      DRV - [2011/04/12 09:29:40 | 000,006,144 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SGDrv.sys -- (SGDrv)
      DRV - [2011/01/25 01:40:04 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
      DRV - [2010/10/20 13:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
      DRV - [2010/10/14 14:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST500LM012XHN-M500MBB_S2RSJ9EC414579&reg=1361228422
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST500LM012XHN-M500MBB_S2RSJ9EC414579&reg=1361228422
      IE - HKLM\..\URLSearchHook: - No CLSID value found
      IE - HKLM\..\SearchScopes,DefaultScope =
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox


      IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

      IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST500LM012XHN-M500MBB_S2RSJ9EC414579&reg=1361228422
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\URLSearchHook: - No CLSID value found
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\SearchScopes\{D8C29A76-A5BA-4D7B-BAAC-DE13D66AEFF9}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AddLyrics\FF\

      [2012/11/20 17:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

      ========== Chrome ==========

      CHR - homepage: http://www.google.com.ar/
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: http://www.google.com.ar/
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
      CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - Extension: Google Drive = C:\Users\michanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
      CHR - Extension: YouTube = C:\Users\michanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\michanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: 22Apple = C:\Users\michanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1_0\
      CHR - Extension: Gmail = C:\Users\michanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKLM..\Run: [[email protected]] C:\Program Files\AddLyrics\YTLUpdater.exe File not found
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKU\S-1-5-21-2631661625-2129701381-82928118-1000..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25777B66-B2BC-46E6-95E4-94671DE88DE9}: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - AppInit_DLLs: (c:\progra~2\browse~2\25986~1.67\{c16c1~1\browse~1.dll) - File not found
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2013/02/19 16:56:39 | 000,000,000 | ---D | C] -- C:\Users\michanu\AppData\Roaming\TeamViewer
      [2013/02/19 16:01:42 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\mi cumple
      [2013/02/19 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\año nuevo
      [2013/02/19 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\michanu\AppData\Local\{FF2B7AAA-7E7F-4E41-A17B-D573A5B1EBBB}
      [2013/02/18 22:21:32 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\musica
      [2013/02/18 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\michanu\Application Data
      [2013/02/18 20:47:05 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\cumple 18
      [2013/02/18 20:46:57 | 000,000,000 | -HSD | C] -- C:\Users\michanu\Desktop\Cumple Ori
      [2013/02/18 20:46:30 | 000,000,000 | -HSD | C] -- C:\Users\michanu\Desktop\Buena Vista Social Club
      [2013/02/18 20:45:54 | 000,000,000 | -HSD | C] -- C:\Users\michanu\Desktop\bluetooth
      [2013/02/18 20:45:28 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\cel ( d todo un poco)
      [2013/02/18 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\sd
      [2013/02/18 20:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\337
      [2013/02/18 20:01:16 | 000,773,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr100.dll
      [2013/02/18 20:01:16 | 000,420,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcp100.dll
      [2013/02/18 20:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Desk 365
      [2013/02/18 20:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.1
      [2013/02/18 20:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.1
      [2013/02/18 19:58:53 | 011,090,176 | ---- | C] (MiniTool Solution Ltd. ) -- C:\Users\michanu\Desktop\pwhe7.exe
      [2013/02/15 01:56:32 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\PROGRAMAS IMPORTANTES
      [2013/02/14 10:36:56 | 000,000,000 | ---D | C] -- C:\Users\michanu\AppData\Local\{C5E89459-D78F-4E51-88F9-436F728FB927}
      [2013/02/13 09:32:18 | 000,022,912 | ---- | C] (IObit) -- C:\windows\System32\RegistryDefragBootTime.exe
      [2013/02/13 09:05:04 | 000,000,000 | ---D | C] -- C:\Users\michanu\Desktop\las grutas
      [2013/01/25 15:14:17 | 000,000,000 | ---D | C] -- C:\Users\michanu\AppData\Local\{0D1CE7A3-1FA2-4C6B-9E21-15785E5A92D8}
      [2013/01/22 16:03:40 | 000,000,000 | ---D | C] -- C:\windows\Minidump
      [2013/01/22 16:00:40 | 000,000,000 | ---D | C] -- C:\Users\michanu\AppData\Local\{2F947B64-1DF6-44BD-B985-0FC517B9B85D}
      [2013/01/22 15:21:52 | 000,000,000 | ---D | C] -- C:\Users\michanu\AppData\Local\{76E72CA7-CE13-4BE1-B477-A0F8AA741E8E}
      [2012/11/20 17:30:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\michanu\AppData\Roaming\pcouffin.sys
      [1 C:\Users\michanu\Documents\*.tmp files -> C:\Users\michanu\Documents\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2013/02/19 21:23:00 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
      [2013/02/19 21:16:41 | 000,001,066 | ---- | M] () -- C:\Users\michanu\Desktop\OTL - Acceso directo.lnk
      [2013/02/19 21:01:52 | 000,000,838 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
      [2013/02/19 17:29:26 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/02/19 17:29:26 | 000,016,160 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/02/19 17:22:13 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
      [2013/02/19 17:21:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
      [2013/02/19 17:21:53 | 2050,539,520 | -HS- | M] () -- C:\hiberfil.sys
      [2013/02/19 17:17:54 | 000,000,097 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
      [2013/02/18 20:47:25 | 000,698,718 | ---- | M] () -- C:\windows\System32\perfh00A.dat
      [2013/02/18 20:47:25 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
      [2013/02/18 20:47:25 | 000,136,874 | ---- | M] () -- C:\windows\System32\perfc00A.dat
      [2013/02/18 20:47:25 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
      [2013/02/18 20:06:41 | 000,000,963 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
      [2013/02/18 20:01:12 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr100.dll
      [2013/02/18 20:01:12 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp100.dll
      [2013/02/18 20:00:21 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
      [2013/02/18 20:00:16 | 000,002,426 | ---- | M] () -- C:\Users\michanu\Desktop\Google Chrome.lnk
      [2013/02/18 20:00:09 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
      [2013/02/18 19:59:27 | 011,090,176 | ---- | M] (MiniTool Solution Ltd. ) -- C:\Users\michanu\Desktop\pwhe7.exe
      [2013/02/14 09:54:48 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
      [2013/02/14 09:54:48 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
      [2013/02/14 09:41:53 | 000,005,120 | ---- | M] () -- C:\Users\michanu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2013/02/14 09:28:21 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
      [1 C:\Users\michanu\Documents\*.tmp files -> C:\Users\michanu\Documents\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2013/02/19 21:16:41 | 000,001,066 | ---- | C] () -- C:\Users\michanu\Desktop\OTL - Acceso directo.lnk
      [2013/02/19 17:17:34 | 000,000,097 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
      [2013/02/18 20:02:46 | 000,000,963 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
      [2013/02/18 20:00:40 | 000,922,184 | ---- | C] () -- C:\windows\System32\pwNative.exe
      [2013/02/18 20:00:39 | 000,016,472 | ---- | C] () -- C:\windows\System32\pwdrvio.sys
      [2013/02/18 20:00:21 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
      [2013/02/18 20:00:14 | 000,011,104 | ---- | C] () -- C:\windows\System32\pwdspio.sys
      [2013/02/18 20:00:09 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
      [2013/02/14 09:41:38 | 000,005,120 | ---- | C] () -- C:\Users\michanu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2013/02/14 09:28:21 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
      [2012/12/16 10:59:23 | 000,007,605 | ---- | C] () -- C:\Users\michanu\AppData\Local\Resmon.ResmonCfg
      [2012/11/20 17:34:57 | 000,001,057 | ---- | C] () -- C:\Users\michanu\AppData\Roaming\vso_ts_preview.xml
      [2012/11/20 17:30:40 | 000,087,608 | ---- | C] () -- C:\Users\michanu\AppData\Roaming\inst.exe
      [2012/11/20 17:30:40 | 000,007,887 | ---- | C] () -- C:\Users\michanu\AppData\Roaming\pcouffin.cat
      [2012/11/20 17:30:39 | 000,001,144 | ---- | C] () -- C:\Users\michanu\AppData\Roaming\pcouffin.inf
      [2012/11/20 10:42:42 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
      [2012/11/20 10:34:35 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
      [2012/11/19 17:11:08 | 000,178,688 | ---- | C] () -- C:\windows\System32\unrar.dll
      [2012/01/11 18:44:21 | 000,698,718 | ---- | C] () -- C:\windows\System32\perfh00A.dat
      [2012/01/11 18:44:21 | 000,341,432 | ---- | C] () -- C:\windows\System32\perfi00A.dat
      [2012/01/11 18:44:21 | 000,136,874 | ---- | C] () -- C:\windows\System32\perfc00A.dat
      [2012/01/11 18:44:21 | 000,041,390 | ---- | C] () -- C:\windows\System32\perfd00A.dat
      [2012/01/11 03:49:46 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
      [2012/01/11 03:02:33 | 000,001,310 | ---- | C] () -- C:\windows\HotFixList.ini
      [2012/01/11 02:09:04 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
      [2012/01/11 02:07:39 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
      [2011/07/21 03:03:26 | 000,960,940 | ---- | C] () -- C:\windows\System32\igkrng600.bin
      [2011/07/21 03:03:25 | 000,207,376 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
      [2011/07/21 03:03:25 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
      [2011/07/21 03:03:24 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
      [2011/07/21 03:03:23 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
      [2011/07/21 03:03:23 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      < End of report >

    4. #4
      Ex-Colaborador Avatar de Damianl_77
      Registrado
      ene 2008
      Ubicación
      Argentina
      Mensajes
      23.694

      Re: www.22apple, pagina sospechosa

      Ejecutá OTL.exe


      Copiá y Pegá el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación



      Código:
      :OTL
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST500LM012XHN-M500MBB_S2RSJ9EC414579&reg=1361228422
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST500LM012XHN-M500MBB_S2RSJ9EC414579&reg=1361228422
      IE - HKLM\..\URLSearchHook: - No CLSID value found
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22apple.com/?utm_source=b&ch=sof&uid=ST500LM012XHN-M500MBB_S2RSJ9EC414579&reg=1361228422
      IE - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\URLSearchHook: - No CLSID value found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2631661625-2129701381-82928118-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKLM..\Run: [[email protected]] C:\Program Files\AddLyrics\YTLUpdater.exe File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O20 - AppInit_DLLs: (c:\progra~2\browse~2\25986~1.67\{c16c1~1\browse~1.dll) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      [1 C:\Users\michanu\Documents\*.tmp files -> C:\Users\michanu\Documents\*.tmp -> ]
      
      :commands
      [emptyflash]
      [emptytemp]
      [emptyjava]
      [Reboot]


      Presioná el Botón Reparar para lanzar la eliminación. Presionas OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.


      Guardas el nuevo reporte generado. Lo copias y pegas en Tu próxima respuesta y nos comentas como sigue la PC ahora.

      El reporte lo encontras en:
      C:\ _ OTL\MovedFiles\xxx_xxx.txt

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.