ATAQUES MASIVOS A MI ORDENADOR.

Cerrado
Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 27 Ago 2015, 18:34

Bue día: desde hace unos días recibo ataques de los programas "AnyProtect", "Wajam", "mystartsearch uninstall", que filtran a mi ordenador y a pesar de que los desactivo de PROGRAMAS Y CARACTERÍSTICA, regresan una y otra vez, cada que desean.En varias ocasiones me cierran las páginas de Internet y me sacan cuadros donde ordenan limpieza del pc. Mi antivirus, anuncia las amenazas, aunque en el INFOSAT no detectó virus. He pasado el ELISTARA y luego por su orden he ejecutado el ELIPUPS, obediente como me lo ha sugerido ELISTARA.

Dejo el INFOSAT. Y no se si deba hacer algo más. Por ahora, gracias a ustedes, ha regresado la calma a mi ordenador.

Quedo pendiente de si debo ejecutar otro programa o algo más.

Mil gracias.



(27-8-2015 15:48:04 (GMT))

EliStartPage v32.83 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 31 de Julio del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.0) (64 bits)

Usuario: AlvaroNiño

ID de Usuario: S-1-5-21-148184579-837358405-130166647-1000

Cadenas Víricas: 24294



Lista de Acciones (por Acción Directa):

Eliminada Class (x86), "{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" -> C:\Program Files (x86)\SupTab\SupTab.dll

Eliminado Proveedor de Busqueda:

"{33BB0A4E-99AF-4226-BDF6-49120163DE86}" -> "mystartsearch" (http://www.mystartsearch.com/web/?type=ds&ts=1439575378&z=76ce19b9be79ec0ad6ac2c5g4z5c7t0w2mcw6o8b6g&from=cmi&uid=HitachiXHDS721010CLA630_JP2940N03PS0VV3PS0VVX&q={searchTerms})

Eliminado Proveedor de Busqueda:

"{460C3D19-B3D4-4964-A550-77D263B0CCCB}" -> "Google" (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_esCO572)

Eliminado Servicio, "IHProtect Service"

Eliminado Servicio, "WindowsMangerProtect"

Eliminada Carpeta "C:\ProgramData\WindowsMangerProtect"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(27-8-2015 16:05:23 (GMT))

EliStartPage v32.83 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 31 de Julio del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.0) (64 bits)

Usuario: AlvaroNiño

ID de Usuario: S-1-5-21-148184579-837358405-130166647-1000

Cadenas Víricas: 24294



Lista de Acciones (por Exploración):

Explorando "C:\"



Nº Total de Directorios: 26874

Nº Total de Ficheros: 132136

Nº de Ficheros Analizados: 41185

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0



(27-8-2015 16:09:47 (GMT))

EliStartPage v32.83 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 31 de Julio del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.0) (64 bits)

Usuario: AlvaroNiño

ID de Usuario: S-1-5-21-148184579-837358405-130166647-1000

Cadenas Víricas: 24294



Lista de Acciones (por Exploración):

Unidad "D:\" no Preparada



Nº Total de Directorios: 0

Nº Total de Ficheros: 0

Nº de Ficheros Analizados: 0

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0



(27-8-2015 16:10:38 (GMT))

EliStartPage v32.83 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 31 de Julio del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.0) (64 bits)

Usuario: AlvaroNiño

ID de Usuario: S-1-5-21-148184579-837358405-130166647-1000

Cadenas Víricas: 24294



Lista de Acciones (por Cierre):

Detectados Programas Potecialmente No Deseados (PUPs).

Ejecute el EliPUPs para proceder con su Desinstalación.

"AnyProtect"

"Wajam"

"mystartsearch uninstall"



(27-8-2015 16:11:02 (GMT))

EliStartPage v32.83 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 31 de Julio del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.0) (64 bits)

Usuario: AlvaroNiño

ID de Usuario: S-1-5-21-148184579-837358405-130166647-1000

Cadenas Víricas: 24294



Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(27-8-2015 16:11:24 (GMT))

EliStartPage v32.83 (c)2015 S.G.H. / Satinfo S.L. (Actualizado el 31 de Julio del 2015)

--------------------------------------------------

Sistema Operativo: Windows 7 Ultimate (6.1.0) (64 bits)

Usuario: AlvaroNiño

ID de Usuario: S-1-5-21-148184579-837358405-130166647-1000

Cadenas Víricas: 24294



Lista de Acciones (por Cierre):

Detectados Programas Potecialmente No Deseados (PUPs).

Ejecute el EliPUPs para proceder con su Desinstalación.

"AnyProtect"

"Wajam"

"mystartsearch uninstall"

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 27 Ago 2015, 19:20

Pues como te dice el ELISTARA, pasa el ELIPUPS y desinstala los PUP que detecte



Son aplicaciones potencialmente indeseables que pueden causarte anomalias.



Tras ello reinicia y ccomentanos el resultado.



Si persisten los intentos de intrusion, puede que hayan capturado la contraseña de tu correo y seria recomendabble que la cambiaras.



Si quieres, pasa el SPROCES y tras pulsar en SALIR te creara un informe en SPROCLOG.TXT, con un COPIAR Y PEGAR , posteanoslo en tu prximo post y lo analizaremos



saludos



ms, 27-8-2015

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 27 Ago 2015, 20:55

Gracias por su pronta respuesta.

Después de dejar la anterior publicación con el INFO, salí a almorzar y al regresar ahora y encender el pc, de nuevo me sale la odiosa página de inicio de my search. La elimino de configuración en el menú de Chrome y regresa sin piedad.

No se si tiene que ver que desde el lunes se metió un... no se si es navegador o programa llamado Crossbrowse, que abre el Internet apenas enciendo el pc.



Y atenta a sus recomendaciones, acá dejo el SPROGLOG. Continuo atenta a sus ordenes.

Mil y mil gracias:



(27-8-2015 18:46:58 GMT)

SProces v8.6 (c)2015 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Ultimate (v6.1) (64 bits)

Internet Explorer: (v9.11.9600.17801) 0

Equipo: CONSULTORIOWIN7

Usuario: AlvaroNiño

Sesión de Usuario: AlvaroNiño



72 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\AUDIODG.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

C:\WINDOWS\SYSTEM32\DWM.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\TASKENG.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AFWSERV.EXE

C:\WINDOWS\SYSTEM32\RTKNGUI64.EXE

C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\AMDUSB3DEVICEDETECTOR\NUSB3MON.EXE

C:\PROGRAM FILES (X86)\CROSSBROWSE\CROSSBROWSE\APPLICATION\CROSSBROWSE.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ARMSVC.EXE

C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE

C:\PROGRAM FILES (X86)\HP\STATUSALERTS\BIN\HPSTATUSALERTS.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\ACC\CREATIVE CLOUD.EXE

C:\WINDOWS\SYSTEM32\AERTSR64.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\OOBE\PDAPP\IPC\ADOBEIPCBROKER.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\HNSFEE94.TMP

C:\PROGRAM FILES (X86)\67E0F8C0-1439573389-11E1-AF26-4C72B99D1B2C\KNSD2ECE.TMP

C:\PROGRAM FILES (X86)\HP\HPBDSSERVICE\HPBDSSERVICE.EXE

C:\PROGRAM FILES (X86)\HP\HPLASERJETSERVICE\HPLASERJETSERVICE.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\KNSJBC46.TMP

C:\PROGRAM FILES (X86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\JNSVA0F0.TMP

C:\PROGRAM FILES (X86)\SFK\SSFK.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\HNST29A0.TMP

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SFKEX64.EXE

C:\WINDOWS\SYSTEM32\OSPPSVC.EXE

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

C:\WINDOWS\SYSTEM32\WMIPRVSE.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\ADS\ADOBE DESKTOP SERVICE.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\HEX\ADOBE CEF HELPER.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CORESYNC\CORESYNC.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CCLIBRARY\CCLIBRARY.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CCLIBRARY\LIBS\NODE.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\WINDOWS\SYSTEM32\UNSECAPP.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\RICONMAN.EXE

C:\WINDOWS\SYSTEM32\WMPNETWK.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE

C:\USERS\ALVARONIñO\DOWNLOADS\SPROCES\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe (HKLM x86)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO (x86): Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO (x86): Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll

O2 - BHO (x86): (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)

O2 - BHO (x86): avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO (x86): URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO (x86): Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1B6EC688E23AF3509440675E93A6CD38] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Wow6432Node\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Wow6432Node\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Wow6432Node\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

O4 - HKLM\..\Wow6432Node\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Wow6432Node\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O4 - Startup: crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\AlvaroNiño\AppData\LocalLow\SafeKey\context.html?cmd=fillforms

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (HKLM)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM)

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (HKLM x86)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM x86)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics (x86)

O16 - DPF (x86): {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_6_5_1_1.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O21 - SSODL (x86): WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O22 - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O22 - ShellExecuteHooks (x86): Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL



Información Adicional:

----------------------

Acceso Rapido ('AlvaroNiño'): Crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

Acceso Rapido ('AlvaroNiño'): Launch Internet Explorer Browser.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1440689991&z=611733df57540287a54ed52gdz9z6efq1b3t5beq5b&from=cmi&uid=HitachiXHDS721010CLA630_JP2940N03PS0VV3PS0VVX

Acceso Rapido ('AlvaroNiño'): Shows Desktop.lnk =

Acceso Rapido ('AlvaroNiño'): Window Switcher.lnk =

Ext.Google Chrome. ('AlvaroNiño') Id: gomekmidlodglbbmalcneegieacbdmki

Ext.Google Chrome. ('AlvaroNiño') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('AlvaroNiño') Id: nmmhkkegccagdldgiimedpiccmgmieda

DataBases Google Chrome. ('AlvaroNiño'): Databases.db

DataBases Google Chrome. ('AlvaroNiño'): Databases.db-journal

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-1.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-11.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-2.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-3.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-4.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-5.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-6.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-7.job

Tarea Programada: C:\WINDOWS\Tasks\3dfede99-9c4d-40eb-9b5c-cab353a417bb.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-1-6.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-1-7.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-10_user.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-3.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-5.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-7.job

Tarea Programada: C:\WINDOWS\Tasks\9905619b-e434-4c6b-8784-ae6288796c12.job

Tarea Programada: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP1.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP2.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP3.job

Tarea Programada: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job

Tarea Programada: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf9083bb762ad0.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf9083bccd8277.job

Tarea Programada: C:\WINDOWS\Tasks\PennyBee.job

Tarea Programada: C:\WINDOWS\Tasks\PXLRPT.job

Tarea Programada: C:\WINDOWS\Tasks\YRW.job



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

O23 - Service: avast! HardwareID (aswHwid) - AVAST Software - C:\WINDOWS\system32\drivers\aswHwid.sys

O23 - Service: aswMonFlt - AVAST Software - C:\WINDOWS\system32\drivers\aswMonFlt.sys

O23 - Service: aswStm - AVAST Software - C:\WINDOWS\system32\drivers\aswStm.sys

O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Field Data Storage (fimevebo) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\hnsfEE94.tmp

O23 - Service: Desktop Site (fomeduze) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1439573389-11E1-AF26-4C72B99D1B2C\knsd2ECE.tmp

O23 - Service: Google Update Servicio (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: Draft Soften (hysybysy) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\knsjBC46.tmp (file missing)

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Cool Barcode (jimocoso) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\jnsvA0F0.tmp

O23 - Service: VO Service component (servervo) - Unknown owner - C:\Users\AlvaroNiño\AppData\Roaming\VOPackage\VOsrv.exe (file missing)

O23 - Service: SSFK - TODO: (lø

) - C:\Program Files (x86)\SFK\SSFK.exe

O23 - Service: Delete Exit (totyseku) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\hnst29A0.tmp



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys

O23 - Service: AMD USB 3.0 Hub Driver (amdhub30) - Advanced Micro Devices, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\amdhub30.sys

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys

O23 - Service: AMD USB 3.0 Host Controller Driver (amdxhc) - Advanced Micro Devices, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\amdxhc.sys

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbda.sys

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys

O23 - Service: cpuz134 - Unknown owner - C:\Users\ALVARO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys (file missing)

O23 - Service: driverhardwarev2x64 - CybelSoft - C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbda.sys

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys

O23 - Service: Controladora RAID de Intel para Windows 7 (iaStorV) - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\x64\maconfservice.exe

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys

O23 - Service: Driver for Monitor (MonitorFunction) - TeamViewer GmbH - C:\WINDOWS\SYSTEM32\DRIVERS\TVMonitor.sys

O23 - Service: Ralink 802.11n Extensible Wireless Driver (netr28x) - Ralink Technology, Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\netr28x.sys

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys

O23 - Service: Smartphone BlackBerry (RimUsb) - Research In Motion Limited - C:\WINDOWS\SYSTEM32\Drivers\RimUsb_AMD64.sys

O23 - Service: Realtek PCIE CardReader Driver (RSPCIESTOR) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\RtsPStor.sys

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys

O23 - Service: AMD USB Filter Driver (usbfilter) - Advanced Micro Devices - C:\WINDOWS\SYSTEM32\DRIVERS\usbfilter.sys

O23 - Service: VGPU - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\rdvgkmd.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys



Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: Star Key Compact (guninoce) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\knsu67E1.tmp



74 Servicios.

19 de Carga Automatica.

54 de Carga Manual.

1 Deshabilitados.



Listado de Programas Instalados:

--------------------------------

WinRAR 5.21 (64-bit) -> C:\Program Files\WinRAR\uninstall.exe

HP Unified IO -> MsiExec.exe /I{30E20E5D-5E4E-4874-A35A-952DB3582C29}

Ma-Config.com (64 bits) -> MsiExec.exe /X{579A9C5C-80D0-47B3-BE42-CB420AD30CCB}

HP LaserJet Pro MFP M127-M128 Fax Driver -> MsiExec.exe /I{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}

Microsoft Silverlight -> MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}" "3082" "0"

Security Update for Microsoft Excel 2010 (KB2965240) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{29B119D7-3C51-4DE2-B84D-A2E0C68A3EC4}" "3082" "0"

Update for Microsoft Visio 2010 (KB2965292) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5206C5F8-E115-4D17-AF86-F9D241AD75FE}" "3082" "0"

Security Update for Microsoft PowerPoint 2010 (KB2999420) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{547A8337-0686-489C-BE39-9D7A8E2BA3FD}" "3082" "0"

Update for Microsoft Outlook 2010 (KB3015585) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5C130D63-6D40-4A80-919D-779CE0777449}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2965237) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{606AC9C9-5315-4138-BCC5-4CBCBBD27ED9}" "3082" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}" "3082" "0"

Update for Microsoft Visio Viewer 2010 (KB2881021) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{899F1A18-D860-4C63-B3C8-095B8E537D3D}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{A6A2614F-4E2F-4952-8DBF-57CA5241AEE3}" "3082" "0"

Update for Microsoft Access 2010 (KB2837601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{D926D412-C5D1-411E-9F85-7CCF049E502B}" "3082" "0"

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}" "3082" "0"

Update for Microsoft Filter Pack 2.0 (KB2881026) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E51DB3F4-A162-484C-A673-40E18202B10A}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Security Update for Microsoft PowerPoint 2010 (KB2920812) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0C0A-1000-0000000FF1CE}" "{D1414D5F-02BE-49B1-B951-52A2D6BDF624}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Update for Microsoft Outlook 2010 (KB2965295) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0C0A-1000-0000000FF1CE}" "{4CB1054C-E27A-4356-8F4F-5C72B983E885}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0C0A-1000-0000000FF1CE}" "{5DCD7B94-DCDE-47A9-9A00-1ABF454DBDA8}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0C0A-1000-0000000FF1CE}" "{5DCD7B94-DCDE-47A9-9A00-1ABF454DBDA8}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6A2614F-4E2F-4952-8DBF-57CA5241AEE3}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0C0A-1000-0000000FF1CE}" "{06CE23CF-EC68-4F23-89CB-2A22AC45B63A}" "3082" "0"

AMD Catalyst Install Manager -> msiexec /q/x{B1F48088-2632-92BF-799C-16A5141B74EC} REBOOT=ReallySuppress

HP LaserJet Pro MFP M127-M128 Fax -> MsiExec.exe /I{C5835004-643A-4EB6-A280-706F9F62F985}

AMD USB 3.0 Device Detector -> MsiExec.exe /I{CD2F75E2-076F-0BF5-C887-773D90E84639}

Adobe AIR -> C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe Creative Cloud -> "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"

Adobe Flash Player 14 ActiveX -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -maintain activex

aTube Catcher -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe

Avast Internet Security -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall

Adobe Download Assistant -> msiexec /qb /x {E68EADA6-63A4-F6D3-FE12-968B879F7AD6}

Crossbrowse -> "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" --uninstall --system-level

Google Chrome -> "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging

mystartsearch uninstall -> C:\Users\AlvaroNiño\AppData\Roaming\mystartsearch\UninstallManager.exe -ptid=cmi

Progeinsa -> C:\Windows\ST5UNST.EXE -n "c:\Program Files\Progeinsa\ST5UNST.LOG"

hppM125LaserJetService -> MsiExec.exe /I{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}

HP Product FWUpdater -> MsiExec.exe /I{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}

Java 8 Update 60 -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218060F0}

HPLJUTM127_128 -> MsiExec.exe /I{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}

HP Update -> MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

HP LJ M127128 Scan HP Scan -> MsiExec.exe /I{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}

HPLJUTCore -> MsiExec.exe /I{30DD7187-F392-4D83-8AED-D9A2DC64EF15}

Adobe AIR -> MsiExec.exe /I{31B9D218-FED2-4C6C-B19F-7294FFC130B0}

HP LaserJet Pro MFP M127-M128 -> C:\Program Files (x86)\HP\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Setup.exe /Uninstall

Google Update Helper -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

HP LaserJet Pro MFP M127-M128 HP Device Toolbox -> MsiExec.exe /I{612631AC-0D84-4116-9D8A-D2D63467B7BF}

hpStatusAlerts -> MsiExec.exe /I{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}

Adobe Photoshop CC 2015 -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{793C2BF7-A4FE-4608-91C9-9282C5801C21}"

Realtek Ethernet Controller Driver -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

hpStatusAlertsM127-M128 -> MsiExec.exe /I{92374A19-CD4A-498F-92CB-26473EF31FB3}

Adobe Refresh Manager -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824147215}

Adobe Reader XI (11.0.12) - Español -> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-AB0000000001}

HP Unified IO -> MsiExec.exe /I{B1CB7E99-4685-45CB-867E-2FB58EDA0A39}

Windows Movie Maker 2.6 -> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

HPLJProMFPM127M128 -> MsiExec.exe /X{B5409C23-DE0C-4B48-8C8A-50AE38694955}

Realtek PCIE Card Reader -> "C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly

Adobe Download Assistant -> MsiExec.exe /I{E68EADA6-63A4-F6D3-FE12-968B879F7AD6}

Realtek High Definition Audio Driver -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

HP LaserJet Pro MFP M127-M128 Fax -> MsiExec.exe /I{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 28 Ago 2015, 10:46

Pues en el informe que nos has enviado, se ven enlaces directos lanzando estas aplicaciones que no quieres:





Acceso Rapido ('AlvaroNiño'): Crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe



elimina dicho acceso directo que no has instalado voluntariamente, y elimina ademas estas dos claves:



O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1B6EC688E23AF3509440675E93A6CD38] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window



O4 - Startup: crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe





Para ello, lanza el SPROCES, pulsa SCAN, marca las dos claves indicadas y selecciona ELIMINAR





Tambien podrias hacerlo desde la carpeta INICIO, eliminando la carga de dicha aplicacion crossbrowse.exe, eliminando la entrada del crossbrowse.lnk, y desde AGREGAR o QUITAR PROGRAMAS, desinstalando el dichoso CROSSBROWSE





Crossbrowse -> "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" --uninstall --system-level







y especialmente en el enlace directo del Internet Explorer, tienes, detras de cargar el iexplore.exe, tienes este añadido que debes eliminar:



http://www.mystartsearch.com/?type=sc&t ... 0VV3PS0VVX





y en este otro acceso directo, mas de lo mismo:



Acceso Rapido ('AlvaroNiño'): Launch Internet Explorer Browser.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0VV3PS0VVX





Y luego se ven estos otros accesos rapidos que si no son voluntarios, sugerimos eliminar:





Acceso Rapido ('AlvaroNiño'): Shows Desktop.lnk =

Acceso Rapido ('AlvaroNiño'): Window Switcher.lnk =

Ext.Google Chrome. ('AlvaroNiño') Id: gomekmidlodglbbmalcneegieacbdmki

Ext.Google Chrome. ('AlvaroNiño') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('AlvaroNiño') Id: nmmhkkegccagdldgiimedpiccmgmieda

DataBases Google Chrome. ('AlvaroNiño'): Databases.db

DataBases Google Chrome. ('AlvaroNiño'): Databases.db-journal





Una vez eliminados dichos añadidos, salva los cambios, reinicia y comentanos el resultado





saludos



ms, 28-8-2015

Avatar de Usuario
flacoroo
Mensajes: 6289
Registrado: 09 Mar 2004, 20:32
Ubicación: Paso del Macho,Ver.México

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por flacoroo » 28 Ago 2015, 15:07

Al igual bájate esta herramienta [url=https://toolslib.net/downloads/viewdownload/1-adwcleaner/]adwcleaner[/url],

reinicias en modo seguro tu computadora, lo ejecutas, escaneas y después le das limpiar, después nos pegas su log.

Como lo ejecutarás en windows 7 ó 8.1 dale click derecho del mouse para que lo instales como Administrador.



saludos
:lol: :lol: La vida es hermosa....para que complicarnosla :lol: :lol:

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 28 Ago 2015, 17:55

Buen día. Esta mañana al encender el pc, la pantalla se quedaba en negro, debía apagar e iniciar. Eso ocurrió en tres ocasiones. Logré entrar al pc y al Internet y vine a ver su respuesta. Bueno... logré borrar lo siguiente.



Acceso Rapido ('AlvaroNiño'): Crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe



O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1B6EC688E23AF3509440675E93A6CD38] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window





[color=#0000FF]Este archivo no lo encontré en el SPROCES:

O4 - Startup: crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

Para ello, lanza el SPROCES, pulsa SCAN, marca las dos claves indicadas y selecciona ELIMINAR[/color]






Luego fui y borré CROSSBROWSE de estas dos maneras: También podrías hacerlo desde la carpeta INICIO, eliminando la carga de dicha aplicacion crossbrowse.exe, eliminando la entrada del crossbrowse.lnk, y desde AGREGAR o QUITAR PROGRAMAS, desinstalando el dichoso CROSSBROWSE

Crossbrowse -> "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" --uninstall --system-level





[color=#BF0000]Lo demás no supe cpomo hacer.....

y especialmente en el enlace directo del Internet Explorer, tienes, detras de cargar el iexplore.exe, tienes este añadido que debes eliminar:



http://www.mystartsearch.com/?type=sc&t ... 0VV3PS0VVX





y en este otro acceso directo, mas de lo mismo:



Acceso Rapido ('AlvaroNiño'): Launch Internet Explorer Browser.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0VV3PS0VVX



Y luego se ven estos otros accesos rapidos que si no son voluntarios, sugerimos eliminar:



Acceso Rapido ('AlvaroNiño'): Shows Desktop.lnk =

Acceso Rapido ('AlvaroNiño'): Window Switcher.lnk =

Ext.Google Chrome. ('AlvaroNiño') Id: gomekmidlodglbbmalcneegieacbdmki

Ext.Google Chrome. ('AlvaroNiño') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('AlvaroNiño') Id: nmmhkkegccagdldgiimedpiccmgmieda

DataBases Google Chrome. ('AlvaroNiño'): Databases.db

DataBases Google Chrome. ('AlvaroNiño'): Databases.db-journal

[/color]




Una vez eliminados dichos añadidos, salva los cambios, reinicia y comentanos el resultado





Reinicié,sigue saliendo el odioso incio de mystartsearch.com, fui a programas predeterminados y estaba el CROSSBROWSER en el listado, lo he borrado de nuevo... estaba escribiendo este post, y de repente salió este anuncio de mi antivirus: copio y pego. Le di en eliminar y ahora quedo atenta a su ayuda.



Dios les pague,

Renata.

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 28 Ago 2015, 18:08

[quote="flacoroo"]Al igual bájate esta herramienta [url=https://toolslib.net/downloads/viewdownload/1-adwcleaner/]adwcleaner[/url],

reinicias en modo seguro tu computadora, lo ejecutas, escaneas y después le das limpiar, después nos pegas su log.

Como lo ejecutarás en windows 7 ó 8.1 dale click derecho del mouse para que lo instales como Administrador.



saludos[/quote]




OPs... cuando entré no leí este post de ustedes. Lo acabo de descargar y se está instalando. Gracias.

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 28 Ago 2015, 18:32

Listo, limpié como lo decía el programa de limpieza, acabo de reiniciar el pc y este es el INFO del limpiador:

Mil gracias, quedo atenta a sus sugerencias.





# AdwCleaner v5.004 - Registro generado 28/08/2015 en 11:24:12

# Actualizado 26/08/2015 por Xplode

# Base de datos : 2015-08-20.1 [Local]

# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)

# Nombre de usuario : AlvaroNiño - CONSULTORIOWIN7

# Ejecutado desde : C:\Users\AlvaroNiño\Downloads\adwcleaner_5.004.exe

# Opción : Limpiar

# Apoyo : http://toolslib.net/forum



***** [ Servicios ] *****



[-] $L_SERVICE$ Eliminar : servervo

[-] $L_SERVICE$ Eliminar : SSFK



***** [ Carpetas ] *****



[-] Carpeta Eliminar : C:\Program Files (x86)\AnyProtectEx

[-] Carpeta Eliminar : C:\Program Files (x86)\AskPartnerNetwork

[-] Carpeta Eliminar : C:\Program Files (x86)\RCP

[-] Carpeta Eliminar : C:\Program Files (x86)\GoHD

[-] Carpeta Eliminar : C:\Program Files (x86)\AnySend

[-] Carpeta Eliminar : C:\Program Files (x86)\SFK

[-] Carpeta Eliminar : C:\Program Files (x86)\CinemaPlus-3.2cV20.08

[!] Carpeta No Eliminar : C:\Program Files (x86)\GoHD

[-] Carpeta Eliminar : C:\ProgramData\apn

[-] Carpeta Eliminar : C:\ProgramData\smdmf

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Local\ConvertAd

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Local\Crossbrowse

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\AnyProtectEx

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\OpenCandy

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\PennyBee

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\Systweak

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\mystartsearch

[-] Carpeta Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup

[-] Carpeta Eliminar : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyProtectEx



***** [ Archivos ] *****



[-] Archivo Eliminar : C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

[-] Archivo Eliminar : C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

[-] Archivo Eliminar : C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage

[-] Archivo Eliminar : C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal

[-] Archivo Eliminar : C:\Users\AlvaroNiño\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk

[-] Archivo Eliminar : C:\Users\AlvaroNiño\Desktop\AnyProtect.lnk

[-] Archivo Eliminar : C:\Windows\Reimage.ini

[-] Archivo Eliminar : C:\Windows\Sysnative\roboot64.exe



***** [ Accesos directos ] *****





***** [ Tareas programadas... ] *****



[-] Tarea Eliminar : APSnotifierPP1

[-] Tarea Eliminar : APSnotifierPP2

[-] Tarea Eliminar : APSnotifierPP3

[-] Tarea Eliminar : ASP

[-] Tarea Eliminar : globalUpdateUpdateTaskMachineCore

[-] Tarea Eliminar : globalUpdateUpdateTaskMachineUA

[-] Tarea Eliminar : PennyBee

[-] Tarea Eliminar : amiupdaterExd

[-] Tarea Eliminar : amiupdaterExi

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-1

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-11

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-2

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-3

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-4

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-5

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-5_user

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-6

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-7

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-1-6

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-1-7

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-10_user

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-3

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-5

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-5_user

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-7

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-1

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-11

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-2

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-3

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-4

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-5

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-6

[-] Tarea Eliminar : 178207b4-5ca3-47d2-ad6f-456f657d5cd6-7

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-1-6

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-1-7

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-3

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-5

[-] Tarea Eliminar : 8043f29d-8472-4a4b-be97-257fb6895b1c-7

[-] Tarea Eliminar : globalUpdateUpdateTaskMachineCore

[-] Tarea Eliminar : globalUpdateUpdateTaskMachineUA



***** [ Registro ] *****



[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Iminent

[-] Llave Eliminar : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

[-] Llave Eliminar : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

[-] Llave Eliminar : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

[-] Llave Eliminar : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

[-] Llave Eliminar : HKLM\SOFTWARE\480a72cc-9933-4987-83e4-69bae8865bdc

[-] Llave Eliminar : HKLM\SOFTWARE\c242ef91-cfd3-470b-af71-469a8534a993

[-] Llave Eliminar : HKLM\SOFTWARE\fb757e62-1ce3-4490-8528-9d868d21c83c

[-] Llave Eliminar : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae

[-] Llave Eliminar : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}

[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51b9f603-aad6-4c40-a252-3e4624865e6b}

[-] Valor Eliminar : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

[-] Llave Eliminar : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

[-] Llave Eliminar : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[-] Llave Eliminar : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51b9f603-aad6-4c40-a252-3e4624865e6b}

[-] Llave Eliminar : HKU\.DEFAULT\Software\AnyProtect

[-] Llave Eliminar : HKU\.DEFAULT\Software\AskPartnerNetwork

[-] Llave Eliminar : HKCU\Software\AnyProtect

[-] Llave Eliminar : HKCU\Software\APN PIP

[-] Llave Eliminar : HKCU\Software\AskPartnerNetwork

[-] Llave Eliminar : HKCU\Software\HomeTab

[-] Llave Eliminar : HKCU\Software\InstallCore

[-] Llave Eliminar : HKCU\Software\InstalledBrowserExtensions

[-] Llave Eliminar : HKCU\Software\PennyBee

[-] Llave Eliminar : HKCU\Software\simplytech

[!] Llave No Eliminar : HKCU\Software\Simplytech\HomeTab

[-] Llave Eliminar : HKCU\Software\SmdmF

[-] Llave Eliminar : HKCU\Software\Softonic

[-] Llave Eliminar : HKCU\Software\SupHpUISoft

[-] Llave Eliminar : HKCU\Software\systweak

[-] Llave Eliminar : HKCU\Software\Vittalia

[-] Llave Eliminar : HKCU\Software\Reimage

[-] Llave Eliminar : HKCU\Software\GoHD

[-] Llave Eliminar : HKCU\Software\TNT2

[-] Llave Eliminar : HKCU\Software\CrossBrowser

[-] Llave Eliminar : HKCU\Software\SearchProtectWS

[-] Llave Eliminar : HKCU\Software\Squeaky

[-] Llave Eliminar : HKCU\Software\Crossbrowse

[-] Llave Eliminar : HKCU\Software\Linkey

[-] Llave Eliminar : HKCU\Software\YorkNewCin

[-] Llave Eliminar : HKCU\Software\HighDefAction

[-] Llave Eliminar : HKCU\Software\ArenaHD

[-] Llave Eliminar : HKCU\Software\Kromtech

[!] Llave No Eliminar : HKCU\Software\GoHD

[-] Llave Eliminar : HKCU\Software\AppDataLow\Software\simplytech

[-] Llave Eliminar : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider

[-] Llave Eliminar : HKLM\SOFTWARE\AskPartnerNetwork

[-] Llave Eliminar : HKLM\SOFTWARE\Conduit

[-] Llave Eliminar : HKLM\SOFTWARE\Iminent

[-] Llave Eliminar : HKLM\SOFTWARE\InstalledBrowserExtensions

[-] Llave Eliminar : HKLM\SOFTWARE\SearchProtect

[-] Llave Eliminar : HKLM\SOFTWARE\SmdmF

[-] Llave Eliminar : HKLM\SOFTWARE\supWPM

[-] Llave Eliminar : HKLM\SOFTWARE\systweak

[-] Llave Eliminar : HKLM\SOFTWARE\webssearchesSoftware

[-] Llave Eliminar : HKLM\SOFTWARE\mystartsearchSoftware

[-] Llave Eliminar : HKLM\SOFTWARE\IHProtect

[-] Llave Eliminar : HKLM\SOFTWARE\Crossbrowse

[-] Llave Eliminar : HKLM\SOFTWARE\SpeedBit

[-] Llave Eliminar : HKLM\SOFTWARE\AIM Toolbar

[-] Llave Eliminar : HKLM\SOFTWARE\AdGazelle

[-] Llave Eliminar : HKLM\SOFTWARE\YorkNewCin

[-] Llave Eliminar : HKLM\SOFTWARE\HighDefAction

[-] Llave Eliminar : HKLM\SOFTWARE\ArenaHD

[-] Llave Eliminar : HKLM\SOFTWARE\searchult

[-] Llave Eliminar : HKLM\SOFTWARE\CinemaPlus-3.2cV20.08

[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

[!] Llave No Eliminar : [x64] HKCU\Software\AnyProtect

[!] Llave No Eliminar : [x64] HKCU\Software\APN PIP

[!] Llave No Eliminar : [x64] HKCU\Software\AskPartnerNetwork

[!] Llave No Eliminar : [x64] HKCU\Software\HomeTab

[!] Llave No Eliminar : [x64] HKCU\Software\InstallCore

[!] Llave No Eliminar : [x64] HKCU\Software\InstalledBrowserExtensions

[!] Llave No Eliminar : [x64] HKCU\Software\PennyBee

[!] Llave No Eliminar : [x64] HKCU\Software\simplytech

[!] Llave No Eliminar : [x64] HKCU\Software\Simplytech\HomeTab

[!] Llave No Eliminar : [x64] HKCU\Software\SmdmF

[!] Llave No Eliminar : [x64] HKCU\Software\Softonic

[!] Llave No Eliminar : [x64] HKCU\Software\SupHpUISoft

[!] Llave No Eliminar : [x64] HKCU\Software\systweak

[!] Llave No Eliminar : [x64] HKCU\Software\Vittalia

[!] Llave No Eliminar : [x64] HKCU\Software\Reimage

[!] Llave No Eliminar : [x64] HKCU\Software\GoHD

[!] Llave No Eliminar : [x64] HKCU\Software\TNT2

[!] Llave No Eliminar : [x64] HKCU\Software\CrossBrowser

[!] Llave No Eliminar : [x64] HKCU\Software\SearchProtectWS

[!] Llave No Eliminar : [x64] HKCU\Software\Squeaky

[!] Llave No Eliminar : [x64] HKCU\Software\Crossbrowse

[!] Llave No Eliminar : [x64] HKCU\Software\Linkey

[!] Llave No Eliminar : [x64] HKCU\Software\YorkNewCin

[!] Llave No Eliminar : [x64] HKCU\Software\HighDefAction

[!] Llave No Eliminar : [x64] HKCU\Software\ArenaHD

[!] Llave No Eliminar : [x64] HKCU\Software\Kromtech

[!] Llave No Eliminar : [x64] HKCU\Software\GoHD

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Iminent

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Reimage

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\YorkNewCin

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\HighDefAction

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\ArenaHD

[!] Llave No Eliminar : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\AppDataLow\Software\simplytech

[-] Datos Restauró : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]

[-] Datos Restauró : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]

[-] Datos Restauró : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]

[-] Datos Restauró : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Datos Restauró : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]

[-] Datos Restauró : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]

[-] Datos Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []

[-] Datos Restauró : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]

[-] Datos Restauró : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\Search [Start Page]

[-] Datos Restauró : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]

[-] Datos Restauró : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Datos Restauró : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\Search [Search Bar]

[-] Datos Restauró : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\Search [Search Page]

[-] Llave Eliminar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

[!] Llave No Eliminar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[!] Llave No Eliminar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

[!] Llave No Eliminar : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

[!] Llave No Eliminar : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[!] Llave No Eliminar : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

[!] Llave No Eliminar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[!] Llave No Eliminar : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

[!] Llave No Eliminar : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}

[!] Llave No Eliminar : HKU\S-1-5-21-148184579-837358405-130166647-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



***** [ Navegadores Web ] *****



[-] [C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : mystartsearch

[-] [C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Eliminar : hxxp://www.mystartsearch.com/webfavicon.ico

[-] [C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Eliminar : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"aaaaahlfahldnilidgnlikdckbfehhca":{"ack_prompt_count":1,"active_permissions":{"api":["homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13058649778537582","lastpingday":"13058607607726582","location":6,"manifest":{"background":{"scripts":["common/apnAPI.js","settings/assets.js","settings/redirect.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.search.ask.com/?gct=hp



*************************



:: Winsock Configuración borrada



########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [24266 bytes] ##########

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 28 Ago 2015, 18:44

Si ya has eliminado de la carpeta INICIO este lnk, ya no deberia lanzarse dicha aplicacion al arrancar:



crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe



Posteanos de nuevo el informe que te genere ahora el SPROCES y veremos lo que queda al respecto, gracias



Saludos



ms, 28-8-2015

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 28 Ago 2015, 18:55

Omití esta imagen en post anterior....
Adjuntos
para zona virus.png

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 28 Ago 2015, 19:00

Pues acepta su eliminacion, claro.



Y luego posteanos en nuevo SPROCLOG.TXT...



ms.

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 28 Ago 2015, 19:02

Este es el INFO del SPROCES.

Mil gracias nuevamente.



(28-8-2015 16:57:20 GMT)

SProces v8.6 (c)2015 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Ultimate (v6.1) (64 bits)

Internet Explorer: (v9.11.9600.17801) 0

Equipo: CONSULTORIOWIN7

Usuario: AlvaroNiño

Sesión de Usuario: AlvaroNiño



72 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\DWM.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AFWSERV.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ARMSVC.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE

C:\WINDOWS\SYSTEM32\AERTSR64.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\HNSFEE94.TMP

C:\PROGRAM FILES (X86)\67E0F8C0-1439573389-11E1-AF26-4C72B99D1B2C\KNSD2ECE.TMP

C:\PROGRAM FILES (X86)\HP\HPBDSSERVICE\HPBDSSERVICE.EXE

C:\PROGRAM FILES (X86)\HP\HPLASERJETSERVICE\HPLASERJETSERVICE.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\KNSK2C9.TMP

C:\PROGRAM FILES (X86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\HNST29A0.TMP

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\WMIPRVSE.EXE

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

C:\WINDOWS\SYSTEM32\OSPPSVC.EXE

C:\WINDOWS\SYSTEM32\RTKNGUI64.EXE

C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\AMDUSB3DEVICEDETECTOR\NUSB3MON.EXE

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\PROGRAM FILES (X86)\HP\STATUSALERTS\BIN\HPSTATUSALERTS.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\ACC\CREATIVE CLOUD.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\OOBE\PDAPP\IPC\ADOBEIPCBROKER.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\ADS\ADOBE DESKTOP SERVICE.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\HEX\ADOBE CEF HELPER.EXE

C:\WINDOWS\SYSTEM32\UNSECAPP.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CORESYNC\CORESYNC.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CCLIBRARY\CCLIBRARY.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CCLIBRARY\LIBS\NODE.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\WINDOWS\SYSTEM32\POWERPNT.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\RICONMAN.EXE

C:\WINDOWS\SYSTEM32\WMPNETWK.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\MSTORDB.EXE

C:\WINDOWS\SYSTEM32\WUDFHOST.EXE

C:\WINDOWS\SYSTEM32\PREVHOST.EXE

C:\WINDOWS\SYSTEM32\WINWORD.EXE

C:\WINDOWS\SYSTEM32\WINWORD.EXE

C:\WINDOWS\TEMP\167C.TMP.EXE

C:\WINDOWS\TEMP\17C4.TMP.EXE

C:\WINDOWS\SYSTEM32\AUDIODG.EXE

C:\USERS\ALVARONIñO\DOWNLOADS\SPROCES\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

F2 - REG:system.ini: UserInit=userinit.exe (HKLM x86)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO (x86): Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO (x86): Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll

O2 - BHO (x86): avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO (x86): URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO (x86): Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Wow6432Node\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Wow6432Node\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Wow6432Node\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

O4 - HKLM\..\Wow6432Node\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Wow6432Node\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\AlvaroNiño\AppData\LocalLow\SafeKey\context.html?cmd=fillforms

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (HKLM)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM)

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (HKLM x86)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM x86)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics (x86)

O16 - DPF (x86): {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_6_5_1_1.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O21 - SSODL (x86): WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O22 - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O22 - ShellExecuteHooks (x86): Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL



Información Adicional:

----------------------

Acceso Rapido ('AlvaroNiño'): Google Chrome.lnk = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Acceso Rapido ('AlvaroNiño'): Launch Internet Explorer Browser.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe

Acceso Rapido ('AlvaroNiño'): Shows Desktop.lnk =

Acceso Rapido ('AlvaroNiño'): Window Switcher.lnk =

Ext.Google Chrome. ('AlvaroNiño') Id: gomekmidlodglbbmalcneegieacbdmki

Ext.Google Chrome. ('AlvaroNiño') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('AlvaroNiño') Id: lmjegmlicamnimmfhcmpkclmigmmcbeh

Ext.Google Chrome. ('AlvaroNiño') Id: nmmhkkegccagdldgiimedpiccmgmieda

DataBases Google Chrome. ('AlvaroNiño'): Databases.db

DataBases Google Chrome. ('AlvaroNiño'): Databases.db-journal

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-1.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-11.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-2.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-3.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-4.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-5.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-6.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-7.job

Tarea Programada: C:\WINDOWS\Tasks\3dfede99-9c4d-40eb-9b5c-cab353a417bb.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-1-6.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-1-7.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-10_user.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-3.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-5.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-7.job

Tarea Programada: C:\WINDOWS\Tasks\9905619b-e434-4c6b-8784-ae6288796c12.job

Tarea Programada: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP1.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP2.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP3.job

Tarea Programada: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job

Tarea Programada: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf9083bb762ad0.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf9083bccd8277.job

Tarea Programada: C:\WINDOWS\Tasks\PennyBee.job

Tarea Programada: C:\WINDOWS\Tasks\PXLRPT.job

Tarea Programada: C:\WINDOWS\Tasks\YRW.job



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

O23 - Service: avast! HardwareID (aswHwid) - AVAST Software - C:\WINDOWS\system32\drivers\aswHwid.sys

O23 - Service: aswMonFlt - AVAST Software - C:\WINDOWS\system32\drivers\aswMonFlt.sys

O23 - Service: aswStm - AVAST Software - C:\WINDOWS\system32\drivers\aswStm.sys

O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Field Data Storage (fimevebo) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\hnsfEE94.tmp

O23 - Service: Desktop Site (fomeduze) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1439573389-11E1-AF26-4C72B99D1B2C\knsd2ECE.tmp

O23 - Service: Google Update Servicio (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Information Watermark (tizejese) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\knsk2C9.tmp

O23 - Service: Delete Exit (totyseku) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\hnst29A0.tmp



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys

O23 - Service: AMD USB 3.0 Hub Driver (amdhub30) - Advanced Micro Devices, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\amdhub30.sys

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys

O23 - Service: AMD USB 3.0 Host Controller Driver (amdxhc) - Advanced Micro Devices, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\amdxhc.sys

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbda.sys

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys

O23 - Service: cpuz134 - Unknown owner - C:\Users\ALVARO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys (file missing)

O23 - Service: driverhardwarev2x64 - CybelSoft - C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbda.sys

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys

O23 - Service: Controladora RAID de Intel para Windows 7 (iaStorV) - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\x64\maconfservice.exe

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys

O23 - Service: Driver for Monitor (MonitorFunction) - TeamViewer GmbH - C:\WINDOWS\SYSTEM32\DRIVERS\TVMonitor.sys

O23 - Service: Ralink 802.11n Extensible Wireless Driver (netr28x) - Ralink Technology, Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\netr28x.sys

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys

O23 - Service: Smartphone BlackBerry (RimUsb) - Research In Motion Limited - C:\WINDOWS\SYSTEM32\Drivers\RimUsb_AMD64.sys

O23 - Service: Realtek PCIE CardReader Driver (RSPCIESTOR) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\RtsPStor.sys

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys

O23 - Service: AMD USB Filter Driver (usbfilter) - Advanced Micro Devices - C:\WINDOWS\SYSTEM32\DRIVERS\usbfilter.sys

O23 - Service: VGPU - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\rdvgkmd.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys



Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: Star Key Compact (guninoce) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\knsu67E1.tmp



71 Servicios.

16 de Carga Automatica.

54 de Carga Manual.

1 Deshabilitados.



Listado de Programas Instalados:

--------------------------------

WinRAR 5.21 (64-bit) -> C:\Program Files\WinRAR\uninstall.exe

HP Unified IO -> MsiExec.exe /I{30E20E5D-5E4E-4874-A35A-952DB3582C29}

Ma-Config.com (64 bits) -> MsiExec.exe /X{579A9C5C-80D0-47B3-BE42-CB420AD30CCB}

HP LaserJet Pro MFP M127-M128 Fax Driver -> MsiExec.exe /I{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}

Microsoft Silverlight -> MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}" "3082" "0"

Security Update for Microsoft Excel 2010 (KB2965240) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{29B119D7-3C51-4DE2-B84D-A2E0C68A3EC4}" "3082" "0"

Update for Microsoft Visio 2010 (KB2965292) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5206C5F8-E115-4D17-AF86-F9D241AD75FE}" "3082" "0"

Security Update for Microsoft PowerPoint 2010 (KB2999420) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{547A8337-0686-489C-BE39-9D7A8E2BA3FD}" "3082" "0"

Update for Microsoft Outlook 2010 (KB3015585) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5C130D63-6D40-4A80-919D-779CE0777449}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2965237) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{606AC9C9-5315-4138-BCC5-4CBCBBD27ED9}" "3082" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}" "3082" "0"

Update for Microsoft Visio Viewer 2010 (KB2881021) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{899F1A18-D860-4C63-B3C8-095B8E537D3D}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{A6A2614F-4E2F-4952-8DBF-57CA5241AEE3}" "3082" "0"

Update for Microsoft Access 2010 (KB2837601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{D926D412-C5D1-411E-9F85-7CCF049E502B}" "3082" "0"

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}" "3082" "0"

Update for Microsoft Filter Pack 2.0 (KB2881026) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E51DB3F4-A162-484C-A673-40E18202B10A}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Security Update for Microsoft PowerPoint 2010 (KB2920812) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0C0A-1000-0000000FF1CE}" "{D1414D5F-02BE-49B1-B951-52A2D6BDF624}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Update for Microsoft Outlook 2010 (KB2965295) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0C0A-1000-0000000FF1CE}" "{4CB1054C-E27A-4356-8F4F-5C72B983E885}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0C0A-1000-0000000FF1CE}" "{5DCD7B94-DCDE-47A9-9A00-1ABF454DBDA8}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0C0A-1000-0000000FF1CE}" "{5DCD7B94-DCDE-47A9-9A00-1ABF454DBDA8}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6A2614F-4E2F-4952-8DBF-57CA5241AEE3}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0C0A-1000-0000000FF1CE}" "{06CE23CF-EC68-4F23-89CB-2A22AC45B63A}" "3082" "0"

AMD Catalyst Install Manager -> msiexec /q/x{B1F48088-2632-92BF-799C-16A5141B74EC} REBOOT=ReallySuppress

HP LaserJet Pro MFP M127-M128 Fax -> MsiExec.exe /I{C5835004-643A-4EB6-A280-706F9F62F985}

AMD USB 3.0 Device Detector -> MsiExec.exe /I{CD2F75E2-076F-0BF5-C887-773D90E84639}

Adobe AIR -> C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe Creative Cloud -> "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"

Adobe Flash Player 14 ActiveX -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -maintain activex

aTube Catcher -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe

Avast Internet Security -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall

Adobe Download Assistant -> msiexec /qb /x {E68EADA6-63A4-F6D3-FE12-968B879F7AD6}

Google Chrome -> "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging

Progeinsa -> C:\Windows\ST5UNST.EXE -n "c:\Program Files\Progeinsa\ST5UNST.LOG"

hppM125LaserJetService -> MsiExec.exe /I{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}

HP Product FWUpdater -> MsiExec.exe /I{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}

Java 8 Update 60 -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218060F0}

HPLJUTM127_128 -> MsiExec.exe /I{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}

HP Update -> MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

HP LJ M127128 Scan HP Scan -> MsiExec.exe /I{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}

HPLJUTCore -> MsiExec.exe /I{30DD7187-F392-4D83-8AED-D9A2DC64EF15}

Adobe AIR -> MsiExec.exe /I{31B9D218-FED2-4C6C-B19F-7294FFC130B0}

HP LaserJet Pro MFP M127-M128 -> C:\Program Files (x86)\HP\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Setup.exe /Uninstall

Google Update Helper -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

HP LaserJet Pro MFP M127-M128 HP Device Toolbox -> MsiExec.exe /I{612631AC-0D84-4116-9D8A-D2D63467B7BF}

hpStatusAlerts -> MsiExec.exe /I{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}

Adobe Photoshop CC 2015 -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{793C2BF7-A4FE-4608-91C9-9282C5801C21}"

Realtek Ethernet Controller Driver -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

hpStatusAlertsM127-M128 -> MsiExec.exe /I{92374A19-CD4A-498F-92CB-26473EF31FB3}

Adobe Refresh Manager -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824147215}

Adobe Reader XI (11.0.12) - Español -> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-AB0000000001}

HP Unified IO -> MsiExec.exe /I{B1CB7E99-4685-45CB-867E-2FB58EDA0A39}

Windows Movie Maker 2.6 -> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

HPLJProMFPM127M128 -> MsiExec.exe /X{B5409C23-DE0C-4B48-8C8A-50AE38694955}

Realtek PCIE Card Reader -> "C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly

Adobe Download Assistant -> MsiExec.exe /I{E68EADA6-63A4-F6D3-FE12-968B879F7AD6}

Realtek High Definition Audio Driver -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

HP LaserJet Pro MFP M127-M128 Fax -> MsiExec.exe /I{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 28 Ago 2015, 19:11

Ahora soy yo, quien ataco masivamente a ustedes.....



Se ha infiltrado un nuevo programa de la manera más atrevida en el pc. Mi antivirus se dispara informando de Malware y troyanos y virus y toda clase de bichos que llegan.



Adjunto la captura de PROGRAMAS DETERMINADOS y las flechas en rojo delatan los dos nuevos elementos. Ese ANY protec SE DISPARA A LIMPIAR Y ME SACA DEL iNTERNET. YO LE DOY EN CLOSE y sale y regresa.... Me están enloqueciendo.
Adjuntos
Sin título.png

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 28 Ago 2015, 19:24

Muy bien ! Ya no hay el startup lanzando el dichoso crossbrowse ...



Espero que al arrancar ahora ya no se cargue, salvo que alguna extension del Chrome lo incluya, pero ya no seria en el arranque. Dime si es el caso, gracias



saludos



ms, 28-8-2015

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 02 Sep 2015, 22:05

Buenas tardes desde Colombia. Estuve ausente estos días al regresar y encender el pc, encuentro los mismos inconvenientes. Ahora se mete este nuevo navegador que no logro desactivar de programas determinados y es: BoBrowser. El antivirus dispara uno y otro ataque de malware y troyanos.... que dice mover al baúl. En el escritorio aparecen accesos directos de youtube, Amazon, el AnyProtect Scaner y tres más que no recuerdo ahora y que elimino de allí y de la papelera, pero al encender de nuevo están ahí. No me deja ya usar el Google Chrome. También realicé el cambio de contraseñas en los dos correos.

Quedo atenta, a ver que maniobra debo realizar.

Gracias mil.

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 03 Sep 2015, 07:57

Pues prueba lo que indican en este video: (despues de la publicidad, claro !)





http://www.youtube.com/watch?v=Y9jDX7pcwPY





Espero que te sirva.



saludos



ms, 3-9-2015

Avatar de Usuario
flacoroo
Mensajes: 6289
Registrado: 09 Mar 2004, 20:32
Ubicación: Paso del Macho,Ver.México

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por flacoroo » 03 Sep 2015, 16:35

bajate la nueva versión de [url=https://toolslib.net/downloads/viewdownload/1-adwcleaner/]adwcleaner[/url] y lo ejecutas encendiendo tu compu en modo seguro.



Ademas tambien bajate este programa [url=https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx]Sophos virus removal tools[/url] lo instalas y lo ejecutas en modo seguro, tarda en escanear pero muy efectivo.



Saludos
:lol: :lol: La vida es hermosa....para que complicarnosla :lol: :lol:

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 03 Sep 2015, 20:52

Buenas tardes, agradecida por su apoyo y sintiéndome liberada de tanto bicho.



Lo primero fue pasar el limpiador, me detectó 8 virus, archivos dañados y muchas cosas malas en el pc. Después pasé descargué el antivirus BULA-Shopos, lo dejé escaneando mientras salí a almorzar y ahora, al regresar, encuentro el pc como una sedita, suave, terso y vivo. Pude desinstalar el BroBrowser de programas y por lo que veo, los problemas están superados.

Ahora mi pregunta es: ¿Puedo dejar el Shopos como mi antivirus único? o.. activo el que siempre he tenido.



Enviaré la MUESTRA que encontré en el archivo.



Mil y mil gracias, Dios les pague, ustedes son los aliados que necesitamos en cualquier parte del mundo.



Con todo cariño y gratitud, abrazo para toda la familia SATINFO y zona virus. Se los quiere mucho desde el otro lado del mundo. :D :roll: :D



Renata-



2015-09-03 16:57:07.047 Sophos Virus Removal Tool version 2.5.4

2015-09-03 16:57:07.047 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.



2015-09-03 16:57:07.047 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.



2015-09-03 16:57:07.047 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64

2015-09-03 16:57:07.047 Checking for updates...

2015-09-03 16:57:10.542 Update progress: proxy server not available

2015-09-03 16:57:38.546 Option all = no

2015-09-03 16:57:38.546 Option recurse = yes

2015-09-03 16:57:38.546 Option archive = no

2015-09-03 16:57:38.546 Option service = yes

2015-09-03 16:57:38.546 Option confirm = yes

2015-09-03 16:57:38.546 Option sxl = yes

2015-09-03 16:57:38.546 Option max-data-age = 35

2015-09-03 16:57:38.546 Option EnableSafeClean = yes

2015-09-03 16:57:40.590 Option vdl-logging = yes

2015-09-03 16:57:40.605 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2015-09-03 16:57:40.605 Machine ID: 8c1a3f8d20d2494f8086cb4dadaeb316

2015-09-03 16:57:40.605 Component SVRTcli.exe version 2.5.4

2015-09-03 16:57:40.605 Component control.dll version 2.5.4

2015-09-03 16:57:40.605 Component SVRTservice.exe version 2.5.4

2015-09-03 16:57:40.621 Component engine\osdp.dll version 1.44.1.2210

2015-09-03 16:57:40.621 Component engine\veex.dll version 3.61.0.2210

2015-09-03 16:57:40.621 Component engine\savi.dll version 8.1.8.2210

2015-09-03 16:57:40.621 Component rkdisk.dll version 1.5.30.0

2015-09-03 16:57:40.621 Version info: Product version 2.5.4

2015-09-03 16:57:40.621 Version info: Detection engine 3.61.0

2015-09-03 16:57:40.621 Version info: Detection data 5.18

2015-09-03 16:57:40.621 Version info: Build date 18/08/2015

2015-09-03 16:57:40.621 Version info: Data files added 292

2015-09-03 16:57:40.621 Version info: Last successful update (not yet updated)

2015-09-03 16:58:28.435 Downloading updates...

2015-09-03 16:58:28.454 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement SAVIW32 LATEST

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement IDE519 LATEST

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement IDE520 LATEST

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement IDE521 LATEST

2015-09-03 16:58:28.454 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1

2015-09-03 16:58:28.454 Update progress: [I19463] Syncing product SAVIW32 59

2015-09-03 16:58:34.509 Update progress: [I19463] Syncing product IDE519 196

2015-09-03 16:58:36.178 Installing updates...

2015-09-03 16:58:37.613 Error level 1

2015-09-03 16:58:37.880 Update progress: [I19463] Syncing product IDE520 98

2015-09-03 16:58:37.880 Update progress: [I19463] Syncing product IDE521 1

2015-09-03 16:59:08.529 Update successful

2015-09-03 16:59:34.509 Option all = no

2015-09-03 16:59:34.509 Option recurse = yes

2015-09-03 16:59:34.509 Option archive = no

2015-09-03 16:59:34.509 Option service = yes

2015-09-03 16:59:34.509 Option confirm = yes

2015-09-03 16:59:34.509 Option sxl = yes

2015-09-03 16:59:34.509 Option max-data-age = 35

2015-09-03 16:59:34.509 Option EnableSafeClean = yes

2015-09-03 16:59:34.619 Option vdl-logging = yes

2015-09-03 16:59:34.619 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2015-09-03 16:59:34.619 Machine ID: 8c1a3f8d20d2494f8086cb4dadaeb316

2015-09-03 16:59:34.635 Component SVRTcli.exe version 2.5.4

2015-09-03 16:59:34.635 Component control.dll version 2.5.4

2015-09-03 16:59:34.635 Component SVRTservice.exe version 2.5.4

2015-09-03 16:59:34.635 Component engine\osdp.dll version 1.44.1.2210

2015-09-03 16:59:34.635 Component engine\veex.dll version 3.61.0.2210

2015-09-03 16:59:34.635 Component engine\savi.dll version 8.1.8.2210

2015-09-03 16:59:34.635 Component rkdisk.dll version 1.5.30.0

2015-09-03 16:59:34.635 Version info: Product version 2.5.4

2015-09-03 16:59:34.635 Version info: Detection engine 3.61.0

2015-09-03 16:59:34.635 Version info: Detection data 5.18G

2015-09-03 16:59:34.635 Version info: Build date 18/08/2015

2015-09-03 16:59:34.635 Version info: Data files added 292

2015-09-03 16:59:34.635 Version info: Last successful update 03/09/2015 11:59:08 a.m.



2015-09-03 17:09:30.259 Could not open C:\hiberfil.sys

2015-09-03 17:09:32.552 Could not open C:\pagefile.sys

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{4b770cf6-4115-11e5-aee9-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{4b770cfb-4115-11e5-aee9-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{5fdb67c9-4b52-11e5-84dc-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{5fdb67ed-4b52-11e5-84dc-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300a9-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300ad-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300b1-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300b5-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{6577b558-4102-11e5-8520-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{7c38d3f7-5259-11e5-9300-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{9785b60c-4100-11e5-895f-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{e974c966-4b50-11e5-9974-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:21:03.636 >>> Virus 'Troj/Inject-BFS' found in file C:\Users\AlvaroNiño\AppData\Local\2050601dsisetup20545952.exe

2015-09-03 17:21:03.636 >>> Virus 'Troj/Inject-BFS' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin

2015-09-03 17:21:03.636 >>> Virus 'Troj/Inject-BFS' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin

2015-09-03 17:22:29.010 Could not open C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Current Session

2015-09-03 17:22:29.010 Could not open C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

2015-09-03 17:22:29.057 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)

2015-09-03 17:22:32.832 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)

2015-09-03 17:22:33.222 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)

2015-09-03 17:22:35.017 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)

2015-09-03 17:22:35.049 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)

2015-09-03 17:26:39.926 Could not check C:\Users\AlvaroNiño\Pictures\FOTOS Yuyo\Pausas power point\Pausa Agosto 2004.ppt (corrupt)

2015-09-03 17:37:08.902 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

2015-09-03 17:37:08.902 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2015-09-03 17:37:16.911 Could not open C:\Windows\System32\config\RegBack\DEFAULT

2015-09-03 17:37:16.911 Could not open C:\Windows\System32\config\RegBack\SAM

2015-09-03 17:37:16.911 Could not open C:\Windows\System32\config\RegBack\SECURITY

2015-09-03 17:37:16.926 Could not open C:\Windows\System32\config\RegBack\SOFTWARE

2015-09-03 17:37:16.926 Could not open C:\Windows\System32\config\RegBack\SYSTEM

2015-09-03 18:05:58.346 The following items will be cleaned up:

2015-09-03 18:05:58.346 Troj/Inject-BFS

2015-09-03 18:18:47.381 Threat 'Troj/Inject-BFS' has been cleaned up.

2015-09-03 18:18:47.397 File "C:\Users\AlvaroNiño\AppData\Local\2050601dsisetup20545952.exe" belongs to 'Troj/Inject-BFS'.

2015-09-03 18:18:47.397 File "C:\Users\AlvaroNiño\AppData\Local\2050601dsisetup20545952.exe" has been cleaned up.

2015-09-03 18:18:47.397 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" belongs to 'Troj/Inject-BFS'.

2015-09-03 18:18:47.397 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" has been cleaned up.

2015-09-03 18:18:47.397 Removal successful

2015-09-03 18:18:47.459 Contents of SafeClean bin directory:

2015-09-03 18:18:47.459 {

2015-09-03 18:18:47.459 RecordID : "0000000000000001",

2015-09-03 18:18:47.459 ItemType : "1",

2015-09-03 18:18:47.459 Location : "C:\Users\AlvaroNiño\AppData\Local\",

2015-09-03 18:18:47.459 FileName : "2050601dsisetup20545952.exe",

2015-09-03 18:18:47.459 ThreatName : "Troj/Inject-BFS",

2015-09-03 18:18:47.459 Checksum : "a32d53c5558c207584b977ebc89e768e9345fad3eb87d0d2ea34faee02d87fd1",

2015-09-03 18:18:47.459 TimeStamp : "Thu Sep 03 13:18:34 2015"

2015-09-03 18:18:47.459 }

2015-09-03 18:18:48.582 Error level 0

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 03 Sep 2015, 22:03

[quote="Renata"]Buenas tardes, agradecida por su apoyo y sintiéndome liberada de tanto bicho.



Lo primero fue pasar el limpiador, me detectó 8 virus, archivos dañados y muchas cosas malas en el pc. Después pasé descargué el antivirus BULA-Shopos, lo dejé escaneando mientras salí a almorzar y ahora, al regresar, encuentro el pc como una sedita, suave, terso y vivo. Pude desinstalar el BroBrowser de programas y por lo que veo, los problemas están superados.

Ahora mi pregunta es: ¿Puedo dejar el Shopos como mi antivirus único? o.. activo el que siempre he tenido.



Enviaré la MUESTRA que encontré en el archivo.



Mil y mil gracias, Dios les pague, ustedes son los aliados que necesitamos en cualquier parte del mundo.



Con todo cariño y gratitud, abrazo para toda la familia SATINFO y zona virus. Se los quiere mucho desde el otro lado del mundo. :D :roll: :D



Renata-



2015-09-03 16:57:07.047 Sophos Virus Removal Tool version 2.5.4

2015-09-03 16:57:07.047 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.



2015-09-03 16:57:07.047 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.



2015-09-03 16:57:07.047 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64

2015-09-03 16:57:07.047 Checking for updates...

2015-09-03 16:57:10.542 Update progress: proxy server not available

2015-09-03 16:57:38.546 Option all = no

2015-09-03 16:57:38.546 Option recurse = yes

2015-09-03 16:57:38.546 Option archive = no

2015-09-03 16:57:38.546 Option service = yes

2015-09-03 16:57:38.546 Option confirm = yes

2015-09-03 16:57:38.546 Option sxl = yes

2015-09-03 16:57:38.546 Option max-data-age = 35

2015-09-03 16:57:38.546 Option EnableSafeClean = yes

2015-09-03 16:57:40.590 Option vdl-logging = yes

2015-09-03 16:57:40.605 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2015-09-03 16:57:40.605 Machine ID: 8c1a3f8d20d2494f8086cb4dadaeb316

2015-09-03 16:57:40.605 Component SVRTcli.exe version 2.5.4

2015-09-03 16:57:40.605 Component control.dll version 2.5.4

2015-09-03 16:57:40.605 Component SVRTservice.exe version 2.5.4

2015-09-03 16:57:40.621 Component engine\osdp.dll version 1.44.1.2210

2015-09-03 16:57:40.621 Component engine\veex.dll version 3.61.0.2210

2015-09-03 16:57:40.621 Component engine\savi.dll version 8.1.8.2210

2015-09-03 16:57:40.621 Component rkdisk.dll version 1.5.30.0

2015-09-03 16:57:40.621 Version info: Product version 2.5.4

2015-09-03 16:57:40.621 Version info: Detection engine 3.61.0

2015-09-03 16:57:40.621 Version info: Detection data 5.18

2015-09-03 16:57:40.621 Version info: Build date 18/08/2015

2015-09-03 16:57:40.621 Version info: Data files added 292

2015-09-03 16:57:40.621 Version info: Last successful update (not yet updated)

2015-09-03 16:58:28.435 Downloading updates...

2015-09-03 16:58:28.454 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement SAVIW32 LATEST

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement IDE519 LATEST

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement IDE520 LATEST

2015-09-03 16:58:28.454 Update progress: [I49502] Found supplement IDE521 LATEST

2015-09-03 16:58:28.454 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1

2015-09-03 16:58:28.454 Update progress: [I19463] Syncing product SAVIW32 59

2015-09-03 16:58:34.509 Update progress: [I19463] Syncing product IDE519 196

2015-09-03 16:58:36.178 Installing updates...

2015-09-03 16:58:37.613 Error level 1

2015-09-03 16:58:37.880 Update progress: [I19463] Syncing product IDE520 98

2015-09-03 16:58:37.880 Update progress: [I19463] Syncing product IDE521 1

2015-09-03 16:59:08.529 Update successful

2015-09-03 16:59:34.509 Option all = no

2015-09-03 16:59:34.509 Option recurse = yes

2015-09-03 16:59:34.509 Option archive = no

2015-09-03 16:59:34.509 Option service = yes

2015-09-03 16:59:34.509 Option confirm = yes

2015-09-03 16:59:34.509 Option sxl = yes

2015-09-03 16:59:34.509 Option max-data-age = 35

2015-09-03 16:59:34.509 Option EnableSafeClean = yes

2015-09-03 16:59:34.619 Option vdl-logging = yes

2015-09-03 16:59:34.619 Customer ID: 094260ca9b3af99f9d4a3909fc47a743

2015-09-03 16:59:34.619 Machine ID: 8c1a3f8d20d2494f8086cb4dadaeb316

2015-09-03 16:59:34.635 Component SVRTcli.exe version 2.5.4

2015-09-03 16:59:34.635 Component control.dll version 2.5.4

2015-09-03 16:59:34.635 Component SVRTservice.exe version 2.5.4

2015-09-03 16:59:34.635 Component engine\osdp.dll version 1.44.1.2210

2015-09-03 16:59:34.635 Component engine\veex.dll version 3.61.0.2210

2015-09-03 16:59:34.635 Component engine\savi.dll version 8.1.8.2210

2015-09-03 16:59:34.635 Component rkdisk.dll version 1.5.30.0

2015-09-03 16:59:34.635 Version info: Product version 2.5.4

2015-09-03 16:59:34.635 Version info: Detection engine 3.61.0

2015-09-03 16:59:34.635 Version info: Detection data 5.18G

2015-09-03 16:59:34.635 Version info: Build date 18/08/2015

2015-09-03 16:59:34.635 Version info: Data files added 292

2015-09-03 16:59:34.635 Version info: Last successful update 03/09/2015 11:59:08 a.m.



2015-09-03 17:09:30.259 Could not open C:\hiberfil.sys

2015-09-03 17:09:32.552 Could not open C:\pagefile.sys

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{4b770cf6-4115-11e5-aee9-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{4b770cfb-4115-11e5-aee9-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.174 Could not open C:\System Volume Information\{5fdb67c9-4b52-11e5-84dc-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{5fdb67ed-4b52-11e5-84dc-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300a9-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300ad-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300b1-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{61d300b5-4055-11e5-b720-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{6577b558-4102-11e5-8520-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{7c38d3f7-5259-11e5-9300-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{9785b60c-4100-11e5-895f-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:20:49.190 Could not open C:\System Volume Information\{e974c966-4b50-11e5-9974-4c72b99d1b2c}{3808876b-c176-4e48-b7ae-04046e6cc752}

2015-09-03 17:21:03.636 >>> Virus 'Troj/Inject-BFS' found in file C:\Users\AlvaroNiño\AppData\Local\2050601dsisetup20545952.exe

2015-09-03 17:21:03.636 >>> Virus 'Troj/Inject-BFS' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin

2015-09-03 17:21:03.636 >>> Virus 'Troj/Inject-BFS' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin

2015-09-03 17:22:29.010 Could not open C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Current Session

2015-09-03 17:22:29.010 Could not open C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

2015-09-03 17:22:29.057 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)

2015-09-03 17:22:32.832 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)

2015-09-03 17:22:33.222 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)

2015-09-03 17:22:35.017 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)

2015-09-03 17:22:35.049 Could not check C:\Users\AlvaroNiño\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)

2015-09-03 17:26:39.926 Could not check C:\Users\AlvaroNiño\Pictures\FOTOS Yuyo\Pausas power point\Pausa Agosto 2004.ppt (corrupt)

2015-09-03 17:37:08.902 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

2015-09-03 17:37:08.902 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

2015-09-03 17:37:16.911 Could not open C:\Windows\System32\config\RegBack\DEFAULT

2015-09-03 17:37:16.911 Could not open C:\Windows\System32\config\RegBack\SAM

2015-09-03 17:37:16.911 Could not open C:\Windows\System32\config\RegBack\SECURITY

2015-09-03 17:37:16.926 Could not open C:\Windows\System32\config\RegBack\SOFTWARE

2015-09-03 17:37:16.926 Could not open C:\Windows\System32\config\RegBack\SYSTEM

2015-09-03 18:05:58.346 The following items will be cleaned up:

2015-09-03 18:05:58.346 Troj/Inject-BFS

2015-09-03 18:18:47.381 Threat 'Troj/Inject-BFS' has been cleaned up.

2015-09-03 18:18:47.397 File "C:\Users\AlvaroNiño\AppData\Local\2050601dsisetup20545952.exe" belongs to 'Troj/Inject-BFS'.

2015-09-03 18:18:47.397 File "C:\Users\AlvaroNiño\AppData\Local\2050601dsisetup20545952.exe" has been cleaned up.

2015-09-03 18:18:47.397 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" belongs to 'Troj/Inject-BFS'.

2015-09-03 18:18:47.397 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" has been cleaned up.

2015-09-03 18:18:47.397 Removal successful

2015-09-03 18:18:47.459 Contents of SafeClean bin directory:

2015-09-03 18:18:47.459 {

2015-09-03 18:18:47.459 RecordID : "0000000000000001",

2015-09-03 18:18:47.459 ItemType : "1",

2015-09-03 18:18:47.459 Location : "C:\Users\AlvaroNiño\AppData\Local\",

2015-09-03 18:18:47.459 FileName : "2050601dsisetup20545952.exe",

2015-09-03 18:18:47.459 ThreatName : "Troj/Inject-BFS",

2015-09-03 18:18:47.459 Checksum : "a32d53c5558c207584b977ebc89e768e9345fad3eb87d0d2ea34faee02d87fd1",

2015-09-03 18:18:47.459 TimeStamp : "Thu Sep 03 13:18:34 2015"

2015-09-03 18:18:47.459 }

2015-09-03 18:18:48.582 Error level 0[/quote]




Mi felicidad fue efímera... !Regresó con toda sdu tropa¡ Traj con él Any cleaner; cinema plus; y un resto de cosas, pero el programa bobrowser y no se deja ver en el panel de contro/programas determinados, splo aparece en el escritorio y en la barra de abajo... apareció con el nombre de MyBrowser.

La verdad he quedado pálida ante su nuevo ataque, por supuesto, mi antivirus se vuelve loco detectando virus, troyanos, páginas peligrosas etc.

Quedo oendiente de su asesoría.

Mil gracias.

Renata,

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 03 Sep 2015, 22:27

Mira de seguir los pasos que se indican en el video que te sugeria, ya que por lo visto lo que te ha pasado es tipico de este malware, por esto sugieren proceso de eliminacion manual.



Como que esta en castellano, espero que no tengas problemas, aunque no sea un proceso automatico



Ya nos contaras, gracias.



saludos,, 3-9-2015

Avatar de Usuario
flacoroo
Mensajes: 6289
Registrado: 09 Mar 2004, 20:32
Ubicación: Paso del Macho,Ver.México

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por flacoroo » 04 Sep 2015, 15:08

aparte de la sugerencia que te dio MSC, haz lo siguiente, vamos a ver ahora que bicho hace eso:



baja este programa, lo ejecutas y nos pegas el resultado de log que se crea en C:



[url=http://www.zonavirus.com/descargas/sproces.asp]Sproces[/url]



saludos
:lol: :lol: La vida es hermosa....para que complicarnosla :lol: :lol:

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 04 Sep 2015, 17:45

[quote="flacoroo"]aparte de la sugerencia que te dio MSC, haz lo siguiente, vamos a ver ahora que bicho hace eso:



baja este programa, lo ejecutas y nos pegas el resultado de log que se crea en C:



[url=http://www.zonavirus.com/descargas/sproces.asp]Sproces[/url]



saludos[/quote]


Buen día de nuevo. Logré desinstalar el MyBrowser ese y reinstalar el Chrome; pero los ataques continúan. Al dar algún cambio en las páginas donde navego, me saca y me abre otras de publicidad de cuanta cosa se imaginen.

El antivirus, se me había desactivado y los iconos del escritorio desaparecen y aparecen como en un juego de niños. Ahora me sale acá abajo un anuncio donde me dicen: recomendado: sE RECOMIENDA QUE ACTUALICES TU REPRODUCTOR DE VIDEO HASTA LA VERSIÓN MÁS RAÍDA DISPONIBLE. y me invita a descargar. Cosa que no he hecho, no sea que los bichos ataquen aún más.

Esta batalla está complicada, se que ustedes me apoyarán para alcanzar la victoria.

Dejo el INFO de SPROCES.

Gracias mil y mil.



(4-9-2015 15:34:25 GMT)

SProces v8.6 (c)2015 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Ultimate (v6.1) (64 bits)

Internet Explorer: (v9.11.9600.17801) 0

Equipo: CONSULTORIOWIN7

Usuario: AlvaroNiño

Sesión de Usuario: AlvaroNiño



78 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

C:\WINDOWS\SYSTEM32\DWM.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\TASKENG.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AFWSERV.EXE

C:\PROGRAM FILES (X86)\CINEMAPLUS-3.2CV03.09\1C5B1B42-BF41-45A8-86F7-D25C2DF3B322-1-6.EXE

C:\PROGRAM FILES (X86)\CINEMAPLUS-3.2CV03.09\1C5B1B42-BF41-45A8-86F7-D25C2DF3B322-6.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ARMSVC.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE

C:\WINDOWS\SYSTEM32\AERTSR64.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1439573389-11E1-AF26-4C72B99D1B2C\KNSD2ECE.TMP

C:\PROGRAM FILES (X86)\HP\HPBDSSERVICE\HPBDSSERVICE.EXE

C:\PROGRAM FILES (X86)\HP\HPLASERJETSERVICE\HPLASERJETSERVICE.EXE

C:\WINDOWS\SYSTEM32\REIGUARD.EXE

C:\WINDOWS\SYSTEM32\REISYSTEM.EXE

C:\PROGRAM FILES (X86)\SFK\SSFK.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\KNSK2C9.TMP

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\WMIPRVSE.EXE

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

C:\WINDOWS\SYSTEM32\OSPPSVC.EXE

C:\WINDOWS\SYSTEM32\SFKEX64.EXE

C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE

C:\WINDOWS\SYSTEM32\RTKNGUI64.EXE

C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\AMDUSB3DEVICEDETECTOR\NUSB3MON.EXE

C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\PROGRAM FILES (X86)\HP\STATUSALERTS\BIN\HPSTATUSALERTS.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\ACC\CREATIVE CLOUD.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\OOBE\PDAPP\IPC\ADOBEIPCBROKER.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\ADS\ADOBE DESKTOP SERVICE.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP COMMON\HEX\ADOBE CEF HELPER.EXE

C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE

C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CORESYNC\CORESYNC.EXE

C:\WINDOWS\SYSTEM32\UNSECAPP.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CCLIBRARY\CCLIBRARY.EXE

C:\PROGRAM FILES (X86)\ADOBE\ADOBE CREATIVE CLOUD\CCLIBRARY\LIBS\NODE.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\RICONMAN.EXE

C:\WINDOWS\SYSTEM32\WMPNETWK.EXE

C:\WINDOWS\SYSTEM32\AUDIODG.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\POWERPNT.EXE

C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE

C:\WINDOWS\SYSWOW64\DLLHOST.EXE

C:\USERS\ALVARO~1\APPDATA\LOCAL\TEMP\6539.EXE

C:\WINDOWS\SYSTEM32\UTILS.EXE

C:\WINDOWS\SYSWOW64\CMD.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\USERS\ALVARONIñO\DOWNLOADS\SPROCES\SPROCES.EXE

C:\WINDOWS\SYSTEM32\PING.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

F2 - REG:system.ini: UserInit=userinit.exe (HKLM x86)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO (x86): Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO (x86): Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll

O2 - BHO (x86): avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO (x86): URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO (x86): Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [CrashService] "C:\Users\AlvaroNiño\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Wow6432Node\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Wow6432Node\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Wow6432Node\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

O4 - HKLM\..\Wow6432Node\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Wow6432Node\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\AlvaroNiño\AppData\LocalLow\SafeKey\context.html?cmd=fillforms

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (HKLM)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM)

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (HKLM x86)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (HKLM x86)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics (x86)

O16 - DPF (x86): {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_6_5_1_1.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O21 - SSODL (x86): WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O22 - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O22 - ShellExecuteHooks (x86): Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL



Información Adicional:

----------------------

Acceso Rapido ('AlvaroNiño'): Google Chrome.lnk = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1441379420&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=HitachiXHDS721010CLA630_JP2940N03PS0VV3PS0VVX

Acceso Rapido ('AlvaroNiño'): Launch Internet Explorer Browser.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe

Acceso Rapido ('AlvaroNiño'): Shows Desktop.lnk =

Acceso Rapido ('AlvaroNiño'): Window Switcher.lnk =

Ext.Google Chrome. ('AlvaroNiño') Id: gomekmidlodglbbmalcneegieacbdmki

Ext.Google Chrome. ('AlvaroNiño') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('AlvaroNiño') Id: lmjegmlicamnimmfhcmpkclmigmmcbeh

Ext.Google Chrome. ('AlvaroNiño') Id: nmmhkkegccagdldgiimedpiccmgmieda

Ext.Google Chrome. ('AlvaroNiño') Id: papbadoldddalgcjcicnikcfenodpghp

DataBases Google Chrome. ('AlvaroNiño'): Databases.db

DataBases Google Chrome. ('AlvaroNiño'): Databases.db-journal

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-1.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-11.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-2.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-3.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-4.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-5.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-6.job

Tarea Programada: C:\WINDOWS\Tasks\178207b4-5ca3-47d2-ad6f-456f657d5cd6-7.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-1-6.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-1-7.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-10_user.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-3.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-5.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-6.job

Tarea Programada: C:\WINDOWS\Tasks\1c5b1b42-bf41-45a8-86f7-d25c2df3b322-7.job

Tarea Programada: C:\WINDOWS\Tasks\3dfede99-9c4d-40eb-9b5c-cab353a417bb.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-1-6.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-1-7.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-10_user.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-3.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-5.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-5_user.job

Tarea Programada: C:\WINDOWS\Tasks\8043f29d-8472-4a4b-be97-257fb6895b1c-7.job

Tarea Programada: C:\WINDOWS\Tasks\9905619b-e434-4c6b-8784-ae6288796c12.job

Tarea Programada: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP1.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP2.job

Tarea Programada: C:\WINDOWS\Tasks\APSnotifierPP3.job

Tarea Programada: C:\WINDOWS\Tasks\BIAvWb90YLcLZ.job

Tarea Programada: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job

Tarea Programada: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf9083bb762ad0.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf9083bccd8277.job

Tarea Programada: C:\WINDOWS\Tasks\PennyBee.job

Tarea Programada: C:\WINDOWS\Tasks\PXLRPT.job

Tarea Programada: C:\WINDOWS\Tasks\R7gdh83SjV8NeRVjIzQ9gHUj3.job

Tarea Programada: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job

Tarea Programada: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job

Tarea Programada: C:\WINDOWS\Tasks\YRW.job



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE

O23 - Service: avast! HardwareID (aswHwid) - AVAST Software - C:\WINDOWS\system32\drivers\aswHwid.sys

O23 - Service: aswMonFlt - AVAST Software - C:\WINDOWS\system32\drivers\aswMonFlt.sys

O23 - Service: aswStm - AVAST Software - C:\WINDOWS\system32\drivers\aswStm.sys

O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Desktop Site (fomeduze) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1439573389-11E1-AF26-4C72B99D1B2C\knsd2ECE.tmp

O23 - Service: Google Update Servicio (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe

O23 - Service: SSFK - TODO: (lø

) - C:\Program Files (x86)\SFK\SSFK.exe

O23 - Service: Information Watermark (tizejese) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\knsk2C9.tmp



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys

O23 - Service: AMD USB 3.0 Hub Driver (amdhub30) - Advanced Micro Devices, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\amdhub30.sys

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys

O23 - Service: AMD USB 3.0 Host Controller Driver (amdxhc) - Advanced Micro Devices, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\amdxhc.sys

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbda.sys

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys

O23 - Service: cpuz134 - Unknown owner - C:\Users\ALVARO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys (file missing)

O23 - Service: driverhardwarev2x64 - CybelSoft - C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbda.sys

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys

O23 - Service: Controladora RAID de Intel para Windows 7 (iaStorV) - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\x64\maconfservice.exe

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys

O23 - Service: Driver for Monitor (MonitorFunction) - TeamViewer GmbH - C:\WINDOWS\SYSTEM32\DRIVERS\TVMonitor.sys

O23 - Service: Ralink 802.11n Extensible Wireless Driver (netr28x) - Ralink Technology, Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\netr28x.sys

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys

O23 - Service: Smartphone BlackBerry (RimUsb) - Research In Motion Limited - C:\WINDOWS\SYSTEM32\Drivers\RimUsb_AMD64.sys

O23 - Service: Realtek PCIE CardReader Driver (RSPCIESTOR) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\RtsPStor.sys

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys

O23 - Service: AMD USB Filter Driver (usbfilter) - Advanced Micro Devices - C:\WINDOWS\SYSTEM32\DRIVERS\usbfilter.sys

O23 - Service: VGPU - Unknown owner - C:\WINDOWS\SYSTEM32\drivers\rdvgkmd.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys



Listado de Servicios (Deshabilitados):

--------------------------------------

O23 - Service: Field Data Storage (fimevebo) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\hnsfEE94.tmp

O23 - Service: Star Key Compact (guninoce) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440517833-11E1-AF26-4C72B99D1B2C\knsu67E1.tmp

O23 - Service: Delete Exit (totyseku) - Unknown owner - C:\Program Files (x86)\67E0F8C0-1440688043-11E1-AF26-4C72B99D1B2C\hnst29A0.tmp



73 Servicios.

16 de Carga Automatica.

54 de Carga Manual.

3 Deshabilitados.



Listado de Programas Instalados:

--------------------------------

Reimage Repair -> C:\Program Files\Reimage\Reimage Repair\uninst.exe

WinRAR 5.21 (64-bit) -> C:\Program Files\WinRAR\uninstall.exe

HP Unified IO -> MsiExec.exe /I{30E20E5D-5E4E-4874-A35A-952DB3582C29}

Ma-Config.com (64 bits) -> MsiExec.exe /X{579A9C5C-80D0-47B3-BE42-CB420AD30CCB}

HP LaserJet Pro MFP M127-M128 Fax Driver -> MsiExec.exe /I{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}

Microsoft Silverlight -> MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}" "3082" "0"

Security Update for Microsoft Excel 2010 (KB2965240) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{29B119D7-3C51-4DE2-B84D-A2E0C68A3EC4}" "3082" "0"

Update for Microsoft Visio 2010 (KB2965292) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5206C5F8-E115-4D17-AF86-F9D241AD75FE}" "3082" "0"

Security Update for Microsoft PowerPoint 2010 (KB2999420) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{547A8337-0686-489C-BE39-9D7A8E2BA3FD}" "3082" "0"

Update for Microsoft Outlook 2010 (KB3015585) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{5C130D63-6D40-4A80-919D-779CE0777449}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2965237) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{606AC9C9-5315-4138-BCC5-4CBCBBD27ED9}" "3082" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}" "3082" "0"

Update for Microsoft Visio Viewer 2010 (KB2881021) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{899F1A18-D860-4C63-B3C8-095B8E537D3D}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{A6A2614F-4E2F-4952-8DBF-57CA5241AEE3}" "3082" "0"

Update for Microsoft Access 2010 (KB2837601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{D926D412-C5D1-411E-9F85-7CCF049E502B}" "3082" "0"

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}" "3082" "0"

Update for Microsoft Filter Pack 2.0 (KB2881026) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-1000-0000000FF1CE}" "{E51DB3F4-A162-484C-A673-40E18202B10A}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Security Update for Microsoft PowerPoint 2010 (KB2920812) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0C0A-1000-0000000FF1CE}" "{D1414D5F-02BE-49B1-B951-52A2D6BDF624}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Update for Microsoft Outlook 2010 (KB2965295) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0C0A-1000-0000000FF1CE}" "{4CB1054C-E27A-4356-8F4F-5C72B983E885}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0C0A-1000-0000000FF1CE}" "{5DCD7B94-DCDE-47A9-9A00-1ABF454DBDA8}" "3082" "0"

Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0C0A-1000-0000000FF1CE}" "{5DCD7B94-DCDE-47A9-9A00-1ABF454DBDA8}" "3082" "0"

Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0C0A-1000-0000000FF1CE}" "{FC2E9312-BC11-415B-815E-F62BFD27C409}" "3082" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0043-0000-1000-0000000FF1CE}" "{A6A2614F-4E2F-4952-8DBF-57CA5241AEE3}" "3082" "0"

Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition -> "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0C0A-1000-0000000FF1CE}" "{06CE23CF-EC68-4F23-89CB-2A22AC45B63A}" "3082" "0"

AMD Catalyst Install Manager -> msiexec /q/x{B1F48088-2632-92BF-799C-16A5141B74EC} REBOOT=ReallySuppress

HP LaserJet Pro MFP M127-M128 Fax -> MsiExec.exe /I{C5835004-643A-4EB6-A280-706F9F62F985}

AMD USB 3.0 Device Detector -> MsiExec.exe /I{CD2F75E2-076F-0BF5-C887-773D90E84639}

Adobe AIR -> C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe Creative Cloud -> "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"

Adobe Flash Player 14 ActiveX -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -maintain activex

aTube Catcher -> C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe

Avast Internet Security -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall

CinemaPlus-3.2cV03.09 -> C:\Program Files (x86)\CinemaPlus-3.2cV03.09\Uninstall.exe /fcp=1 /runexe='C:\Program Files (x86)\CinemaPlus-3.2cV03.09\UninstallBrw.exe' /url='http://notif.localgocloud.com/notf_sys/index.html' /brwtype='uni' /onerrorexe='C:\Program Files (x86)\CinemaPlus-3.2cV03.09\utils.exe' /crregname='CinemaPlus-3.2cV03.09' /appid='72893' /srcid='002974' /bic='b32d40d51cc3fa6251caaa451feb1b63IE' /verifier='9fcac93c0d2cd14626c6acb474de2976' /brwshtoms='15000' /installerversion='1_36_01_22' /statsdomain='http://stats.localgocloud.com/utility.gif?' /errorsdomain='http://errors.localgocloud.com/utility.gif?' /monetizationdomain='http://logs.localgocloud.com/monetization.gif?'

Adobe Download Assistant -> msiexec /qb /x {E68EADA6-63A4-F6D3-FE12-968B879F7AD6}

Google Chrome -> "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging

mystartsearch uninstall -> C:\Users\AlvaroNiño\AppData\Roaming\mystartsearch\UninstallManager.exe -ptid=cmi

RegClean-Pro -> "C:\Program Files (x86)\RCP\unins000.exe"

Progeinsa -> C:\Windows\ST5UNST.EXE -n "c:\Program Files\Progeinsa\ST5UNST.LOG"

hppM125LaserJetService -> MsiExec.exe /I{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}

HP Product FWUpdater -> MsiExec.exe /I{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}

Java 8 Update 60 -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218060F0}

HPLJUTM127_128 -> MsiExec.exe /I{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}

HP Update -> MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

HP LJ M127128 Scan HP Scan -> MsiExec.exe /I{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}

HPLJUTCore -> MsiExec.exe /I{30DD7187-F392-4D83-8AED-D9A2DC64EF15}

Adobe AIR -> MsiExec.exe /I{31B9D218-FED2-4C6C-B19F-7294FFC130B0}

HP LaserJet Pro MFP M127-M128 -> C:\Program Files (x86)\HP\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Setup.exe /Uninstall

Google Update Helper -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

HP LaserJet Pro MFP M127-M128 HP Device Toolbox -> MsiExec.exe /I{612631AC-0D84-4116-9D8A-D2D63467B7BF}

hpStatusAlerts -> MsiExec.exe /I{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}

Adobe Photoshop CC 2015 -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{793C2BF7-A4FE-4608-91C9-9282C5801C21}"

Realtek Ethernet Controller Driver -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

hpStatusAlertsM127-M128 -> MsiExec.exe /I{92374A19-CD4A-498F-92CB-26473EF31FB3}

Adobe Refresh Manager -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824147215}

Adobe Reader XI (11.0.12) - Español -> MsiExec.exe /I{AC76BA86-7AD7-1034-7B44-AB0000000001}

HP Unified IO -> MsiExec.exe /I{B1CB7E99-4685-45CB-867E-2FB58EDA0A39}

Windows Movie Maker 2.6 -> MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

HPLJProMFPM127M128 -> MsiExec.exe /X{B5409C23-DE0C-4B48-8C8A-50AE38694955}

Sophos Virus Removal Tool -> MsiExec.exe /I{B829E117-D072-41EA-9606-9826A38D34C1}

Realtek PCIE Card Reader -> "C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly

Adobe Download Assistant -> MsiExec.exe /I{E68EADA6-63A4-F6D3-FE12-968B879F7AD6}

Realtek High Definition Audio Driver -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

HP LaserJet Pro MFP M127-M128 Fax -> MsiExec.exe /I{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 04 Sep 2015, 21:55

Pero has mirado el video que te indique ?


[quote]Pues prueba lo que indican en este video: (despues de la publicidad, claro !)





http://www.youtube.com/watch?v=Y9jDX7pcwPY





Espero que te sirva.



saludos



ms, 3-9-2015[/quote]


Esta en castellano y muy clarito ...



Respondeme al respecto, gracias



mms, 4-9-2015

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 05 Sep 2015, 01:39

Si Señor, claro que he mirado y ejecutado tantas veces las instrucciones del vídeo que no tengo necesidad ya ni de verlo, lo llevo en mi memoria.

Gracias por tu atención.

Renata.

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 05 Sep 2015, 07:52

Al no haber visto mencion anterior al resultado de dichas iinstrucciones y ofrecer explicaciones que concuerdan con lo que nos indicas, cabia la posibilidad de que lo hubieras pasado por alto...



Sugiero que centres tus esfuerzos enn dichas instrucciones, mejorandolas en lo posible, por ejemplo haciendolo en MODO SEGURO , aunque no lo indiquen.



Por ultimo sugiero que con el SPROCES. -> SCAN. , marques las claves de carga del Groove y selecciones ELIMINAR



Dichas claves empiezan por O2 : BHO Groove. ... (Una de ellas indica X86)



---> O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

---> O2 - BHO (x86): Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL





Sino, lanza el REGEDIT busca GROOVE y elimina las entradas que encuentres, si no puedes en MODO NORMAL, hazlo en MODO SEGURO.





Suerte !



ms, 5-9-2015

Renata
Mensajes: 183
Registrado: 02 Jun 2008, 02:10

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por Renata » 08 Sep 2015, 20:50

Buenas tardes desde la Ciudad más Bonita de Colombia.

Realicé todo lo recomendado por ustedes, en este momento siento deslizarse el pc por el mundo virtual y local, "como una sedita". Por ahora, los ataques masivos quedaron en el olvido y en especial, me ha quedado un gran aprendizaje guiada por ustedes, los maestros de Zona Virus.



Todo está en calma y ya no tengo interferencias cuando trabajo en el pc, ni visitas tormentosas que me sacaban de la Web, tuve que instalar de nuevo el Google Chrome y está funcionando de maravilla.



Mil gracias por su asesoría y apoyo, que el Creador de la Vida los conserve por siempre en esta Web ya que son un alivio para muchos en el mundo.



Abrazo y saludos.

Renata

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ATAQUES MASIVOS A MI ORDENADOR.

Mensaje por msc hotline sat » 09 Sep 2015, 06:16

Pues lo celebramos, Renata, y hablo tambien por flacoroo, que ha colaborado en el Tema.



Que dure la paz en tu vida, que bastante has sufrido ya en todos los sentidos, incluidos los ataques malware, pero mientras se puedan solucionar como ahora, dejalo como una manera de recordar a tus amigos de zonavirus, que ya ves que tanto desde un lado como del otro del charco que nos separa, acudimos en tu ayuda en cuanto nos lo pides...



Y sobre que estas en la ciudad mas bonita de Colombia no lo discuto, aunque no puedo juzgarlo al no haber estado en la tuya, a pesar de haber visitado muchas recientemente, como bien sabes, en mi ultimo viaje a tu pais, pero si tu lo dices, sera verdad !



Y recomendandote que tengas en cuenta los cinco puntos mencionados en:



http://www.zonavirus.com/noticias/2015/recomendaciones-para-control-de-los-ransomwares-recordatorio.asp



damos por solucionado el Tema y procedemos a cerrarlo



Saludos desde España (msc) y Mexico (flacoroo)



ms, 9-9-2015

Cerrado

Volver a “Foro Virus - Cuentanos tu problema”