[SOLUCIONADO] Virus ,Spam ??? Ventanas emergentes en Firefox...

Archivado
Pues nada ,de un tiempo a esta parte me sale estas ventanas emergentes en la esquina derecha inferior de la ventana de Firefox :

Imagen


Tengo firefox instalado a la ultima version ,el Antivirus de Windows al dia .Sobre decir que no he abierto ningun mail raro ni instalado nada "crackeado" ni sparrow.Ademas creo que solo me sale en Firefox ...

Que leches es ???
Psale el malwrebytes o el argente utilities o ambos

porque tiene pinta
SOLUCINADO.

Despues de pasarle el malware bytes ,el spybot ,etc ...Y borras archivos infectados ,seguia apareciendo la publicidad - aunque en escaneos posteriores no aparecion objetos peligrosos -

Despues de pinchar en la publicidad y copiar la direccion a la que te enviaba en google ,he conseguido llegar a un foro con gente con el mismo problema.Un admin recomendaba usar la herramienta "combofix" .Siguiendo los pasos recomendados ,lo he solucionado.

Por desgracia he perdido la direccion de dicho foro ,y me tiene mosqueado que era eso que seguia saliendo y que no detectaban los programas de spywarte ....Por suerte para mi esta arreglado.
puedes tirar de historial, buscas la palabra combofix y debería salirte
http://www.forospyware.es/otras-herrami ... bofix.html

¿Esta?
mik0 escribió:http://www.forospyware.es/otras-herramientas/278-combofix.html

¿Esta?


Esa es la aplicación , aqui os pego el LOg por si quereis echar un vistacillo :

ComboFix 12-05-06.03 - gejorsnake 06/05/2012  20:00:11.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.34.3082.18.7159.5522 [GMT 2:00]
Running from: c:\users\gejorsnake\Desktop\ComboFix.exe
Command switches used :: c:\users\gejorsnake\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\53246184.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GEJORS~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\gejorsnake\AppData\Local\.#
c:\users\gejorsnake\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\windows\assembly\tmp\U
c:\windows\iun6002.exe
c:\windows\SysWow64\tmp6E5C.tmp
c:\windows\SysWow64\tmp6E7C.tmp
F:\install.exe
F:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-06 to 2012-05-06  )))))))))))))))))))))))))))))))
.
.
2012-05-06 18:06 . 2012-05-06 18:06   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-06 13:12 . 2012-05-06 13:12   --------   d-----w-   c:\users\gejorsnake\AppData\Roaming\Rainmeter
2012-05-06 13:12 . 2012-05-06 13:12   --------   d-----w-   c:\program files\Rainmeter
2012-05-06 08:15 . 2012-04-13 08:46   8917360   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6751B0AF-0974-4242-B4F0-862E90D0B613}\mpengine.dll
2012-05-04 23:51 . 2012-04-13 08:46   8917360   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 23:47 . 2012-05-05 17:01   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2012-05-04 23:47 . 2012-05-04 23:48   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2012-05-04 20:55 . 2012-05-04 20:55   --------   d-----w-   c:\users\gejorsnake\AppData\Roaming\Malwarebytes
2012-05-04 20:54 . 2012-05-04 20:54   --------   d-----w-   c:\programdata\Malwarebytes
2012-05-04 20:54 . 2012-05-04 20:55   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-04 20:54 . 2012-04-04 13:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-05-04 20:03 . 2012-05-04 20:03   --------   d-----w-   c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 20:03 . 2012-05-04 20:03   157352   ----a-w-   c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 20:03 . 2012-05-04 20:03   129976   ----a-w-   c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-22 17:07 . 2012-04-22 17:07   --------   d-----w-   c:\programdata\Blizzard Entertainment
2012-04-22 08:48 . 2012-04-24 09:02   --------   d-----w-   c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-22 08:43 . 2012-04-22 08:43   --------   d-----w-   c:\programdata\Battle.net
2012-04-20 18:21 . 2012-04-20 18:22   --------   d-----w-   c:\users\gejorsnake\AppData\Local\SniperV2 Demo
2012-04-19 17:55 . 2012-04-19 17:55   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-04-10 22:30 . 2012-03-06 06:53   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-10 22:30 . 2012-03-06 05:59   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 22:30 . 2012-03-06 05:59   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 22:28 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-10 22:28 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-10 22:28 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-10 22:28 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-10 22:28 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-10 22:28 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-10 22:28 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 17:54 . 2010-11-19 08:49   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-04-03 19:21 . 2012-03-14 23:20   418464   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-03 19:21 . 2011-05-15 16:13   70304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 21:58 . 2012-03-23 21:58   55384   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2012-03-20 21:04 . 2012-03-20 21:04   178800   ----a-w-   c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-20 18:44 . 2010-10-24 20:25   98688   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2010-03-25 20:30   203888   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-03-20 10:55 . 2010-11-09 23:19   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-03-20 10:55 . 2010-11-09 23:19   444952   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2012-03-20 10:55 . 2010-11-09 23:19   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-03-20 10:55 . 2010-11-09 23:19   109080   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2012-02-19 16:09 . 2010-11-07 15:22   189248   ----a-w-   c:\windows\SysWow64\PnkBstrB.exe
2012-02-19 16:09 . 2010-11-07 15:22   189248   ----a-w-   c:\windows\SysWow64\PnkBstrB.ex0
2012-02-19 16:09 . 2010-11-07 15:22   75136   ----a-w-   c:\windows\SysWow64\PnkBstrA.exe
2012-02-17 06:38 . 2012-03-14 18:57   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 18:57   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 18:57   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 18:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:48 . 2012-02-15 03:48   10856960   ----a-w-   c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21   25839104   ----a-w-   c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18   159744   ----a-w-   c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18   791040   ----a-w-   c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2012-02-15 03:17   957952   ----a-w-   c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13   442368   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13   496128   ----a-w-   c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13   235520   ----a-w-   c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11   120320   ----a-w-   c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10   21504   ----a-w-   c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10   59392   ----a-w-   c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10   43520   ----a-w-   c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07   6200320   ----a-w-   c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58   19392000   ----a-w-   c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2012-02-15 02:52   7646208   ----a-w-   c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41   1113088   ----a-w-   c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40   1828864   ----a-w-   c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40   4958208   ----a-w-   c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34   51200   ----a-w-   c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34   46080   ----a-w-   c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34   44544   ----a-w-   c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34   44032   ----a-w-   c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34   5954048   ----a-w-   c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34   13859840   ----a-w-   c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29   5062656   ----a-w-   c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29   11561984   ----a-w-   c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25   7551488   ----a-w-   c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-11-18 20:59   58880   ----a-w-   c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14   512000   ----a-w-   c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13   356352   ----a-w-   c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13   17408   ----a-w-   c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13   14336   ----a-w-   c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13   14336   ----a-w-   c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13   39936   ----a-w-   c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13   33280   ----a-w-   c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13   327680   ----a-w-   c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2012-02-15 02:12   43008   ----a-w-   c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12   33280   ----a-w-   c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12   39936   ----a-w-   c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12   30208   ----a-w-   c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11   54784   ----a-w-   c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11   54784   ----a-w-   c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11   53760   ----a-w-   c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11   53760   ----a-w-   c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05   69632   ----a-w-   c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05   59904   ----a-w-   c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05   61952   ----a-w-   c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05   54784   ----a-w-   c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05   16507904   ----a-w-   c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04   13238272   ----a-w-   c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03   54272   ----a-w-   c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03   48128   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2012-02-10 14:39 . 2012-02-10 14:39   927800   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F0B5CF1-DD22-4E0B-9B63-6C1D57F8FB34}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 18:59   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 18:59   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
.
c:\users\gejorsnake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2007-8-30 809984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   credssp.dll, IckuqdicComl.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\GEJORS~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-23 17152]
R3 libusb0;libusb-win32 - Kernel Driver 03/17/2011 1.2.3.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-14 19:21]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2856178646-1735880597-3496410534-1000Core.job
- c:\users\gejorsnake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 08:09]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2856178646-1735880597-3496410534-1000UA.job
- c:\users\gejorsnake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 08:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00ZumoCast]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-30 21:50   2208768   ----a-w-   c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01ZumoCast]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-30 21:50   2208768   ----a-w-   c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02ZumoCast]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-30 21:50   2208768   ----a-w-   c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03ZumoCast]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-30 21:50   2208768   ----a-w-   c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04ZumoCast]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-30 21:50   2208768   ----a-w-   c:\program files (x86)\Zecter\ZumoCast\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\gejorsnake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 134160]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar a OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{BD08ED6D-E969-48D9-8665-860BB81236A1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\gejorsnake\AppData\Roaming\Mozilla\Firefox\Profiles\qr22jacf.default\
FF - prefs.js: network.proxy.ftp - 219.83.62.50
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 219.83.62.50
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 219.83.62.50
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 219.83.62.50
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Por fin me caso - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2856178646-1735880597-3496410534-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2856178646-1735880597-3496410534-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2856178646-1735880597-3496410534-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,84,6d,de,c3,38,77,5c,7b,cc,f9,dc,ef,6a,3e,b7,69,62,a4,f7,97,1f,5b,
   6b,3d,4d,fb,3f,c7,38,c1,61,6b,cf,85,17,25,4b,1b,3f,6b,06,f4,c4,ea,52,16,3f,\
"??"=hex:6c,57,c3,e4,82,19,b3,b1,80,29,9e,e1,66,5c,95,8b
.
[HKEY_USERS\S-1-5-21-2856178646-1735880597-3496410534-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,72,4c,13,36,09,d7,0e,3d,4e,a2,4a,e8,28,5d,41,2e,e4,5b,4a,fc,
   96,14,bc,18,ef,e8,b6,5a,a8,f6,fd,d2,7f,f0,68,36,62,e9,96,67,9e,43,23,f0,09,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
.
**************************************************************************
.
Completion time: 2012-05-06  20:12:10 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-06 18:12
.
Pre-Run: 21.550.673.920 bytes libres
Post-Run: 21.029.462.016 bytes libres
.
- - End Of File - - FC22D3916CCDF3AE0683A7A2B8204B63


La verdad es que a ver si miro detenidamente el reporte y veo exactamente que es lo que se "ha cargado".

Me sigue mosqueando muchísimo la forma en que se ha podido infectar el equipo ...
c:\users\GEJORS~1\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\users\gejorsnake\AppData\Local\.#
c:\users\gejorsnake\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
c:\windows\assembly\tmp\U
c:\windows\iun6002.exe
c:\windows\SysWow64\tmp6E5C.tmp
c:\windows\SysWow64\tmp6E7C.tmp
F:\install.exe
F:\Setup.exe


Esto parece que es lo que se ha cargado, y a la vista de los 2 ultimos archivos: (F:\install.exe, F:\Setup.exe) es posible que tu infección venga de un pincho USB infectado que has introducido en tu PC.
JuananBow escribió:
Esto parece que es lo que se ha cargado, y a la vista de los 2 ultimos archivos: (F:\install.exe, F:\Setup.exe) es posible que tu infección venga de un pincho USB infectado que has introducido en tu PC.


Eso pasa por meterlo en cualquier sitio sin proteccion ... [+risas]

Pues gracias a todos por la ayuda , si es por un USB me empiezo a imaginar por donde vienen los tiros ...
7 respuestas
Archivado
Volver a General