PC Con virus de usb y subrayado de palabras

Responder
ALVAROP7
Mensajes: 48
Registrado: 09 Ene 2006, 22:27
Contactar:

PC Con virus de usb y subrayado de palabras

Mensaje por ALVAROP7 » 30 Jun 2015, 20:24

Buenas tardes



siguiendo las recomendaciones abro un nuevo tema con respecto a la pc que tiene varios virus y que hacen que:



1.- usb los ponga como un disco duro ocultando su contenido.

2.- Las paginas de internet las subraya de azul y se las click ahi te manda a publicidad

3.- Le das click en cualquier parte de la pagina de internet y te direcciona a una pagina diferente.



ya le pase el elistar y no detecto nada



adjunto de nuevo lo que mado el proces





saludos cordiales



29-6-2015 18:33:05 GMT)

SProces v8.6 (c)2015 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Professional (v6.1)

Internet Explorer: (v9.0.8112.16421) 0

Equipo: RESPSIS

Usuario: Resp Sistemas

Sesión de Usuario: CEPRA01



84 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\USERS\RESP SISTEMAS\APPDATA\ROAMING\NTSVC\NTSVC.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\APPLEMOBILEDEVICESERVICE.EXE

C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE

C:\PROGRAM FILES\CHECKPOINT\SSL NETWORK EXTENDER\SLIMSVC.EXE

C:\PROGRAM FILES\INTEL\ICLS CLIENT\HECISERVER.EXE

C:\WINDOWS\SYSTEM32\IPROSETMONITOR.EXE

C:\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\DAL\JHI_SERVICE.EXE

C:\PROGRAM FILES\LENOVO\LBAI\LBAEVENT.EXE

C:\PROGRAM FILES\NITRO PDF\PROFESSIONAL 7\NITROPDFDRIVERSERVICE2.EXE

C:\USERS\RESP SISTEMAS\APPDATA\LOCAL\RGMSERVICE\RGMUPDATER.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\TEAMVIEWER\TEAMVIEWER_SERVICE.EXE

C:\USERS\RESP SISTEMAS\APPDATA\LOCAL\RGMSERVICE\RGMLOADER.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\PROGRAM FILES\TUNEUP UTILITIES 2014\TUNEUPUTILITIESSERVICE32.EXE

C:\PROGRAM FILES\REALVNC\VNC SERVER\VNCSERVER.EXE

C:\PROGRAM FILES\WORDINATOR_1.10.0.17\SERVICE\WSVC.EXE

C:\PROGRAM FILES\REALVNC\VNC SERVER\VNCSERVER.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\DWM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\TUNEUP UTILITIES 2014\TUNEUPUTILITIESAPP32.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\PROGRAM FILES\DROPBOX\CLIENT\DROPBOX.EXE

C:\PROGRAM FILES\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE

C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\TP-LINK\UTILIDAD DE CONFIGURACIóN INALáMBRICA DE TP-LINK\TWCU.EXE

C:\PROGRAM FILES\MYPC BACKUP\MYPC BACKUP.EXE

C:\PROGRAM FILES\GOOGLE\DRIVE\GOOGLEDRIVESYNC.EXE

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

C:\PROGRAM FILES\REALVNC\VNC SERVER\VNCSERVER.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE

C:\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE

C:\WINDOWS\SYSTEM32\MSIEXEC.EXE

C:\PROGRAM FILES\NERO\UPDATE\NASVC.EXE

C:\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\AUDIODG.EXE

C:\WINDOWS\SYSTEM32\WUDFHOST.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE15\OUTLOOK.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPSVC.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

C:\WINDOWS\SYSTEM32\TASKENG.EXE

C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE

C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\USERS\RESPSI~1\APPDATA\LOCAL\TEMP\RAR$EXB0.396\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchult.com/?bd=hp&oem=testsinstcr&uid=ST500DM002-1BD142_S2AJ7NJ8XXXXS2AJ7NJ8&version=2.3.0.9239&pid=414031160&tid=555

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy60EioCUAaq-wzypol6qrt5LY5hzapPM0CjPM2-US35j56j1zIxMcOe9RmJuo5aRApmKQg73DMjeu4mWkPJR8PqCTg2jmljwgPi9bzf-IgDdkloPnczjzNZ3MuSG-o2XYsUIvo-zrhRzY,&q={searchTerms}

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14412 (0)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local (0)

F3 - REG:win.ini: load=C:\ProgramData\msrvc.exe

O2 - BHO: BeStSaiveForYoou - {b47eae20-0373-4e9c-9c72-63a1fa809c55} - C:\Program Files\BeStSaiveForYoou\KoeUcqA4TYnJ7C.dll (file missing)

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [2953BE27AC06FE9E8B08E93100B8355FC468281C._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe

O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino de vínculo a PDF existente - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir destino de vínculo a Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (HKLM)

O9 - Extra button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (HKLM)

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (HKLM)

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 10.51.2) - http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Plug-in 1.6.0_22) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 10.51.2) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

O20 - Winlogon Notify: IGFXCUI - IGFXDEV.DLL

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)



Información Adicional:

----------------------

Acceso Rapido ('Resp Sistemas'): Chrome.lnk = C:\Users\Resp Sistemas\AppData\Local\Chrome\Application\chrome.exe http://www.searchult.com/?bd=sc&oem=testsinstcr&uid=ST500DM002-1BD142_S2AJ7NJ8XXXXS2AJ7NJ8&version=2.3.0.9239&pid=414031160&tid=555

Acceso Rapido ('Resp Sistemas'): GOM Player.lnk = C:\Program Files\GRETECH\GomPlayer\GOM.EXE

Acceso Rapido ('Resp Sistemas'): Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe http://www.searchult.com/?bd=sc&oem=testsinstcr&uid=ST500DM002-1BD142_S2AJ7NJ8XXXXS2AJ7NJ8&version=2.3.0.9239&pid=414031160&tid=555

Acceso Rapido ('Resp Sistemas'): Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe http://www.searchult.com/?bd=sc&oem=testsinstcr&uid=ST500DM002-1BD142_S2AJ7NJ8XXXXS2AJ7NJ8&version=2.3.0.9239&pid=414031160&tid=555

Acceso Rapido ('Resp Sistemas'): Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE /recycle

Acceso Rapido ('Resp Sistemas'): Nero Express.lnk = C:\Program Files\Nero\Core\nero.exe /w

Acceso Rapido ('Resp Sistemas'): Shows Desktop.lnk =

Acceso Rapido ('Resp Sistemas'): VNC Viewer.lnk = C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe

Acceso Rapido ('Resp Sistemas'): Window Switcher.lnk =

Ext.Google Chrome. ('Resp Sistemas') Id: aapocclcgogkmnckokdopfmhonfmgoek

Ext.Google Chrome. ('Resp Sistemas') Id: aohghmighlieiainnegkcijnfilokake

Ext.Google Chrome. ('Resp Sistemas') Id: apdfllckaahabafndbhieahigkjlhalf

Ext.Google Chrome. ('Resp Sistemas') Id: blpcfgokakmgnkcojhhkbfbldkacnbeo

Ext.Google Chrome. ('Resp Sistemas') Id: cchjabbpienhimbelhmapejpadmeoajm

Ext.Google Chrome. ('Resp Sistemas') Id: cfhdojbkjhnklbpkdaibdccddilifddb

Ext.Google Chrome. ('Resp Sistemas') Id: coobgpohoikkiipiblmjeljniedjpjpf

Ext.Google Chrome. ('Resp Sistemas') Id: felcaaldnbdncclmgdcncolpebgiejap

Ext.Google Chrome. ('Resp Sistemas') Id: gighmmpiobklfepjocnamgkkbiglidom

Ext.Google Chrome. ('Resp Sistemas') Id: lccekmodgklaepjeofjdjpbminllajkg

Ext.Google Chrome. ('Resp Sistemas') Id: lcobmakfmlflmcmaphfifdinfocpnjmh

Ext.Google Chrome. ('Resp Sistemas') Id: lmjegmlicamnimmfhcmpkclmigmmcbeh

Ext.Google Chrome. ('Resp Sistemas') Id: nafaimnnclfjfedmmabolbppcngeolgf

Ext.Google Chrome. ('Resp Sistemas') Id: nmmhkkegccagdldgiimedpiccmgmieda

Ext.Google Chrome. ('Resp Sistemas') Id: pjkljhegncpnkpknbcohdijeoejaedia

DataBases Google Chrome. ('Resp Sistemas'): Databases.db

DataBases Google Chrome. ('Resp Sistemas'): Databases.db-journal

Tarea Programada: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

Tarea Programada: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job

Tarea Programada: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job

Tarea Programada: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1675859011-2920491781-431972115-1002Core.job

Tarea Programada: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1675859011-2920491781-431972115-1002UA.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf6bc5381c669c.job

Tarea Programada: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6bc53b7d2a75.job



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: TroubleFix (7a7e367c) - Unknown owner - C:\Windows\system32\rundll32.exe" "c:\Program Files\TroubleFix\TroubleFix.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

O23 - Service: Servicio de Actualización de Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe

O23 - Service: Google Update Servicio (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe

O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

O23 - Service: Lenovo LBA Event Service (LBAEvent) - Lenovo - C:\Program Files\Lenovo\LBAI\LBAEvent.exe

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

O23 - Service: LPT System Updater Service (LPTSystemUpdater) - Unknown owner - C:\Program Files\LPT\srpts.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe

O23 - Service: RG Manage Updater (RGMUpdater) - Unknown owner - C:\Users\Resp Sistemas\AppData\Local\RGMService\RGMUpdater.exe

O23 - Service: Net Service Event Handler (Sed) - Navigation - C:\Users\Resp Sistemas\AppData\Roaming\ntsvc\ntsvc.exe

O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe

O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

O23 - Service: VNC Server (vncserver) - RealVNC Ltd - C:\Program Files\RealVNC\VNC Server\vncserver.exe

O23 - Service: WN 1.10.0.17 Client Service (wsvc_1.10.0.17) - WN - C:\Program Files\Wordinator_1.10.0.17\Service\wsvc.exe



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys

O23 - Service: aic78xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\djsvs.sys

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbdx.sys

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60x) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60x.sys

O23 - Service: Controlador de filtro inferior de almacenamiento USB Brother (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys

O23 - Service: Controlador de filtro superior de almacenamiento USB Brother (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys

O23 - Service: Controlador de interfaz de puerto serie Brother MFC (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys

O23 - Service: Controlador serie WDM de Brother (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys

O23 - Service: Módem Brother MFC USB sólo Fax (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

O23 - Service: Controlador WDM de serie USB Brother MFC (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys

O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\system32\IntelCpHeciSvc.exe

O23 - Service: cpuz134 - Unknown owner - C:\Users\RESPSI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys (file missing)

O23 - Service: Servicio de Actualización de Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe

O23 - Service: Intel(R) PRO/1000 PCI Express Network Connection Driver C (e1cexpress) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\e1c6232.sys

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbdx.sys

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys

O23 - Service: GEAR ASPI Filter Driver (GEARAspiWDM) - GEAR Software Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys

O23 - Service: iaStorV - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys

O23 - Service: igfx - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\igdkmd32.sys

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Controlador del concentrador Intel(R) USB 3.0 (iusb3hub) - Intel Corporation - C:\WINDOWS\system32\drivers\iusb3hub.sys

O23 - Service: Controlador de la controladora de host Intel(R) USB 3.0 eXtensible (iusb3xhc) - Intel Corporation - C:\WINDOWS\system32\drivers\iusb3xhc.sys

O23 - Service: Lenovo application interface driver (LBAI) - Lenovo - C:\WINDOWS\System32\Drivers\LBAI.sys

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys

O23 - Service: Intel(R) Management Engine Interface (MEI) - Intel Corporation - C:\WINDOWS\system32\drivers\HECI.sys

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Controlador de la Tarjeta de LAN inalámbrica USB RT2870 para Vista (netr28u) - Ralink Technology Corp. - C:\WINDOWS\SYSTEM32\DRIVERS\netr28u.sys

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys

O23 - Service: Wireless LAN 802.11n USB 2.0 Network Adapter (RtlWlanu) - Realtek Semiconductor Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\rtwlanu.sys

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys

O23 - Service: TuneUpUtilitiesDrv - TuneUp Software - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys

O23 - Service: Apple Mobile USB Driver (USBAAPL) - Apple, Inc. - C:\WINDOWS\SYSTEM32\Drivers\usbaapl.sys

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys

O23 - Service: VMware VMCI Bus Driver (vmci) - Unknown owner - C:\WINDOWS\system32\DRIVERS\vmci.sys (file missing)

O23 - Service: VMware Virtual Ethernet Adapter Driver (VMnetAdapter) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\vmnetadapter.sys (file missing)

O23 - Service: Check Point Virtual Network Adapter (VNA) - Check Point Software Technologies - C:\WINDOWS\SYSTEM32\DRIVERS\vna.sys

O23 - Service: vncmirror - RealVNC Ltd. - C:\WINDOWS\SYSTEM32\DRIVERS\vncmirror.sys

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys



Listado de Servicios (Deshabilitados):

--------------------------------------



84 Servicios.

22 de Carga Automatica.

62 de Carga Manual.

0 Deshabilitados.



Listado de Programas Instalados:

--------------------------------

Paquete de controladores de Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) -> C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst-x86.exe /u C:\Windows\System32\DriverStore\FileRepository\arduino.inf_x86_neutral_844213a156728dfe\arduino.inf

4K Video Downloader 3.5 -> "C:\Program Files\4KDownload\4kvideodownloader\unins000.exe"

Adobe Flash Player 12 ActiveX -> C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe -maintain activex

Adobe Flash Player 16 NPAPI -> C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_235_Plugin.exe -maintain plugin

CCleaner -> "C:\Program Files\CCleaner\uninst.exe"

Adobe Download Assistant -> msiexec /qb /x {B8B7838E-449E-B187-57E1-1AA686F225DC}

Comanche 4 (remove only) -> "C:\Program Files\Comanche 4\Uninstall.exe"

Dropbox -> "C:\Program Files\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE

Edraw Mind Map 7.5 -> "C:\Program Files\Edraw Mind Map\unins000.exe"

GOM Player -> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"

Google Chrome -> "C:\Program Files\Google\Chrome\Application\43.0.2357.130\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Mozilla Firefox 37.0.2 (x86 es-MX) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

Mozilla Thunderbird 31.1.2 (x86 es-ES) -> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

Mozilla Maintenance Service -> "C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

Nero 7.5.9.0 -> "C:\Program Files\Nero\unins000.exe"

Opera Stable 30.0.1835.88 -> "C:\Program Files\Opera\Launcher.exe" /uninstall

Intel(R) Network Connections 16.8.46.0 -> MsiExec.exe /i{6438A99C-A37E-4758-A0AE-95F8A63AAFF5} ARPREMOVE=1

VNC Viewer 5.0.3 -> "C:\Program Files\RealVNC\VNC Viewer\unins000.exe"

VNC Server 5.0.3 -> "C:\Program Files\RealVNC\VNC Server\unins000.exe"

RGMUpdater Monetization Control -> C:\ProgramData\Packercc56729e-9fc2-4c79-a5a8-77edc7087390\25688.exe {"packer":{"runMode":"unpacker"}}

Searchult -> C:\Users\Resp Sistemas\AppData\Roaming\Searchult\uninstall.exe

SHARP MX/MX-M Series PCL/PS Printer Driver -> C:\Program Files\InstallShield Installation Information\{673E2CB8-8306-4F99-9DF9-6492C2F57072}\setup.exe -l000a -uninst ss0eis.sii

TeamViewer 10 -> C:\Program Files\TeamViewer\uninstall.exe

TuneUp Utilities 2014 -> C:\Program Files\TuneUp Utilities 2014\TUInstallHelper.exe --Trigger-Uninstall

VNC Mirror Driver 1.8.0 -> "C:\Program Files\RealVNC\VNC Server\Mirror Driver\unins000.exe"

VNC Printer Driver 1.8.0 -> "C:\Program Files\RealVNC\VNC Server\Printer Driver\unins000.exe"

WinRAR 4.20 (32-bit) -> C:\Program Files\WinRAR\uninstall.exe

Wordinator 1.10.0.17 -> C:\Program Files\Wordinator_1.10.0.17\Uninstall.exe

Ubuntu -> C:\ubuntu\uninstall-wubi.exe

Dropbox Update Helper -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94}

EZDownloader -> "C:\Program Files\EZDownloader\unins000.exe"

Facebook Video Calling 3.1.0.521 -> MsiExec.exe /X{2091F234-EB58-4B80-8C96-8EB78C808CF7}

Nero SharedVideoCodecs -> MsiExec.exe /X{2432E589-6256-4513-B0BF-EFA8E325D5F0}

Java(TM) 6 Update 22 -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}

Java 7 Update 51 -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}

Sharpdesk -> MsiExec.exe /X{2A30AFBD-6DA5-499F-A83B-7CB2DFF21C23}

Cuevana Storm versión 0.3b -> "C:\Program Files\Cuevana Storm\unins001.exe"

Utilidad de configuración inalámbrica de TP-LINK -> "C:\Program Files\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -runfromtemp -l0x000a -removeonly

BlockIt Ad remover -> "C:\ProgramData\BlockIt Ad remover\BlockIt Ad remover.exe" /progname=BlockIt Ad remover /progver=3.4.2 /progpub=BlockIt Ad remover /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT

iTunes -> MsiExec.exe /I{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}

TP-LINK TL-WN725N_TL-WN723N Controlador -> "C:\Program Files\InstallShield Installation Information\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}\setup.exe" -runfromtemp -l0x000a -removeonly DriverOnly

QuickTime 7 -> MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}

Intel(R) Rapid Storage Technology -> C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall

Apple Application Support (32 bits) -> MsiExec.exe /I{447CDCE5-F555-429B-BFA6-642C3C6D684F}

Google Update Helper -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

swMSM -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Intel(R) Network Connections 16.8.46.0 -> MsiExec.exe /i{6438A99C-A37E-4758-A0AE-95F8A63AAFF5} ARPREMOVE=1

Intel(R) Management Engine Components -> C:\Program Files\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall

Nero Update -> MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}

VoiceOver Kit -> MsiExec.exe /I{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}

iCloud -> MsiExec.exe /I{760BB327-3973-4608-85C8-88162E2FF3B6}

Apple Software Update -> MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bonjour -> MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Nitro Pro 7 -> MsiExec.exe /X{7A2F6840-426B-487C-AD36-71AE3ABFDC31}

Google Earth -> MsiExec.exe /I{817750FA-EC6A-485D-9901-0683AE6FFDF1}

Microsoft Silverlight -> MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) -> MsiExec.exe /I{8D6181F3-CACB-4B48-8B08-981F3A7F318B}

LibreOffice 4.2.5.2 -> MsiExec.exe /I{8D8F47B2-0E03-4C50-9803-A01120878F96}

Microsoft Access MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-0015-0C0A-0000-0000000FF1CE}

Microsoft Excel MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-0016-0C0A-0000-0000000FF1CE}

Microsoft PowerPoint MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-0018-0C0A-0000-0000000FF1CE}

Microsoft Publisher MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-0019-0C0A-0000-0000000FF1CE}

Microsoft Outlook MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-001A-0C0A-0000-0000000FF1CE}

Microsoft Word MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-001B-0C0A-0000-0000000FF1CE}

Microsoft InfoPath MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-0044-0C0A-0000-0000000FF1CE}

Microsoft DCF MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-0090-0C0A-0000-0000000FF1CE}

Microsoft OneNote MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-00A1-0C0A-0000-0000000FF1CE}

Microsoft Groove MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-00BA-0C0A-0000-0000000FF1CE}

Microsoft Lync MUI (Spanish) 2013 -> MsiExec.exe /X{90150000-012B-0C0A-0000-0000000FF1CE}

Check Point SSL Network Extender -> MsiExec.exe /X{955b86ef-8dbc-4a6e-a3a5-f04f0b6a8e68}

Nero Burning ROM 2014 -> MsiExec.exe /I{972A1A15-5B3D-4096-BAE1-3F37974664A6}

Nero ControlCenter -> MsiExec.exe /X{ABC88553-8770-4B97-B43E-5A90647A5B63}

Muvic Smartbar -> MsiExec.exe /X{AFF1052D-3D75-4A4F-9513-26A65E1F5E6D} /quiet

Nero Burning Core -> MsiExec.exe /X{B166374C-105E-445E-8E5D-A86CA5742645}

Adobe Download Assistant -> MsiExec.exe /I{B8B7838E-449E-B187-57E1-1AA686F225DC}

LPT System Updater Service -> MsiExec.exe /I{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}

Intel® Trusted Connect Service Client -> MsiExec.exe /I{BCED7487-44BC-487C-94CF-824AB27909E0}

Nero Core Components -> MsiExec.exe /X{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}

MySQL Connector/ODBC 3.51 -> MsiExec.exe /I{C0D3D93F-C200-4F45-A7B0-4B7753E18590}

Python 2.7.6 -> MsiExec.exe /I{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}

LBAI -> "C:\Program Files\InstallShield Installation Information\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}\setup.exe" -runfromtemp -l0x040a -removeonly

Cuevana Storm versión 0.1b -> "C:\Program Files\Cuevana Storm\unins000.exe"

Google Drive -> MsiExec.exe /X{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}

Nero ControlCenter Help (CHM) -> MsiExec.exe /X{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}

aTube Catcher versión 3.8 -> "C:\Program Files\DsNET Corp\aTube Catcher 2.0\unins000.exe"

Apple Mobile Device Support -> MsiExec.exe /I{E1DB0812-2D60-43DB-AE09-6C7027D93B28}

Intel(R) Processor Graphics -> C:\Program Files\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall

Nero Burning ROM -> MsiExec.exe /X{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}

Nero Burning ROM Help (CHM) -> MsiExec.exe /X{FA78CC15-9F90-443B-BA61-A66595F06432}

OpenOffice 4.0.0 -> MsiExec.exe /I{FBD275C7-DD8C-4056-BD4F-5ECC1A56DE6A}

SCO -> rundll32.exe dfshim.dll,ShArpMaintain SCO.application, Culture=neutral, PublicKeyToken=8ec0833ef345ff1f, processorArchitecture=x86

Chromium Browser -> "C:\Users\Resp Sistemas\AppData\Local\Chrome\Application\41.0.2231.0\Installer\setup.exe" --uninstall

Popcorn Time -> C:\Users\Resp Sistemas\AppData\Local\Popcorn Time\Uninstall.exe

Songr -> C:\Users\Resp Sistemas\AppData\Local\Songr\Uninstall.exe

Muvic Smartbar Engine -> MsiExec.exe /X{AFF1052D-3D75-4A4F-9513-26A65E1F5E6D} /quiet ENGINE=1

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: PC Con virus de usb y subrayado de palabras

Mensaje por msc hotline sat » 30 Jun 2015, 20:35

Pues de entrada proceda con lo que ya habia publicado en el anterir Tema, ya que era sobre su informe:



Lance el ELIPUPS, marque los que le indique al final y seleccione DESINSTALAR



Luego se ven redirecciones al final de los enlaces directos a los navegadores. Pulse boton derecho sobre el link de acceso a ellos, y vea que en PRPIEDADES -destino , detras del .Exe hay un añadido:



http://www.searchult.com/?bd=sc&oem=tes ... 60&tid=555



. Elimina dicho añadido y salva los nuevos enlaces.



Aparte hay varios ficheros sospechosos que conviene aparcar añadiendo .VIR a su extension, y luego envienoslos para analizar.



Procede con ello con los siguientes ficheros :



C:\USERS\RESP SISTEMAS\APPDATA\ROAMING\NTSVC\NTSVC.Exe



C:\Program Files\MyPC Backup\MyPC Backup.exe



C:\Windows\system32\rundll32.exe" "c:\Program Files\TroubleFix\TroubleFix.dll



Si no encontraras alguno de ellos, prueba con el ELIMOVER



Cuando recibamos dichos ficheros, los analizaremos e informaremos



Saludos



ms, 30-6-2015

Responder

Volver a “Foro Virus - Cuentanos tu problema”