No puedo abrir algunas paginas. Aquí mi log

Estado
Cerrado para nuevas respuestas.

hugo0101

Nuevo Miembro
Miembro
Código:
Logfile of Trend Micro HijackThis v2.0.2
[SPOILER][CODE]
Scan saved at 02:22:burla:m , on 15/08/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\zHotkey.exe

C:\Windows\ModPS2Key.exe

C:\Program Files\IOI\ButtonMonitor.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Windows\ehome\ehmsas.exe

D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE

C:\Windows\system32\p2phost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe

O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [E09EXLRD_1815203] "D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE" -m

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldes-mx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10222 bytes[/CODE][/SPOILER]
 

Caito

Ex- Mod
Miembro
Realiza los siguientes pasos y nos pasas los resultados:

Actualiza tu sistema Aqui (Si no te deja actualizar pasa al siguiente paso)

Borra todas las cookies y el registro con CCleaner

Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.

Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.

Pásale el Malwarebytes AntiMalware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas) [Si tienes algúna duda aquí tienes un Manual de Malwarebytes AntiMalware]

Ademas, haz un Scan on line:

https://trucoswindows.net/los-mejores-antivirus-online/

Debes usar el Internet Explorer y aceptar los active x

Le pones que elimine lo que te detecte.

Nos copias ese reporte, el del Malwarebytes Antimalware y un nuevo log del hijackthis.

Saludos

Caito
 

hugo0101

Nuevo Miembro
Miembro
Antes que nada, muchas gracias por tu atención . He hecho todos los pasos que me pusiste pero no pude lograr el Escaneo Online (no me daba la opción para instalar el ActiveX, esa de la barrita amarilla), solo eso, todo lo demás si lo hize. Aquí los logs:
Código:
**** MALWAREBYTES:

Malwarebytes' Anti-Malware 1.40

Versión de la Base de Datos: 2636

Windows 6.0.6002 Service Pack 2

16/08/2009 09:19:41 pm

mbam-log-2009-08-16 (21-19-41).txt

Tipo de examen : Examen Completo (C:\|D:\|E:\|)

Objetos examinados: 601231

Tiempo transcurrido: 1 hour(s), 40 minute(s), 47 second(s)

Procesos en Memoria Infectados: 0

Módulos en Memoria Infectados: 0

Claves del Registro Infectadas: 0

Valores del Registro Infectados: 0

Elementos de Datos del Registro Infectados: 0

Carpetas Infectadas: 0

Ficheros Infectados: 0

Procesos en Memoria Infectados:

(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:

(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:

(No se han detectado elementos maliciosos)

Valores del Registro Infectados:

(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:

(No se han detectado elementos maliciosos)

Carpetas Infectadas:

(No se han detectado elementos maliciosos)

Ficheros Infectados:

(No se han detectado elementos maliciosos)

***** Y aquí está el del HIJACKTHIS:

[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:burla:m, on 16/08/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\zHotkey.exe

C:\Windows\ModPS2Key.exe

C:\Program Files\IOI\ButtonMonitor.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Windows\explorer.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe

O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [E09EXLRD_1815203] "D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE" -m

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldes-mx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10377 bytes[/CODE][/SPOILER]
 

Caito

Ex- Mod
Miembro
Baja este programa:

Dr.Web CureIt https://trucoswindows.net/descargas/dr-web-cureit/

Manual:https://trucoswindows.net/forowindows/temas/dr-web-cureit.70815/

Doble click en drweb-cureit.exe

Clic en Star para que comience el scaneo

Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido

Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…

Cuando ese scan termine haz clic en Options > Change settings

Elige la solapa Scan y destildas "Heuristic analysis".

Ahora vuelve a la ventana principal y eliges los discos a scanear:

elige “All Drives”,un punto rojo te indica cuales elegiste

Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo

Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos

Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable

Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.

Ahora en el Menu principal clic en File y elige save report list

Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)

Cierra el programa.

Pon ese reporte y un nuevo log

saludos

caito
 

hugo0101

Nuevo Miembro
Miembro
Ya hice el analisis del Dr.Web, pero no lo completó se tardo muchicimo , casi 10 horas y se trabó ;) , aquí te dejo la imagen:

thump_3068580analisis-1.jpg

Parece que no tengo ningún archivo infectado, que podrá ser?
 

Caito

Ex- Mod
Miembro
Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP)

Combofix.exe

Desactiva temporalmente el Antivirus y/o Antispyware.

Cierra todas las ventanas abiertas.

*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.

*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

-Ejecuta ComboFix.exe para iniciar el programa.

-Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza.

-Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine".

- A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient".

-Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt".

-Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC.

-Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá

- Además pon un nuevo log del hijack

Saludos

Caito
 

hugo0101

Nuevo Miembro
Miembro
Ok, ya puse a funcionar el ComboFix y aquí están los reportes:

*****COMBO FIX
Código:
ComboFix 09-08-19.0A - hugo_tarugo 20/08/2009  9:11.1.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.34.3082.18.3061.1898 [GMT -5:00]

Running from: c:\users\hugo_tarugo\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}

.

 ADS - Windows: deleted 48 bytes in 1 streams. 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\windows\Installer\37634e1.msi

.

(((((((((((((((((((((((((   Files Created from 2009-07-20 to 2009-08-20  )))))))))))))))))))))))))))))))

.

2009-08-20 14:16 . 2009-08-20 14:17    --------    d-----w-    c:\users\hugo_tarugo\AppData\Local\temp

2009-08-20 14:16 . 2009-08-20 14:16    --------    d-----w-    c:\users\IUSR_NMPR\AppData\Local\temp

2009-08-20 14:16 . 2009-08-20 14:16    --------    d-----w-    c:\users\Default\AppData\Local\temp

2009-08-17 00:17 . 2009-08-17 00:17    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\Malwarebytes

2009-08-17 00:17 . 2009-08-03 18:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-17 00:17 . 2009-08-17 00:17    --------    d-----w-    c:\programdata\Malwarebytes

2009-08-17 00:17 . 2009-08-03 18:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys

2009-08-15 19:10 . 2009-08-15 19:10    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\PeerNetworking

2009-08-13 06:20 . 2009-08-13 06:20    --------    d-----w-    c:\users\hugo_tarugo\AppData\Local\Mozilla

2009-08-13 02:42 . 2009-06-10 11:42    160256    ----a-w-    c:\windows\system32\wkssvc.dll

2009-08-13 02:42 . 2009-07-17 13:54    71680    ----a-w-    c:\windows\system32\atl.dll

2009-08-13 02:42 . 2009-06-15 14:54    175104    ----a-w-    c:\windows\system32\wdigest.dll

2009-08-13 02:42 . 2009-06-15 14:53    218624    ----a-w-    c:\windows\system32\msv1_0.dll

2009-08-13 02:42 . 2009-06-15 14:52    499712    ----a-w-    c:\windows\system32\kerberos.dll

2009-08-13 02:41 . 2009-06-15 14:53    270848    ----a-w-    c:\windows\system32\schannel.dll

2009-08-13 02:41 . 2009-06-15 23:15    439864    ----a-w-    c:\windows\system32\drivers\ksecdd.sys

2009-08-13 02:41 . 2009-06-15 14:52    1259008    ----a-w-    c:\windows\system32\lsasrv.dll

2009-08-13 02:41 . 2009-06-15 14:53    72704    ----a-w-    c:\windows\system32\secur32.dll

2009-08-13 02:41 . 2009-06-15 12:48    9728    ----a-w-    c:\windows\system32\lsass.exe

2009-08-13 02:41 . 2009-06-04 12:07    2066432    ----a-w-    c:\windows\system32\mstscax.dll

2009-08-13 02:41 . 2009-06-10 11:38    91136    ----a-w-    c:\windows\system32\avifil32.dll

2009-08-13 02:41 . 2009-07-15 12:39    313344    ----a-w-    c:\windows\system32\wmpdxm.dll

2009-08-13 02:41 . 2009-07-15 12:39    4096    ----a-w-    c:\windows\system32\dxmasf.dll

2009-08-13 02:41 . 2009-07-15 12:40    8147456    ----a-w-    c:\windows\system32\wmploc.DLL

2009-08-13 02:41 . 2009-07-15 12:39    7680    ----a-w-    c:\windows\system32\spwmp.dll

2009-08-02 23:44 . 2009-08-02 23:44    --------    d-----w-    c:\users\hugo_tarugo\AppData\Local\ArmA 2

2009-07-31 22:05 . 2009-07-31 22:05    --------    d-----w-    C:\tempo

2009-07-31 22:05 . 2009-07-31 22:05    91648    ----a-w-    c:\users\hugo_tarugo\AppData\Local\stunnel.exe

2009-07-31 22:05 . 2009-07-31 22:05    802    ----a-w-    c:\users\hugo_tarugo\AppData\Local\crt.vbs

2009-07-31 22:05 . 2009-07-31 22:05    74240    ----a-w-    c:\users\hugo_tarugo\AppData\Local\zlib1.dll

2009-07-31 22:05 . 2009-07-31 22:05    65024    ----a-w-    c:\users\hugo_tarugo\AppData\Local\GoalServer2009.exe

2009-07-31 22:05 . 2009-07-31 22:05    638    ----a-w-    c:\users\hugo_tarugo\AppData\Local\unstallcer.vbs

2009-07-31 22:05 . 2009-07-31 22:05    495    ----a-w-    c:\users\hugo_tarugo\AppData\Local\check.vbs

2009-07-31 22:05 . 2009-07-31 22:05    41984    ----a-w-    c:\users\hugo_tarugo\AppData\Local\GoalWebServer2009.exe

2009-07-31 22:05 . 2009-07-31 22:05    306052    ----a-w-    c:\users\hugo_tarugo\AppData\Local\libssl32.dll

2009-07-31 22:05 . 2009-07-31 22:05    1420256    ----a-w-    c:\users\hugo_tarugo\AppData\Local\libeay32.dll

2009-07-31 22:05 . 2009-07-31 22:05    1011784    ----a-w-    c:\users\hugo_tarugo\AppData\Local\HamachiSetup-1.0.3.0-en.exe

2009-07-28 18:50 . 2009-07-28 18:50    --------    d-----w-    c:\programdata\ATI

2009-07-28 18:43 . 2009-07-28 18:43    10134    ----a-r-    c:\users\hugo_tarugo\AppData\Roaming\Microsoft\Installer\{272A5191-3D5E-A9C5-8FFE-3CCBF744A274}\ARPPRODUCTICON.exe

2009-07-22 02:41 . 2009-07-22 02:41    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\LucasArts

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 12:18 . 2006-11-02 15:46    707994    ----a-w-    c:\windows\system32\perfh00A.dat

2009-08-20 12:18 . 2006-11-02 15:46    150408    ----a-w-    c:\windows\system32\perfc00A.dat

2009-08-17 18:52 . 2009-01-14 08:46    2828    --sha-w-    c:\programdata\KGyGaAvL.sys

2009-08-17 18:52 . 2009-01-14 08:46    2828    --sha-w-    c:\programdata\KGyGaAvL.sys

2009-08-16 23:05 . 2009-02-27 01:51    --------    d-----w-    c:\programdata\Sonic

2009-08-13 02:46 . 2009-01-13 19:38    --------    d-----w-    c:\programdata\Microsoft Help

2009-08-13 02:45 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail

2009-08-11 03:22 . 2009-01-10 06:02    145280    ----a-w-    c:\users\hugo_tarugo\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-02 00:14 . 2009-01-10 08:17    --------    d--h--w-    c:\program files\InstallShield Installation Information

2009-07-31 10:58 . 2009-01-10 23:32    --------    d-----w-    c:\program files\Microsoft Silverlight

2009-07-29 02:46 . 2009-05-27 23:11    --------    d-----w-    c:\program files\ATI

2009-07-28 18:46 . 2009-05-27 23:10    --------    d-----w-    c:\program files\ATI Technologies

2009-07-23 06:11 . 2009-03-24 05:29    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\Bioshock

2009-07-21 21:52 . 2009-07-29 02:39    915456    ----a-w-    c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 02:39    109056    ----a-w-    c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 02:39    71680    ----a-w-    c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 02:39    133632    ----a-w-    c:\windows\system32\ieUnatt.exe

2009-07-18 06:48 . 2009-05-05 21:12    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\Download Manager

2009-07-14 22:17 . 2009-07-14 22:17    15308440    ----a-w-    c:\windows\system32\xlive.dll

2009-07-14 22:17 . 2009-07-14 22:17    13642888    ----a-w-    c:\windows\system32\xlivefnt.dll

2009-07-14 18:59 . 2009-07-14 18:59    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\Kingston

2009-07-02 17:50 . 2009-07-02 17:50    4994048    ----a-w-    c:\windows\system32\drivers\atikmdag.sys

2009-07-02 17:16 . 2009-07-02 17:16    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll

2009-07-02 17:16 . 2009-07-02 17:16    348160    ----a-w-    c:\windows\system32\atieclxx.exe

2009-07-02 17:15 . 2009-07-02 17:15    176128    ----a-w-    c:\windows\system32\atiesrxx.exe

2009-07-02 17:14 . 2009-03-16 20:26    159744    ----a-w-    c:\windows\system32\atitmmxx.dll

2009-07-02 17:14 . 2009-03-16 20:25    356352    ----a-w-    c:\windows\system32\atipdlxx.dll

2009-07-02 17:14 . 2009-07-02 17:14    274432    ----a-w-    c:\windows\system32\Oemdspif.dll

2009-07-02 17:14 . 2009-07-02 17:14    11776    ----a-w-    c:\windows\system32\atimuixx.dll

2009-07-02 17:13 . 2009-07-02 17:13    43520    ----a-w-    c:\windows\system32\ati2edxx.dll

2009-07-02 17:10 . 2009-07-02 17:10    2469888    ----a-w-    c:\windows\system32\atidxx32.dll

2009-07-02 16:59 . 2009-03-16 20:11    3105280    ----a-w-    c:\windows\system32\atiumdag.dll

2009-07-02 16:51 . 2009-07-02 16:51    11650560    ----a-w-    c:\windows\system32\atioglxx.dll

2009-07-02 16:44 . 2009-07-02 16:44    2868224    ----a-w-    c:\windows\system32\atiumdva.dll

2009-07-02 16:32 . 2009-07-02 16:32    51712    ----a-w-    c:\windows\system32\atimpc32.dll

2009-07-02 16:32 . 2009-07-02 16:32    51712    ----a-w-    c:\windows\system32\amdpcom32.dll

2009-07-02 16:32 . 2009-07-02 16:32    184320    ----a-w-    c:\windows\system32\atiadlxx.dll

2009-07-02 16:28 . 2009-07-02 16:28    53248    ----a-w-    c:\windows\system32\aticalrt.dll

2009-07-02 16:28 . 2009-07-02 16:28    53248    ----a-w-    c:\windows\system32\aticalcl.dll

2009-07-02 16:27 . 2009-07-02 16:27    3264512    ----a-w-    c:\windows\system32\aticaldd.dll

2009-07-02 16:18 . 2009-07-02 16:18    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll

2009-06-30 23:21 . 2009-06-30 23:21    --------    d-----w-    c:\program files\Microsoft IntelliPoint

2009-06-27 22:18 . 2009-01-14 22:58    --------    d-----w-    c:\programdata\Media Center Programs

2009-06-22 07:42 . 2009-06-22 07:41    --------    d-----w-    c:\users\hugo_tarugo\AppData\Roaming\Folding@home-x86

2009-06-22 07:42 . 2009-06-22 07:42    2338816    ----a-w-    c:\users\hugo_tarugo\AppData\Roaming\Folding@home-x86\FahCore_78.exe

2009-06-22 07:41 . 2009-06-22 07:41    98477    ----a-r-    c:\users\hugo_tarugo\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe

2009-06-22 07:41 . 2009-06-22 07:41    98477    ----a-r-    c:\users\hugo_tarugo\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe

2009-06-22 07:41 . 2009-06-22 07:41    10134    ----a-r-    c:\users\hugo_tarugo\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe

2009-06-22 07:41 . 2009-06-22 07:41    --------    d-----w-    c:\program files\Folding@home

2009-06-22 07:34 . 2009-01-10 06:02    2708    ----a-w-    c:\users\hugo_tarugo\AppData\Local\d3d9caps.dat

2009-06-22 00:00 . 2009-06-22 00:00    --------    d-----w-    c:\program files\Microsoft Student

2009-06-21 23:59 . 2009-06-21 23:59    --------    d-----w-    c:\program files\Learning Essentials

2009-06-18 19:29 . 2009-06-18 19:29    197654    ----a-w-    c:\windows\system32\atiicdxx.dat

2009-06-15 14:53 . 2009-07-14 22:08    156672    ----a-w-    c:\windows\system32\t2embed.dll

2009-06-15 14:52 . 2009-07-14 22:08    23552    ----a-w-    c:\windows\system32\lpk.dll

2009-06-15 14:52 . 2009-07-14 22:08    72704    ----a-w-    c:\windows\system32\fontsub.dll

2009-06-15 14:51 . 2009-07-14 22:08    10240    ----a-w-    c:\windows\system32\dciman32.dll

2009-06-15 12:42 . 2009-07-14 22:08    289792    ----a-w-    c:\windows\system32\atmfd.dll

2009-06-12 22:54 . 2009-06-12 22:55    69632    ----a-w-    c:\users\hugo_tarugo\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe

2009-06-04 11:24 . 2009-06-04 11:24    97808    ----a-w-    c:\windows\system32\drivers\AtiHdmi.sys

2009-05-28 22:42 . 2009-05-28 22:42    30088    ----a-w-    c:\windows\system32\drivers\point32k.sys

2009-05-26 19:22 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\inf\drvindex.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]

"E09EXLRD_1815203"="d:\program files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE" [2008-06-06 351000]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-19 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-19 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-19 138008]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]

"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-12-19 1429504]

"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-04-06 215512]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296]

"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]

"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-03-01 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):36,56,88,db,38,de,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3119BCF7-3167-4C75-B68E-AC40F4F428A3}"= UDP:burla:rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{122B1A09-AA77-417D-9572-936C78FB63EA}"= TCP:burla:rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{76F456F8-9D84-42E3-95C4-C1AE48F521C3}"= UDP:burla:rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{7B8ABE0B-2D2A-4D1F-ADB8-869C91DF9326}"= TCP:burla:rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{4B2A9372-E325-445C-9B63-7BC823E6A796}"= UDP:burla:rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv(tm) Media Server

"{DD017503-0E49-4D47-A05B-69D33950348C}"= TCP:burla:rofile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv(tm) Media Server

"{DF8D31C8-EA26-444C-97C8-6856A4AB257C}"= TCP:burla:rofile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv(tm) Media Server Discovery

"{714E6FC8-2C75-49F5-AC44-198B4E536471}"= TCP:burla:rofile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv(tm) Media Server UPnP Discovery

"{B2A41362-0481-4A2C-BFAD-CC79419931EA}"= UDP:5353:Adobe CSI CS4

"{79C94F1F-E4A2-4813-9F3B-A9F70124DA47}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{AB4E4176-29C7-49C9-B8C0-BC9D536FAE71}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{498E4324-B586-48C7-9F6C-99A3E7B375E7}"= UDP:3703:Adobe Version Cue CS4 Server

"{197A5DAF-B7C3-41BD-9EBD-65150B9D3DDF}"= UDP:3704:Adobe Version Cue CS4 Server

"{5482E798-9E6B-4D30-87ED-96FD91494842}"= UDP:51000:Adobe Version Cue CS4 Server

"{E4C1C229-1753-49E7-B723-FD7D65AA078F}"= UDP:51001:Adobe Version Cue CS4 Server

"{405C3E3C-4111-4B39-B72E-9097DB24F3FA}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{D76A0F10-8EFF-46C9-8C10-3398C9D7476A}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{7D88C4E9-3955-45A2-9C3F-0126B9693CD1}"= UDP:d:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{F4160898-7303-4FA4-B60C-B46A237860A0}"= TCP:d:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{2BFF7CA9-55E7-4036-B643-C65BF3FAEEE4}"= UDP:d:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{39716D19-8197-45C0-9509-9517E20C0BA7}"= TCP:d:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{FE7FE6F5-05E8-4FE6-9573-1BA2D70F389E}"= UDP:c:\windows\System32\PnkBstrA.exe:burla:nkBstrA

"{9B8F714A-0D2F-4287-9FC8-8BF072FBC685}"= TCP:c:\windows\System32\PnkBstrA.exe:burla:nkBstrA

"{76964A23-D606-4841-8FF0-FE8C448C0375}"= UDP:c:\windows\System32\PnkBstrB.exe:burla:nkBstrB

"{72EFFC55-7EF6-4DFA-A6D3-4F7293C23322}"= TCP:c:\windows\System32\PnkBstrB.exe:burla:nkBstrB

"{AFBE701F-F595-4ACC-90CE-88D04305BEA0}"= UDP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{E8C61A37-82AC-4E3B-8877-DBABB5FC94DF}"= TCP:d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{BC41A12F-8AED-4CAF-9664-2F1B3BDA5978}"= UDP:d:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{250176C8-75FB-4C5E-B4FB-E228BF65EBA2}"= TCP:d:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{3A2075EC-4F24-4740-A665-FA4AD22C7C1C}"= UDP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

"{375EE9F3-C415-4B5E-971D-A4613DABE64A}"= TCP:d:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

"{24679BA7-FAEE-4D8A-B142-70E66103B6DF}"= UDP:d:\program files\LimeWire\LimeWire.exe:LimeWire

"{F9159881-E7A3-4A7F-B8AB-63F186F46FB5}"= TCP:d:\program files\LimeWire\LimeWire.exe:LimeWire

"{F9689680-DF35-49E1-9976-5CC8D3EBA62C}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War(tm)

"{065C0313-133C-483C-A3C9-2B55869834F4}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War(tm)

"{92481038-E01E-438A-AFA8-319CDB6AB64A}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War(tm)

"{1DB95688-37CB-42DD-BD0D-D5CE735FB02E}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War(tm)

"{B235A392-58E1-431A-96F1-03CACCE5FA23}"= UDP:d:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:burla:rince of Persia Dx

"{315A4210-7516-448B-83B5-3139B3C10339}"= TCP:d:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:burla:rince of Persia Dx

"{0E4B06E1-A5ED-47E9-8EA9-DA8C6D4F9D6E}"= UDP:d:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:burla:rince of Persia Update

"{6B28056F-2FB6-4612-B7F4-CEF873328185}"= TCP:d:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:burla:rince of Persia Update

"TCP Query User{A30F6B97-B737-4AE6-897A-5D796A8BEE1E}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(tm) Platform SE binary

"UDP Query User{F979A57F-8DD9-43D5-B32F-9BA964472CCD}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(tm) Platform SE binary

"TCP Query User{E298D67B-9803-4828-8992-22F279F9B71C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(tm) Platform SE binary

"UDP Query User{17A81E81-2977-41DE-8D39-6C6EC04C87E1}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(tm) Platform SE binary

"TCP Query User{885C63A0-A3C1-437A-B43C-6616766FA8B8}d:\\program files\\konami\\pro evolution soccer 2009\\pesmagazinelauncher2009\\goalwebserver2009.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\pesmagazinelauncher2009\goalwebserver2009.exe:GoalWebServer2009

"UDP Query User{969FAB18-EFC9-4631-99B2-476DD7C6A41F}d:\\program files\\konami\\pro evolution soccer 2009\\pesmagazinelauncher2009\\goalwebserver2009.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\pesmagazinelauncher2009\goalwebserver2009.exe:GoalWebServer2009

"TCP Query User{4CB25C0F-6769-4669-943B-5BF6C583EB43}d:\\program files\\konami\\pro evolution soccer 2009\\pesmagazinelauncher2009\\goalserver2009.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\pesmagazinelauncher2009\goalserver2009.exe:GoalServer2009

"UDP Query User{29648760-42EC-4041-B1E9-87D4127D1F1A}d:\\program files\\konami\\pro evolution soccer 2009\\pesmagazinelauncher2009\\goalserver2009.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\pesmagazinelauncher2009\goalserver2009.exe:GoalServer2009

"TCP Query User{5E310832-9118-4C76-BB5C-D5CD61BF4255}d:\\program files\\konami\\pro evolution soccer 2009\\pesmagazinelauncher2009\\stunnel\\stunnel.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\pesmagazinelauncher2009\stunnel\stunnel.exe:stunnel

"UDP Query User{14917090-5F99-4788-B9B2-AE3A6F471FDC}d:\\program files\\konami\\pro evolution soccer 2009\\pesmagazinelauncher2009\\stunnel\\stunnel.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\pesmagazinelauncher2009\stunnel\stunnel.exe:stunnel

"TCP Query User{E138A13F-FF55-4177-B503-45EFEC77B908}d:\\program files\\konami\\pro evolution soccer 2009\\goalwebserver2009.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\goalwebserver2009.exe:GoalWebServer2009

"UDP Query User{0F77C5AF-0A99-4848-B02C-FDD02DE953AB}d:\\program files\\konami\\pro evolution soccer 2009\\goalwebserver2009.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\goalwebserver2009.exe:GoalWebServer2009

"TCP Query User{AD29BF05-BA86-43B7-A3AF-2F6D4A6DC2B0}d:\\program files\\konami\\pro evolution soccer 2009\\goalserver2009.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\goalserver2009.exe:GoalServer2009

"UDP Query User{653B9064-1E36-4017-8B85-F68196635995}d:\\program files\\konami\\pro evolution soccer 2009\\goalserver2009.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\goalserver2009.exe:GoalServer2009

"TCP Query User{5CBDDA5E-1E1F-4297-85C2-4E14BECD8F1F}d:\\program files\\konami\\pro evolution soccer 2009\\stunnel\\stunnel.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\stunnel\stunnel.exe:stunnel

"UDP Query User{E077D443-0881-4CFF-8D63-105EB72A6043}d:\\program files\\konami\\pro evolution soccer 2009\\stunnel\\stunnel.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\stunnel\stunnel.exe:stunnel

"TCP Query User{863EF6A4-54FD-43D6-B28A-E373EF2D2A94}d:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:d:\program files\konami\pro evolution soccer 2009\pes2009.exe:burla:ro Evolution Soccer 2009

"UDP Query User{F03F468B-C133-487D-B05A-2C0F42AD77CD}d:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:d:\program files\konami\pro evolution soccer 2009\pes2009.exe:burla:ro Evolution Soccer 2009

"{0D071A27-336F-4442-B8E7-ED4D834A5008}"= UDP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{5B54D4E7-F4D0-431A-9AEB-B01E47F77E69}"= TCP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{A29932F7-22B2-413F-97B5-0DECBC71FE62}"= UDP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{8E0EA537-2C1E-42B9-AB19-EC743F619FF0}"= TCP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{ECE6C701-EA7B-485F-9692-3AD32D4DCBA8}"= UDP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{0B3BB5E3-495B-4970-BED2-5E4EF95EFD11}"= TCP:d:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{31198CA6-E7E2-4B1B-BB10-E9FC15B49049}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{52C9871E-9548-420F-A986-36B7A7E69023}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{2C510EFE-C31C-48EF-990A-371F3C5D7A5B}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2

"{FCA1F854-F411-4A78-B2AD-1FE1AFB200E3}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2

"{4AC5729B-1A87-4DB5-9653-406A7F883B4A}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater

"{A686201B-95B7-4363-9D88-5041EA638A47}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater

"{1274979B-964A-4E81-AB84-764ABB714DD3}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

"{44906BAE-47FC-420E-9202-90C42F6612ED}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor

"{4D9C6DC9-8E3E-4216-A280-F27E5523987D}"= UDP:d:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server

"{F732ADD9-55A9-4135-95B1-DD57AE00D8AB}"= TCP:d:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server

"{1B8F8322-28B9-4798-85FB-94550DEA6FA2}"= UDP:d:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server

"{678E1AEF-1146-4BD7-B4A6-10124F95587E}"= TCP:d:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server

"{E13A01C3-E34F-4653-87AB-86DA6E6E220C}"= UDP:d:\program files\Activision\Prototype\prototypef.exe:burla:rototype(tm)

"{A1C090D6-11BE-4D96-B384-BF4F732B3C22}"= TCP:d:\program files\Activision\Prototype\prototypef.exe:burla:rototype(tm)

"{41B72529-DAC5-4C75-A75E-9BE8F561E883}"= UDP:d:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV

"{88807A56-6151-486F-AC4A-50B578EA7FEA}"= TCP:d:\program files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:STREET FIGHTER IV

"{765F0A3A-F531-4AB5-994C-9B604E42718F}"= UDP:d:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare(tm)

"{5E1C75ED-3B04-4DA9-8CAD-5606AB06798E}"= TCP:d:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare(tm)

R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [11/08/2008 12:03 pm 254320]

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [18/08/2008 02:27 pm 34312]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [02/07/2009 12:15 pm 176128]

R2 DQLWinService:)QLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12/02/2007 11:46 am 208896]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18/08/2008 02:25 pm 468224]

R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [12/06/2009 05:50 pm 233472]

R2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [06/04/2007 03:07 pm 313816]

R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18/02/2007 09:34 pm 5376]

R2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [06/04/2007 03:10 pm 272856]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 04:28 pm 1533808]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [04/06/2009 06:24 am 97808]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [12/06/2009 05:50 pm 36608]

R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [10/01/2009 03:49 am 5504]

R3 VL807;VL807 Filter;c:\windows\System32\drivers\VL807.sys [11/01/2009 04:38 pm 22016]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [02/11/2006 03:32 am 9216]

S2 Roxio Upnp Server 11;Roxio Upnp Server 11;d:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 01:25 am 367088]

S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 01:24 am 309744]

S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 01:24 am 170480]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06:46 am 284016]

S3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [06/04/2007 03:08 pm 39896]

S3 HSXHWBS3;HSXHWBS3;c:\windows\System32\drivers\HSXHWBS3.sys [26/03/2007 03:37 pm 206336]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 03:22 pm 34064]

S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;d:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 01:25 am 313840]

S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [14/08/2008 01:23 am 1124848]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [12/06/2009 05:53 pm 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [12/06/2009 05:53 pm 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [12/06/2009 05:53 pm 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-NPSStartup - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.mx/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Anexar a PDF existente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Anexar destino de vínculo a PDF existente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convertir a Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir destino de vínculo a Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: E&xportar a Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\hugo_tarugo\AppData\Roaming\Mozilla\Firefox\Profiles\1fcoadq9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx/

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll

FF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-20 09:17

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

c:\users\HUGO_T~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-382499807-2746131925-2108480020-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"?"=hex:e2,f5,ec,a3,cb,a3,f6,94,05,17,9f,54,a1,d3,4e,bc,6a,96,5b,e2,9d,e7,d9,

   0b,1a,37,ba,db,8d,35,aa,7b,d2,3f,f6,c0,9c,c3,d6,d3,bf,3b,8e,db,f0,d9,86,49,\

"?"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-382499807-2746131925-2108480020-1000\Software\SecuROM\License information*]

"datasecu"=hex:4b,d5,2c,2d,b5,a0,02,9c,94,d2,82,05,1a,c2,5c,57,14,25,87,23,2e,

   b5,fb,10,93,4b,78,69,25,3b,cb,35,24,a6,ae,b9,7b,f2,ed,98,d0,71,59,cd,90,c4,\

"rkeysecu"=hex:c9,13,05,ec,72,dd,97,ac,0d,b6,48,1d,73,a7,56,93

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(640)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2009-08-20  9:18

ComboFix-quarantined-files.txt  2009-08-20 14:18

Pre-Run: 278,584,057,856 bytes libres

Post-Run: 278,577,471,488 bytes libres

386    --- E O F ---    2009-08-18 04:33

******* HIJACKTHIS
Código:
[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:10:burla:m, on 20/08/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\zHotkey.exe

C:\Windows\ModPS2Key.exe

C:\Program Files\IOI\ButtonMonitor.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe

O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [E09EXLRD_1815203] "D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE" -m

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldes-mx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9755 bytes[/CODE][/SPOILER]

Nota. Sigo sin abrir la pagina de la AUNAM,
 
Última edición por un moderador:

Caito

Ex- Mod
Miembro
Ejecuta el Hijack:

ve a "Open the misc. tools section"

busca "open host file manager"

busca "open in notepad"

me pones eso en tu próximo post

Saludos

Caito
 

hugo0101

Nuevo Miembro
Miembro
Aquí está:

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

127.0.0.1 activate.adobe.com
 

Caito

Ex- Mod
Miembro
Reponer Host: baja HostsXpert

HostsXpert

Creá una carpeta : C:\HostsXpert

Descomprime el programa acá: C:\HostsXpert

Haz clic en HostsXpert.exe para que se inicie el programa

Click "Make Hosts Writable?" si aparece esto arriba a la derecha

Click Restore Microsoft's Hosts file y OK. Click en X para cerrar el programa.

Reinicia y nos cuentas

saludos

caito
 

hugo0101

Nuevo Miembro
Miembro
Yeeeesss Ya he logrado abrir la página.

Muchas gracias amigo por tu tiempo. :coolioju:

Alguna conclusión?

te dejo un último log del hijackthis:

PD. De repente me salen los mensajes de: Iexplorer.exe ha dejado de funcionar, pero muy muy muy muuuy de vez en cuando (este problemita ya lo tenia desde hace tiempo, pero como te digo, es de vez en cuando, no había hecho tanto alarde); no se si con estos informes se pueda ver algo; de antemano gracias.
Código:
[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:am, on 21/08/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\zHotkey.exe

C:\Windows\ModPS2Key.exe

C:\Program Files\IOI\ButtonMonitor.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe

O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [E09EXLRD_1815203] "D:\Program Files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE" -m

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Barra de búsqueda de Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldes-mx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe

O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - D:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe

O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe

O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe

O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9948 bytes[/CODE][/SPOILER]
 
Última edición por un moderador:

Caito

Ex- Mod
Miembro
Desinstalar Combo Fix :

Ir a Inicio > Ejecutar Escribir lo siguiente: ComboFix /u

Luego de unos segundos verás: ComboFix is uninstalled

Nos alegra que lo hayas arreglado

Damos por solucionado este tema

Saludos Caito
 
Estado
Cerrado para nuevas respuestas.
Arriba Pie