ADD ON buscador no deseado

Cerrado
synunm
Mensajes: 13
Registrado: 21 Feb 2007, 17:39
Ubicación: Argentina

ADD ON buscador no deseado

Mensaje por synunm » 21 Nov 2012, 23:33

Hola a todos, quisiera saber si alguno puede decirme como puedo quitar una pagina (http://www.mysearchresults.com/) probé todo lo posible dentro de mi capacidad.

Pero después de un par de veces se vuelve a instalar y es muy molesto ya que tengo mis buscadores predeterminados y los quita.

Desde ya muchas gracias.

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ADD ON buscador no deseado

Mensaje por msc hotline sat » 22 Nov 2012, 13:21

Probar el ELISTARA:


[quote="para DESCARGAR el ELISTARA, msc"]



http://www.zonavirus.com/descargas/elistara.asp



Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso [/quote]




y si no detectara malwares ni pidiera envio de sospechosos, lanzar el SPROCES y pulsar en SALIR, tras lo cual generará informe en c:\sproclog.txt, que nos pueden enviar para analizar:


[quote="para DESCARGAR el SPROCES, msc"]



http://www.zonavirus.com/descargas/sproces.asp


[/quote]


saludos



ms, 22-11-2012

synunm
Mensajes: 13
Registrado: 21 Feb 2007, 17:39
Ubicación: Argentina

Re: ADD ON buscador no deseado

Mensaje por synunm » 22 Nov 2012, 16:16

(22-11-2012 14:41:43 (GMT))

EliStartPage v26.59 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 21 de Noviembre del 2012)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium

Usuario: UpdatusUser

ID de Usuario: S-1-5-21-1473093165-3826100448-2898187161-1000



Lista de Acciones (por Acción Directa):

Restaurado "Userinit"

[Userinit anterior] = "userinit.exe"

[Userinit actual] = "userinit.exe,"

Eliminada Class, "{2EECD738-5844-4a99-B4B6-146BF802613B}" -> NULL2

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(22-11-2012 14:41:50 (GMT))

EliStartPage v26.59 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 21 de Noviembre del 2012)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium

Usuario: ricardo

ID de Usuario: S-1-5-21-1473093165-3826100448-2898187161-1001



Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(22-11-2012 14:41:56 (GMT))

EliStartPage v26.59 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 21 de Noviembre del 2012)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium

Usuario: X

ID de Usuario: S-1-5-21-1473093165-3826100448-2898187161-1004



Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(22-11-2012 14:42:02 (GMT))

EliStartPage v26.59 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 21 de Noviembre del 2012)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium

Usuario: Guest

ID de Usuario: S-1-5-21-1473093165-3826100448-2898187161-501



Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE



(22-11-2012 14:47:12 (GMT))

EliStartPage v26.59 (c)2012 S.G.H. / Satinfo S.L. (Actualizado el 21 de Noviembre del 2012)

--------------------------------------------------

Sistema Operativo: Windows 7 Home Premium

Usuario: Guest

ID de Usuario: S-1-5-21-1473093165-3826100448-2898187161-501



Lista de Acciones (por Exploración):

Explorando "C:\"



Nº Total de Directorios: 4947

Nº Total de Ficheros: 37955

Nº de Ficheros Analizados: 19628

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

synunm
Mensajes: 13
Registrado: 21 Feb 2007, 17:39
Ubicación: Argentina

Re: ADD ON buscador no deseado

Mensaje por synunm » 22 Nov 2012, 16:19

(22-11-2012 15:05:45 GMT)

SProces v6.6 (c)2012 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Windows 7 Home Premium (v6.1.7601)

Internet Explorer: (v9.0.8112.16421) 0

Equipo: RICARDO-PC

Usuario: ricardo

Sesión de Usuario: ricardo



26 Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WININIT.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\LSM.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\WINDOWS\SYSTEM32\EXPLORER.EXE

C:\BASURA\ESCRITORIO\SPROCES.EXE



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (User 'UpdatusUser')

R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (User 'UpdatusUser')

R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (User 'X')

R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (User 'X')

R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-501\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (User 'Guest')

R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-501\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (User 'Guest')

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.local (0)

R1 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> (0) (User 'UpdatusUser')

R1 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> (0) (User 'X')

R1 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local> (0) (User 'Guest')

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (User 'UpdatusUser')

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (User 'X')

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (User 'Guest')

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\ricardo\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\ricardo\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\..\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1004\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'X')

O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio Local')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio Local')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O4 - Global Startup: YouTube Uploader for CASIO.lnk = C:\Program Files (x86)\CASIO\YouTube Uploader for CASIO\YStart.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDNSP.DLL

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDNSP.DLL

O10 - Unknown file in Winsock LSP: C:\PROGRAM FILES (X86)\BONJOUR\MDNSNSP.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 10.9.2) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} (Java Plug-in 1.6.0_25) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 10.9.2) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)

O22 - ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL



Información Adicional:

----------------------

.scr (HKCR): AutoCADScriptFile -> C:\windows\system32\notepad.exe "%1"



Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Akamai NetSession Interface (Akamai) - Akamai Technologies, Inc. - %SystemRoot%\System32\svchost.exe -k Akamai - c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe

O23 - Service: DefaultTabUpdate - Search Results, LLC - C:\Users\ricardo\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

O23 - Service: eamonm - ESET - C:\WINDOWS\SYSTEM32\DRIVERS\eamonm.sys (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: epfwwfpr - ESET - C:\WINDOWS\SYSTEM32\DRIVERS\epfwwfpr.sys (file missing)

**O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted - C:\WINDOWS\SYSTEM32\NULL1 (file missing)

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe

O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe (file missing)

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver (TVALZFL) - TOSHIBA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\TVALZFL.sys (file missing)

O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

**O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - %SystemRoot%\System32\svchost.exe -k secsvcs - %ProgramFiles%\Windows Defender\mpsvc.dll (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)



Listado de Servicios (Carga Manual):

------------------------------------

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: adp94xx - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adp94xx.sys (file missing)

O23 - Service: adpahci - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpahci.sys (file missing)

O23 - Service: adpu320 - Adaptec, Inc. - C:\WINDOWS\system32\drivers\adpu320.sys (file missing)

O23 - Service: aliide - Acer Laboratories Inc. - C:\WINDOWS\system32\drivers\aliide.sys (file missing)

O23 - Service: amdsata - Advanced Micro Devices - C:\WINDOWS\system32\drivers\amdsata.sys (file missing)

O23 - Service: amdsbs - AMD Technologies Inc. - C:\WINDOWS\system32\drivers\amdsbs.sys (file missing)

O23 - Service: arc - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arc.sys (file missing)

O23 - Service: arcsas - Adaptec, Inc. - C:\WINDOWS\system32\drivers\arcsas.sys (file missing)

O23 - Service: Broadcom NetXtreme II VBD (b06bdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\bxvbda.sys (file missing)

O23 - Service: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 (b57nd60a) - Broadcom Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\b57nd60a.sys (file missing)

O23 - Service: Brother USB Mass-Storage Lower Filter Driver (BrFiltLo) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltLo.sys (file missing)

O23 - Service: Brother USB Mass-Storage Upper Filter Driver (BrFiltUp) - Brother Industries, Ltd. - C:\WINDOWS\system32\drivers\BrFiltUp.sys (file missing)

O23 - Service: Brother MFC Serial Port Interface Driver (WDM) (Brserid) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\Brserid.sys (file missing)

O23 - Service: Brother WDM Serial driver (BrSerWdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrSerWdm.sys (file missing)

O23 - Service: Brother MFC USB Fax Only Modem (BrUsbMdm) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (file missing)

O23 - Service: Brother MFC USB Serial WDM Driver (BrUsbSer) - Brother Industries Ltd. - C:\WINDOWS\System32\Drivers\BrUsbSer.sys (file missing)

O23 - Service: CeKbFilter - Compal Electronics, INC. - C:\WINDOWS\SYSTEM32\DRIVERS\CeKbFilter.sys (file missing)

O23 - Service: cmdide - CMD Technology, Inc. - C:\WINDOWS\system32\drivers\cmdide.sys (file missing)

O23 - Service: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) (dg_ssudbus) - DEVGURU Co., LTD.(www.devguru.co.kr) - C:\WINDOWS\SYSTEM32\DRIVERS\ssudbus.sys (file missing)

O23 - Service: Broadcom NetXtreme II 10 GigE VBD (ebdrv) - Broadcom Corporation - C:\WINDOWS\system32\drivers\evbda.sys (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: elxstor - Emulex - C:\WINDOWS\system32\drivers\elxstor.sys (file missing)

O23 - Service: ENE CIR Receiver (enecir) - ENE TECHNOLOGY INC. - C:\WINDOWS\SYSTEM32\DRIVERS\enecir.sys (file missing)

O23 - Service: ENE CIR HID Receiver (enecirhid) - ENE TECHNOLOGY INC. - C:\WINDOWS\SYSTEM32\DRIVERS\enecirhid.sys (file missing)

O23 - Service: ENE CIR HIDmini Filter (enecirhidma) - ENE TECHNOLOGY INC. - C:\WINDOWS\SYSTEM32\DRIVERS\enecirhidma.sys (file missing)

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GEAR ASPI Filter Driver (GEARAspiWDM) - GEAR Software Inc. - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hauppauge Consumer Infrared Receiver (hcw85cir) - Hauppauge Computer Works, Inc. - C:\WINDOWS\system32\drivers\hcw85cir.sys (file missing)

O23 - Service: HpSAMD - Hewlett-Packard Company - C:\WINDOWS\system32\drivers\HpSAMD.sys (file missing)

O23 - Service: iaStorV - Intel Corporation - C:\WINDOWS\system32\drivers\iaStorV.sys (file missing)

O23 - Service: igfx - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\igdkmd64.sys (file missing)

O23 - Service: iirsp - Intel Corp./ICP vortex GmbH - C:\WINDOWS\system32\drivers\iirsp.sys (file missing)

O23 - Service: Intel WiDi Audio Device (intaud_WaveExtensible) - Intel Corporation - C:\WINDOWS\SYSTEM32\drivers\intelaud.sys (file missing)

O23 - Service: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - Realtek Semiconductor Corp. - C:\WINDOWS\SYSTEM32\drivers\RTKVHD64.sys (file missing)

O23 - Service: Intel(R) Display Audio (IntcDAud) - Intel(R) Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\IntcDAud.sys (file missing)

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IWD Bus Enumerator (iwdbus) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\iwdbus.sys (file missing)

O23 - Service: JMCR - JMicron Technology Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\jmcr.sys (file missing)

O23 - Service: LSI_FC - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_fc.sys (file missing)

O23 - Service: LSI_SAS - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas.sys (file missing)

O23 - Service: LSI_SAS2 - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_sas2.sys (file missing)

O23 - Service: LSI_SCSI - LSI Corporation - C:\WINDOWS\system32\drivers\lsi_scsi.sys (file missing)

O23 - Service: megasas - LSI Corporation - C:\WINDOWS\system32\drivers\megasas.sys (file missing)

O23 - Service: MegaSR - LSI Corporation, Inc. - C:\WINDOWS\system32\drivers\MegaSR.sys (file missing)

O23 - Service: Intel(R) Management Engine Interface (MEIx64) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\HECIx64.sys (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: ___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit (NETwNs64) - Intel Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\NETwNs64.sys (file missing)

O23 - Service: nfrd960 - IBM Corporation - C:\WINDOWS\system32\drivers\nfrd960.sys (file missing)

O23 - Service: Renesas Electronics USB 3.0 Hub Driver (nusb3hub) - Renesas Electronics Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nusb3hub.sys (file missing)

O23 - Service: Renesas Electronics USB 3.0 Host Controller Driver (nusb3xhc) - Renesas Electronics Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nusb3xhc.sys (file missing)

O23 - Service: nvlddmkm - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\nvlddmkm.sys (file missing)

O23 - Service: nvraid - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvraid.sys (file missing)

O23 - Service: nvstor - NVIDIA Corporation - C:\WINDOWS\system32\drivers\nvstor.sys (file missing)

O23 - Service: Pangu effect driver (PGEffect) - TOSHIBA Corporation - C:\WINDOWS\SYSTEM32\DRIVERS\pgeffect.sys (file missing)

O23 - Service: ql2300 - QLogic Corporation - C:\WINDOWS\system32\drivers\ql2300.sys (file missing)

O23 - Service: ql40xx - QLogic Corporation - C:\WINDOWS\system32\drivers\ql40xx.sys (file missing)

O23 - Service: BlackBerry Smartphone (RimUsb) - Research In Motion Limited - C:\WINDOWS\SYSTEM32\Drivers\RimUsb_AMD64.sys (file missing)

O23 - Service: Realtek 8167 NT Driver (RTL8167) - Realtek - C:\WINDOWS\SYSTEM32\DRIVERS\Rt64win7.sys (file missing)

O23 - Service: SiSRaid2 - Silicon Integrated Systems Corp. - C:\WINDOWS\system32\drivers\SiSRaid2.sys (file missing)

O23 - Service: SiSRaid4 - Silicon Integrated Systems - C:\WINDOWS\system32\drivers\sisraid4.sys (file missing)

O23 - Service: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) (ssudmdm) - DEVGURU Co., LTD.(www.devguru.co.kr) - C:\WINDOWS\SYSTEM32\DRIVERS\ssudmdm.sys (file missing)

O23 - Service: stexstor - Promise Technology - C:\WINDOWS\system32\drivers\stexstor.sys (file missing)

O23 - Service: Synaptics TouchPad Driver (SynTP) - Synaptics Incorporated - C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys (file missing)

O23 - Service: TOSHIBA Writing Engine Filter Driver (tdcmdpst) - TOSHIBA Corporation. - C:\WINDOWS\SYSTEM32\DRIVERS\tdcmdpst.sys (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: Apple Mobile USB Driver (USBAAPL64) - Apple, Inc. - C:\WINDOWS\SYSTEM32\Drivers\usbaapl64.sys (file missing)

O23 - Service: viaide - VIA Technologies, Inc. - C:\WINDOWS\system32\drivers\viaide.sys (file missing)

O23 - Service: vsmraid - VIA Technologies Inc.,Ltd - C:\WINDOWS\system32\drivers\vsmraid.sys (file missing)



Listado de Servicios (Deshabilitados):

--------------------------------------



105 Servicios.

31 de Carga Automatica.

74 de Carga Manual.

0 Deshabilitados.

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ADD ON buscador no deseado

Mensaje por msc hotline sat » 22 Nov 2012, 16:41

Pues en los R0 (PAGINA DE INICIO Y BUSCADORES) no se observa ningun acceso a dicha pagina o buscador:









R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch



R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (User 'UpdatusUser')



R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch (User 'UpdatusUser')



R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (User 'X')



R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch (User 'X')



R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-501\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (User 'Guest')



R0 - HKUS\S-1-5-21-1473093165-3826100448-2898187161-501\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch (User 'Guest')









Solo en estas dos vemos algo sospechoso:





O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll



O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll





y ya que el FUNMODS esta considerado un PUP (programa potencialemte indesable) :



funmoods.dll (PUP. Funmoods)



Añada .VIR a estos dos ficheros:



C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll

C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll



y envienos para analizar.



https://foros.zonavirus.com/viewtopic.php?f=5&t=45334



A su recepcion los analizaremos e informaremos del resultado.



saludos



ms, 22-11-2012

synunm
Mensajes: 13
Registrado: 21 Feb 2007, 17:39
Ubicación: Argentina

Re: ADD ON buscador no deseado

Mensaje por synunm » 22 Nov 2012, 22:31

NOTA DE ZONAVIRUS:



Le habiamos indicado que lo enviara segun https://foros.zonavirus.com/viewtopic.php?f=5&t=45334



se eliminan de este post en consecuencia



ms.

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: ADD ON buscador no deseado

Mensaje por msc hotline sat » 24 Nov 2012, 08:31

Pues no debería haber posteado los ficheros aqui, no solo no está permitido, sino que podía haberlos descargado cualquier usuario e infectarse...



Ya le deciamos como hacerlo. Tengalo en cuenta en el futuro.



Y efectivamente son malwares:



SHA256: ba6870cd06e5700f918c30ee92391d8a77c99b3fda06372c42b35983ee88253c

SHA1: cc22b0aa6f4b5367865b75f3c0afa788c7f97d8e

MD5: d5a9ec59fbf50e576b1d3b60ccfb7117

Tamaño: 236.2 KB ( 241888 bytes )

Nombre: funmoods.dll.VIR

Tipo: Win32 DLL

Detecciones: 5 / 43

Fecha de análisis: 2012-11-24 07:24:01 UTC



dejelos con extension .VIR y, tras reiniciar, diganos si ya se ha solucionado la anomalia.



saludos



ms, 24-11-2012

Cerrado

Volver a “Foro Spyware”