• Registrarse
  • Iniciar sesión


  • Página 1 de 4 1234 ÚltimoÚltimo
    Resultados 1 al 10 de 38

    Imposible encontrar solucion malware

    Saludos companeros.... Pues desde hace un tiempo mi desktop no esta reaccionando de manera normal. Se pone super lenta, no puedo en ocaciones navegar. Creo que algun virus o algo la ha atacado, aunque siempre ...

    1. #1
      Usuario Avatar de Jimmythebest
      Registrado
      oct 2007
      Ubicación
      Dominican Republic
      Mensajes
      65

      Malware Imposible encontrar solucion malware

      Saludos companeros....

      Pues desde hace un tiempo mi desktop no esta reaccionando de manera normal. Se pone super lenta, no puedo en ocaciones navegar. Creo que algun virus o algo la ha atacado, aunque siempre estoy pendiente que no pase eso...

      He usado herramientas de la web para tratar de borrar esos malwares, pero el aun asi el problema persiste.

      Me gustaria que por favor me den la mano, ya que necesito seguir haciendo mis trabajos de la uni en esa PC...

      Gracias de antemano...

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.692

      Re: Imposible encontrar solucion malware

      Buenas Jimmythebest.

      Dinos que herramientas has utilizado y si has encontrado algún tipo de infección con ellas.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Jimmythebest
      Registrado
      oct 2007
      Ubicación
      Dominican Republic
      Mensajes
      65

      Articulo Re: Imposible encontrar solucion malware

      Cita Originalmente publicado por Javierhf Ver Mensaje
      Buenas Jimmythebest.

      Dinos que herramientas has utilizado y si has encontrado algún tipo de infección con ellas.

      Saludos.
      He utilizado Malwarebyte's, Superantispyware, Ad-Aware, limpiado registro con Ccleaner, Avast Antivirus...

      He encontrado infecciones, pero no virus. Solo las que las herramientas que mencione me indican...

    4. #4
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.692

      Re: Imposible encontrar solucion malware

      Realiza estos pasos :

      • Descarga >> AT-Destroyer (Adwares/Toolbars-Destroyer) by @Infospyware.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Aparecerá el Disclaimer, si estás de acuerdo, presiona SI para continuar.
      • Presiona sobre la opción 1 (Buscar y Destruir) para comenzar es escaneo.
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • En caso de estar infectado, AT-Destroyer lo indicará con lineas rojas donde se haya encontrado la infección, sino, serán lineas verdes.
      • Una vez terminado el escaneo, podrás volver a ver el escritorio y se te abrirá un reporte, que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.(También lo puedes encontrar en C:\AT-Destroyer.log)
      • Inmediatamente debes Reiniciar el equipo.
      Y a continuación este otro, descarga >> OTL By OldTimer

      >>> Para Ejecutar OTL

      • Cerrar todos programas que tengas abiertos y hacer doble click en el ícono de OTL para ejecutarlo.
      • Dejarlo correr y esperar a que aparezca el menú de OTL..
      • Cuando salga el menú de OTL, debes cambiar debajo de: "Tipo de Análisis" poniendo Resultado Mínimo.
      • Marcar la casilla Analizar Todos.
      • Marcar las opciones: Buscar LOP y Buscar Purity.
      • Marcar las Opciones >> Omitir Archivos De Microsoft y Usar Listado de Compañías Reconocidas.
      • Copiar y Pegar las lineas del siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

        NOTA: No copiar la palabra Cita.
        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presionar el botón .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos archivos estarán grabados en el mismo lugar donde OTL.exe fue descargado.
      • Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.



      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Jimmythebest
      Registrado
      oct 2007
      Ubicación
      Dominican Republic
      Mensajes
      65

      Re: Imposible encontrar solucion malware

      Registro de AT-Destroyer

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis 09/09/2012
      Hora iniciada en el analisis 15:15:28.79
      Usuario Actual : [C:\Users\Jimmy]
      Sistema Operativo: Windows 7 Ultimate
      Arquitectura: Sistema operativo de 64 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Jimmy-Administrador]
      Versión Google Chrome: 21.0.1180.89
      Versión Mozilla Firefox: 14.0.1

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent
      HKEY_LOCAL_MACHINE\SOFTWARE\Iminent
      HKEY_CURRENT_USER\SOFTWARE\Iminent
      HKEY_CURRENT_USER\SOFTWARE\Iminent


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Users\Jimmy\AppData\Roaming\cacaoweb\npdfile.dat
      C:\Users\Jimmy\AppData\Roaming\cacaoweb\storage.db
      "C:\Users\Jimmy\AppData\Roaming\cacaoweb"
      C:\ProgramData\Ask\APN-Stub
      "C:\ProgramData\Ask"
      C:\Users\Jimmy\Appdata\Local\GDIPFONTCACHEV1.DAT
      C:\Windows\system32\DEBUG.log


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\SysWOW64\blank.htm
      Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157


      "HKEY_USERS\S-1-5-21-2876950389-176514409-2402396831-1000\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\system32\blank.htm


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,
      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======


      Registro OTL


      OTL logfile created on: 09/09/2012 03:35:11 p.m. - Run 1
      OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jimmy\Downloads
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00001c0a | Country: República Dominicana | Language: ESD | Date Format: dd/MM/yyyy

      7.98 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 72.94% Memory free
      15.96 Gb Paging File | 13.48 Gb Available in Paging File | 84.46% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 77.85 Gb Total Space | 1.52 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
      Drive D: | 71.16 Gb Total Space | 0.33 Gb Free Space | 0.46% Space Free | Partition Type: NTFS
      Drive E: | 487.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
      Drive F: | 135.20 Gb Total Space | 78.89 Gb Free Space | 58.35% Space Free | Partition Type: NTFS
      Drive G: | 97.68 Gb Total Space | 16.87 Gb Free Space | 17.28% Space Free | Partition Type: NTFS

      Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Jimmy\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Users\Jimmy\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe (Google Inc.)
      PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
      PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
      PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
      PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
      PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
      PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
      PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()
      PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
      PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
      PRC - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
      PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ()
      MOD - C:\PROGRA~2\MICROS~2\Office14\1033\GrooveIntlResource.dll ()
      MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
      SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
      SRV - (FLEXnet Licensing Service 64) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
      SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
      SRV - (!SASCORE) -- C:\Archivos de programa\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()
      SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
      DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
      DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
      DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
      DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
      DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
      DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
      DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
      DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
      DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
      DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
      DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
      DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
      DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
      DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
      DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
      DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
      DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
      DRV:64bit: - (GKUPRO2D) -- C:\Windows\SysNative\drivers\GKUPRO2D.sys (Gemplus)
      DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
      DRV - (SASDIFSV) -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      DRV - (SASKUTIL) -- C:\Archivos de programa\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
      DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-DO
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D A2 D3 41 43 2C CD 01 [binary data]
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\..\SearchScopes,DefaultScope = {02487379-29A5-4F20-A1C4-13E28C26D356}
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\..\SearchScopes\{02487379-29A5-4F20-A1C4-13E28C26D356}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\..\SearchScopes\{368DD7FA-F958-4954-8D31-4EA4F97E1C87}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDO&apn_uid=e4e8e1b4-1636-4338-a105-30b35f114e21&apn_sauid=1D54F086-7329-48BE-9808-269A8838EBCC
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultengine: "Google"
      FF - prefs.js..browser.search.defaultenginename: "Google"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.3
      FF - prefs.js..keyword.URL: "http://google.com"
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
      FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
      FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jimmy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
      FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Jimmy\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
      FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Jimmy\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/08 20:12:05 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/21 09:46:27 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/02 22:25:20 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 15:15:25 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 11:01:54 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/21 09:46:27 | 000,000,000 | ---D | M]

      [2012/01/15 21:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Extensions
      [2012/06/15 11:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\bhu5fji9.default\extensions
      [2012/03/14 21:38:47 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\bhu5fji9.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
      [2012/03/15 03:55:36 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\bhu5fji9.default\extensions\[email protected]
      [2012/06/15 11:09:58 | 000,012,565 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\bhu5fji9.default\extensions\[email protected]
      [2012/03/17 08:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/08/07 15:15:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/07/05 11:46:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/07/05 11:46:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.com/
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg\1.0.0.2_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppbghobbfgnifknfaakaemepjaogldf\1.0.3_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.5.11_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\helfjghkkgfpipmbhpocdkccmephafgb\3.2.1_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hohaaljbjhjodnncjbeeilfdloeinfbh\1.2_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmejadjmhcgkennhjldbmlpbipnebjmi\2.0_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
      CHR - Extension: No name found = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\

      O1 HOSTS File: ([2012/06/24 07:09:13 | 000,000,884 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 activate.adobe.com
      O1 - Hosts: 74.208.10.249 gs.apple.com
      O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
      O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
      O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
      O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
      O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
      O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [Facebook Update] C:\Users\Jimmy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [RockMelt Update] C:\Users\Jimmy\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.)
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
      O7 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
      O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B00280B9-24F1-4325-81F7-4C4A420C0342}: NameServer = 196.3.81.5,200.88.127.23
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2011/10/21 09:15:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
      O32 - AutoRun File - [2009/06/12 07:53:14 | 000,000,075 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
      O32 - AutoRun File - [2012/05/10 09:23:06 | 000,000,000 | ---D | M] - F:\AutoCAD 2010 [32-Bit] - English -- [ NTFS ]
      O32 - AutoRun File - [2012/08/07 02:14:08 | 000,000,000 | ---D | M] - F:\AutoCAD 2013 64-BIT -- [ NTFS ]
      O32 - AutoRun File - [2011/03/25 06:28:04 | 3232,569,766 | ---- | M] () - G:\Autodesk_Revit_Architecture_2012_English_Win_32-64bit.exe -- [ NTFS ]
      O33 - MountPoints2\{432f5daf-1f9f-11e1-9e23-6c626d476528}\Shell - "" = AutoRun
      O33 - MountPoints2\{432f5daf-1f9f-11e1-9e23-6c626d476528}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1
      O33 - MountPoints2\H\Shell - "" = AutoRun
      O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
      O33 - MountPoints2\H\Shell\dinstall\command - "" = H:\DirectX\dxsetup.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

      MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
      MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - - File not found
      MsConfig:64bit - StartUpFolder: C:^Users^Jimmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\Jimmy\AppData\Local\Facebook\MESSEN~1\214631~1.0\FACEBO~1.EXE - (Facebook)
      MsConfig:64bit - StartUpFolder: C:^Users^Jimmy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader - Acceso directo.lnk - C:\Users\Jimmy\Desktop\JDOWNL~1\JDOWNL~1.EXE - (AppWork UG (haftungsbeschränkt))
      MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
      MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
      MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      MsConfig:64bit - StartUpReg: Super-Charger - hkey= - key= - C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
      MsConfig:64bit - State: "startup" - Reg Error: Key error.

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/09/09 15:15:16 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/09/09 10:21:28 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{62C06527-6708-4172-9B9D-69F3663519E4}
      [2012/09/08 05:36:59 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{E2641771-E11F-4C89-938F-47CB92BF1F56}
      [2012/09/07 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
      [2012/09/07 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
      [2012/09/07 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{91A56E15-4802-43C9-BD3E-CEFB79593F31}
      [2012/09/07 10:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2012/09/07 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2012/09/07 10:15:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
      [2012/09/07 09:57:43 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\GlarySoft
      [2012/09/07 09:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
      [2012/09/07 09:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
      [2012/09/07 03:39:32 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A30CB4F5-43ED-4905-BAAB-B4D82B0EF402}
      [2012/09/06 21:58:37 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Temp
      [2012/09/06 21:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Zbshareware Lab
      [2012/09/06 21:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Zbshareware Lab
      [2012/09/06 15:34:51 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{E34877E4-E91F-454E-A886-C635C2B31BB1}
      [2012/09/04 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\SUPERAntiSpyware.com
      [2012/09/04 22:40:14 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
      [2012/09/04 22:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
      [2012/09/04 22:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
      [2012/09/04 22:20:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
      [2012/09/04 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\adaware
      [2012/09/04 22:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
      [2012/09/04 22:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
      [2012/09/04 22:08:30 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
      [2012/09/04 22:08:28 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
      [2012/09/04 22:08:28 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
      [2012/09/04 22:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
      [2012/09/04 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
      [2012/09/04 22:08:03 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Downloaded Installations
      [2012/09/04 22:03:48 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Ad-Aware Antivirus
      [2012/09/04 21:49:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{084C64B7-8A73-480C-8526-994EBED73B21}
      [2012/09/02 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{437BC400-A57F-4467-8044-E1F5D88B0945}
      [2012/09/02 01:37:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{47CED751-318B-4347-8BFA-577DD3F06792}
      [2012/09/01 13:37:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{261500D7-D9D3-4E4E-B412-0601E1183CF3}
      [2012/09/01 01:36:48 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4BEEAA84-C90B-44BA-804B-86351E88A018}
      [2012/08/31 13:36:35 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{283BC649-CC02-46D1-9D07-5B0C5F13BA87}
      [2012/08/27 20:15:31 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{5144A620-280B-42E8-9EAF-5084FB2572B1}
      [2012/08/27 14:15:16 | 170,154,212 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\Jimmy\Desktop\Unconfirmed 462293.crdownload
      [2012/08/25 17:11:41 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\GMail Drive
      [2012/08/25 1757 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
      [2012/08/25 1757 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ShellExt
      [2012/08/25 16:42:15 | 000,000,000 | ---D | C] -- C:\Call of Duty- Modern Warfare 3
      [2012/08/23 07:51:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\ACTIVADOR OFFICE 2010 100% FUNCIONAL
      [2012/08/21 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\JDownloader
      [2012/08/20 22:42:01 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4191E69A-A0BF-4B6D-97DC-77298FC9DF4B}
      [2012/08/20 09:16:53 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{D42919A6-8432-4D17-AF6E-D6AB3FE5B914}
      [2012/08/19 21:16:39 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{96D88532-AE8F-46B3-BE2B-1069E402570C}
      [2012/08/13 08:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{F0C1BC67-6FB1-4F09-87CC-0BA19D5705DC}
      [2012/08/13 08:20:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{C08E69B2-EFCC-47B6-859C-E64D31F3BF48}
      [2012/08/12 20:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A3904DE7-A519-41D2-8264-0621D3A98896}
      [2012/08/12 20:19:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{C6150FBA-FDA2-426C-84D5-C865DC4F9B5D}
      [2012/08/12 08:19:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A0DFA8CC-14FB-498B-B169-ED56667949F4}
      [2012/08/12 08:19:34 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{626A6496-982A-4171-B255-3EBDFAB84A8B}
      [2012/08/11 20:19:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{61CB1445-BFFB-4857-BFBA-3B4738F3CBFE}
      [2012/08/11 20:19:10 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{61AC2656-68CC-4A0D-A691-A9F9595328E7}
      [2012/08/11 08:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{114E0748-9A1C-40FA-940A-F460E466B0B4}
      [2012/08/10 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{74AB1C34-86E6-48CD-BAE6-04701E7117D5}

      ========== Files - Modified Within 30 Days ==========

      [2012/09/09 15:39:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/09/09 15:38:27 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/09/09 15:38:27 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/09/09 15:31:07 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      [2012/09/09 15:30:19 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      [2012/09/09 15:30:03 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/09/09 15:27:41 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
      [2012/09/09 15:26:26 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/09/09 15:26:24 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/09/09 15:25:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/09/09 15:25:40 | 2133,835,775 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/09 14:40:02 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job
      [2012/09/09 14:30:05 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      [2012/09/09 12:58:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      [2012/09/08 02:00:01 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job
      [2012/09/07 19:31:00 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      [2012/09/07 18:58:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      [2012/09/07 09:44:53 | 000,001,066 | ---- | M] () -- C:\Users\Jimmy\Desktop\Glary Utilities.lnk
      [2012/09/06 17:31:24 | 002,660,516 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/09/06 17:31:24 | 001,211,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/09/06 17:31:24 | 000,786,894 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/09/06 17:31:24 | 000,653,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/09/06 17:31:24 | 000,006,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/09/04 22:50:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/08/27 14:16:53 | 170,154,212 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\Jimmy\Desktop\Unconfirmed 462293.crdownload
      [2012/08/25 20:56:10 | 000,025,391 | ---- | M] () -- C:\Users\Jimmy\Desktop\error.JPG
      [2012/08/25 17:23:16 | 000,002,168 | ---- | M] () -- C:\Windows\diagwrn.xml
      [2012/08/25 17:23:16 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
      [2012/08/23 07:54:03 | 000,000,135 | ---- | M] () -- C:\Windows\AutoKMS.ini
      [2012/08/23 07:49:41 | 002,949,027 | ---- | M] () -- C:\Users\Jimmy\Desktop\ACOF2010.rar
      [2012/08/22 09:21:02 | 000,057,978 | ---- | M] () -- C:\Users\Jimmy\Documents\My Schedule.pdf
      [2012/08/21 10:59:46 | 000,208,159 | ---- | M] () -- C:\Windows\hpoins43.dat
      [2012/08/21 09:01:05 | 000,095,522 | ---- | M] () -- C:\Users\Jimmy\Documents\my Grade.pdf
      [2012/08/20 22:40:32 | 005,042,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

      ========== Files Created - No Company Name ==========

      [2012/09/09 15:15:16 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/09/09 15:15:16 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/09/09 15:15:16 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/09/07 09:44:57 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/09/07 09:44:53 | 000,001,066 | ---- | C] () -- C:\Users\Jimmy\Desktop\Glary Utilities.lnk
      [2012/09/04 22:50:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/04 22:40:37 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job
      [2012/09/04 22:40:36 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job
      [2012/09/04 22:08:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
      [2012/08/25 20:56:10 | 000,025,391 | ---- | C] () -- C:\Users\Jimmy\Desktop\error.JPG
      [2012/08/25 17:23:13 | 000,002,168 | ---- | C] () -- C:\Windows\diagwrn.xml
      [2012/08/25 17:23:13 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
      [2012/08/23 07:54:03 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
      [2012/08/23 07:48:28 | 002,949,027 | ---- | C] () -- C:\Users\Jimmy\Desktop\ACOF2010.rar
      [2012/08/21 09:01:05 | 000,095,522 | ---- | C] () -- C:\Users\Jimmy\Documents\my Grade.pdf
      [2012/04/09 07:32:45 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe AIFF Format CS5 Prefs
      [2012/03/28 21:29:41 | 000,000,132 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Adobe PNG Format CS5 Prefs
      [2012/03/23 09:58:35 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
      [2012/01/29 15:20:00 | 000,006,144 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/01/21 09:40:45 | 000,208,159 | ---- | C] () -- C:\Windows\hpoins43.dat
      [2012/01/21 09:40:45 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
      [2012/01/20 14:59:51 | 000,000,000 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\{97574DC6-50B1-431E-96E6-773C4F4A7B11}
      [2011/10/01 23:21:09 | 001,655,612 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2011/09/23 06:18:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2011/01/12 22:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

      ========== LOP Check ==========

      [2012/03/26 05:38:00 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\2K Sports
      [2011/10/10 11:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Acronis
      [2012/09/07 09:19:22 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Ad-Aware Antivirus
      [2012/03/18 18:20:28 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Autodesk
      [2012/07/26 06:27:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\com.prezi.PreziDesktop
      [2012/06/02 09:01:45 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Foxit Software
      [2012/09/07 09:57:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\GlarySoft
      [2012/04/22 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Instant Unlock Xperia
      [2011/11/25 13:51:56 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\MAXON
      [2012/06/10 23:00:56 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\MetroTwit
      [2012/06/07 13:36:17 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\naan studio, Inc
      [2011/09/29 22:26:35 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Nemetschek
      [2011/09/29 22:28:00 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\net.nemetschek.vectorworks.2010.help.spa.CC16605A57FA88F0CED2B1A19E704F482AB2B1EB.1
      [2012/05/30 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Nokia
      [2012/05/30 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PC Suite
      [2012/08/01 23:13:59 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Quest3D
      [2012/03/23 09:58:35 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Research In Motion
      [2011/12/07 07:15:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
      [2011/10/31 20:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\TeamViewer
      [2012/09/06 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Temp
      [2012/01/30 08:18:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Thinstall
      [2012/09/09 15:29:16 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\uTorrent
      [2012/09/06 21:26:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Zbshareware Lab
      [2012/09/07 18:58:00 | 000,001,044 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      [2012/09/09 12:58:01 | 000,001,066 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      [2012/09/09 15:26:24 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
      [2012/09/09 14:30:05 | 000,000,876 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      [2012/09/09 15:30:19 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      [2012/09/06 21:46:17 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
      [2012/09/09 14:40:02 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job
      [2012/09/08 02:00:01 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/07/27 10:02:06 | 000,498,446 | ---- | M] () -- C:\acadminidump.dmp
      [2012/09/09 15:17:41 | 000,002,712 | ---- | M] () -- C:\AT-Destroyer.txt
      [2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
      [2011/09/20 10:03:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2011/09/23 07:46:04 | 000,203,836 | RHS- | M] () -- C:\grldr
      [2012/09/09 15:25:40 | 2133,835,775 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/09 15:15:29 | 000,000,232 | ---- | M] () -- C:\prueba.txt
      [2011/09/23 07:46:05 | 000,000,000 | RHS- | M] () -- C:\winx.ld

      < End of report >



      Aun le falta, creo que ha mejorado un poco... Pero le falta
      Última edición por @Javier_HF fecha: 09/09/12 a las 16:08:33 Razón: Quitar ODE Y QUOTE]

    6. #6
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.692

      Re: Imposible encontrar solucion malware

      Ejecuta de nuevo OTL.exe

      Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación.

      Código:
      :OTL
      IE - HKU\S-1-5-21-2876950389-176514409-2402396831-1000\..\SearchScopes\{368DD7FA-F958-4954-8D31-4EA4F97E1C87}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDO&apn_uid=e4e8e1b4-1636-4338-a105-30b35f114e21&apn_sauid=1D54F086-7329-48BE-9808-269A8838EBCC
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      FF - user.js - File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_40 2_265.dll File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [Facebook Update] C:\Users\Jimmy\AppData\Local\Facebook\Update\Faceb ookUpdate.exe (Facebook Inc.)
      O4 - HKU\S-1-5-21-2876950389-176514409-2402396831-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - AutoRun File - [2011/10/21 09:15:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
      O32 - AutoRun File - [2009/06/12 07:53:14 | 000,000,075 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
      O32 - AutoRun File - [2012/05/10 09:23:06 | 000,000,000 | ---D | M] - F:\AutoCAD 2010 [32-Bit] - English -- [ NTFS ]
      O32 - AutoRun File - [2012/08/07 02:14:08 | 000,000,000 | ---D | M] - F:\AutoCAD 2013 64-BIT -- [ NTFS ]
      O32 - AutoRun File - [2011/03/25 06:28:04 | 3232,569,766 | ---- | M] () - G:\Autodesk_Revit_Architecture_2012_English_Win_32-64bit.exe -- [ NTFS ]
      O33 - MountPoints2\{432f5daf-1f9f-11e1-9e23-6c626d476528}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1
      O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
      O33 - MountPoints2\H\Shell\dinstall\command - "" = H:\DirectX\dxsetup.exe
      MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - - File not found
      MsConfig:64bit - StartUpFolder: C:^Users^Jimmy^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\Jimmy\AppData\Local\Facebook\MESSEN~1\214631~1.0\FACEBO~1.EXE - (Facebook)
      MsConfig:64bit - State: "startup" - Reg Error: Key error.
      [2012/09/07 17:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
      [2012/09/09 15:26:24 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/09/09 14:40:02 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job
      [2012/09/09 12:58:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      [2012/09/08 02:00:01 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job
      [2012/09/07 18:58:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      [2012/09/04 22:40:37 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job
      [2012/09/04 22:40:36 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job
      
      :Files
      ipconfig /flushdns /c
      ipconfig /renew /c
      
      :Commands
      [PURITY]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [RESETHOSTS]
      Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Guardas el nuevo reporte generado, y lo copias y pegas en tu próxima respuesta.

      Antes de contestarnos revisa/actualiza tu versión de Java(Muy Importante) >> Descarga gratuita del software de Java

      Y cuando nos contestes dinos que versión de Java se ha quedado instalada >> ¿Cómo puedo comprobar si Java funciona en mi equipo?

      Recuerda ponernos el log de OTL, y dinos también que versión de Java tienes ahora y como sigue el ordenador, en relación al problema planteado.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de Jimmythebest
      Registrado
      oct 2007
      Ubicación
      Dominican Republic
      Mensajes
      65

      Re: Imposible encontrar solucion malware

      REporte:
      All processes killed
      ========== OTL ==========
      Registry key HKEY_USERS\S-1-5-21-2876950389-176514409-2402396831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{368DD7FA-F958-4954-8D31-4EA4F97E1C87}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{368DD7FA-F958-4954-8D31-4EA4F97E1C87}\ not found.
      Prefs.js: "Ask.com" removed from browser.search.order.1
      Prefs.js: "Ask.com" removed from browser.search.selectedEngine
      64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\ deleted successfully.
      C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll moved successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
      C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
      Registry value HKEY_USERS\S-1-5-21-2876950389-176514409-2402396831-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
      File C:\Users\Jimmy\AppData\Local\Facebook\Update\Faceb ookUpdate.exe not found.
      Registry value HKEY_USERS\S-1-5-21-2876950389-176514409-2402396831-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
      Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
      Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
      64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
      64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
      Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
      Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
      Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
      File Protocol\Handler\livecall - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
      File Protocol\Handler\ms-help - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
      File Protocol\Handler\msnim - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
      File Protocol\Handler\skype4com - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
      File Protocol\Handler\wlpg - No CLSID value found not found.
      64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      File not found.
      File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
      File not found.
      File not found.
      File move failed. G:\Autodesk_Revit_Architecture_2012_English_Win_32-64bit.exe scheduled to be moved on reboot.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{432f5daf-1f9f-11e1-9e23-6c626d476528}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432f5daf-1f9f-11e1-9e23-6c626d476528}\ not found.
      File G:\.\Setup.exe AUTORUN=1 not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
      File H:\SETUP.EXE not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
      File H:\DirectX\dxsetup.exe not found.
      C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook folder moved successfully.
      C:\Windows\Tasks\GlaryInitialize.job moved successfully.
      C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job moved successfully.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job moved successfully.
      C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job moved successfully.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job moved successfully.
      File C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7f460b0b-e350-4bf0-bcbf-932634e3d184.job not found.
      File C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a8ee5dca-ce47-4e14-8875-87078ca492ba.job not found.
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows
      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
      C:\Users\Jimmy\Downloads\cmd.bat deleted successfully.
      C:\Users\Jimmy\Downloads\cmd.txt deleted successfully.
      < ipconfig /renew /c >
      Configuraci¢n IP de Windows
      Error en la operaci¢n. No hay ning£n adaptador permitido para
      esta operaci¢n.
      C:\Users\Jimmy\Downloads\cmd.bat deleted successfully.
      C:\Users\Jimmy\Downloads\cmd.txt deleted successfully.
      ========== COMMANDS ==========

      [EMPTYFLASH]

      User: All Users

      User: Default
      ->Flash cache emptied: 56478 bytes

      User: Default User
      ->Flash cache emptied: 0 bytes

      User: Jimmy
      ->Flash cache emptied: 15261619 bytes

      User: Public

      User: windows 7 lite

      Total Flash Files Cleaned = 15.00 mb


      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      ->Flash cache emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes
      ->Flash cache emptied: 0 bytes

      User: Jimmy
      ->Temp folder emptied: 500418 bytes
      ->Temporary Internet Files folder emptied: 2911132 bytes
      ->Java cache emptied: 342211 bytes
      ->FireFox cache emptied: 175199562 bytes
      ->Google Chrome cache emptied: 594288 bytes
      ->Flash cache emptied: 0 bytes

      User: Public

      User: windows 7 lite

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 10421 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68109 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 171.00 mb

      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      OTL by OldTimer - Version 3.2.61.3 log created on 09092012_180815

      Files\Folders moved on Reboot...
      File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
      File move failed. G:\Autodesk_Revit_Architecture_2012_English_Win_32-64bit.exe scheduled to be moved on reboot.
      C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...




      Version Java SE 7 Update 07


      Por el momento la PC va mejor, pero no como debe de ser... Algo que me di cuenta es que me salen Ads (publicidad) en algunas webs, asi como en Facebook, por ejemplo... Y no pasaba antes.

    8. #8
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.692

      Re: Imposible encontrar solucion malware

      Realiza el siguiente procedimiento :

      - Descarga la herramienta ComboFix y guárdala en el escritorio. <--- Importante.

      Nota: Antes de ejecutar ComboFix asegurarse de :

      Cerrar todos los programas y ventanas abiertas.

      Desactivar temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus

      Si está utilizando Windows Vista o Windows 7. Haga click derecho sobre el archivo ComboFix.exe y seleccionar Ejecutar como Administrador.

      PASO 1:

      • Ejecutar el archivo ComboFix.exe
      • Aceptar los términos de licencia.
      • Si ComboFix avisa que hay una versión nueva del programa deberás descargala.
      • Si ComboFix pide instalar la Consola de Recuperación (Recovery Console) hay que instalarla.

      PASO 2:

      • Copiar y pegar el reporte que ComboFix generó. Si no aparece lo encontraras en C:\ComboFix.txt.


      • Comentar cómo sigue su sistema, en relación al problema planteado.


      Importante :

      • Mientras esté trabajando ComboFix no ejecutar ningún software hasta que termine.
      • No reiniciar su PC, ComboFix lo hará de ser necesario.
      • Mientras ComboFix esté trabajando, no mover el mouse ya que pararía su proceso.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      NOTAS IMPORTANTES:

      ° Una vez Terminado el Trabajo de ComboFix, puedes activar Tu antivirus.

      ° No Pongas los Reportes Dentro de Etiquetas Code ni HTML.

      ° No vuelvas a ejecutar ningún otro programa antivirus hasta que vuelva con una respuesta.
      Saludos, Javier.

      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de Jimmythebest
      Registrado
      oct 2007
      Ubicación
      Dominican Republic
      Mensajes
      65

      Re: Imposible encontrar solucion malware

      ComboFix 12-09-09.02 - Jimmy 09/09/2012 19:06:49.1.4 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.3082.18.8175.6024 [GMT -5:00]
      Running from: c:\users\Jimmy\Desktop\ComboFix.exe
      AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
      FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
      SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-10 00:11 . 2012-09-10 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-09 23:23 . 2012-09-09 23:23 -------- d-----w- c:\program files (x86)\Common Files\Java
      2012-09-09 23:22 . 2012-09-09 23:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2012-09-09 23:22 . 2012-09-09 23:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2012-09-09 23:08 . 2012-09-09 23:08 -------- d-----w- C:\_OTL
      2012-09-09 20:15 . 2012-06-29 18:55 22528 ----a-w- c:\windows\AT-Uninstall.exe
      2012-09-09 20:15 . 2012-03-13 04:27 11776 ----a-w- c:\windows\Colous.exe
      2012-09-09 20:15 . 2008-03-25 15:39 69660 ----a-w- c:\windows\Fart.exe
      2012-09-08 03:45 . 2012-09-08 03:45 -------- d-----w- c:\program files (x86)\ESET
      2012-09-07 15:15 . 2012-09-07 15:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
      2012-09-07 15:15 . 2012-09-07 15:15 -------- d-----r- c:\program files (x86)\Skype
      2012-09-07 14:57 . 2012-09-07 14:57 -------- d-----w- c:\users\Jimmy\AppData\Roaming\GlarySoft
      2012-09-07 14:44 . 2012-09-07 14:44 -------- d-----w- c:\program files (x86)\Glary Utilities
      2012-09-07 02:26 . 2012-09-07 02:26 -------- d-----w- c:\users\Jimmy\AppData\Roaming\Zbshareware Lab
      2012-09-07 02:26 . 2012-09-07 02:26 -------- d-----w- c:\programdata\Zbshareware Lab
      2012-09-05 09:55 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76007877-09D5-401B-A831-5207E5FBDD5F}\mpengine.dll
      2012-09-05 03:40 . 2012-09-05 03:40 -------- d-----w- c:\users\Jimmy\AppData\Roaming\SUPERAntiSpyware.com
      2012-09-05 03:40 . 2012-09-05 03:40 -------- d-----w- c:\program files\SUPERAntiSpyware
      2012-09-05 03:40 . 2012-09-05 03:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
      2012-09-05 03:08 . 2012-09-05 03:08 -------- d-----w- c:\users\Jimmy\AppData\Local\adaware
      2012-09-05 03:08 . 2012-09-10 02:30 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
      2012-09-05 03:08 . 2011-12-19 17:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
      2012-09-05 03:08 . 2011-12-19 18:21 45936 ----a-w- c:\windows\system32\sbbd.exe
      2012-09-05 03:08 . 2011-10-26 19:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
      2012-09-05 03:08 . 2012-09-05 03:08 -------- d-----w- c:\programdata\Lavasoft
      2012-09-05 03:08 . 2012-09-05 04:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
      2012-09-05 03:08 . 2012-09-05 03:08 -------- d-----w- c:\users\Jimmy\AppData\Local\Downloaded Installations
      2012-09-05 03:03 . 2012-09-07 14:19 -------- d-----w- c:\users\Jimmy\AppData\Roaming\Ad-Aware Antivirus
      2012-08-25 22:11 . 2012-08-25 22:11 -------- d-----w- c:\users\Jimmy\AppData\Local\GMail Drive
      2012-08-25 22:10 . 2012-08-25 22:10 -------- d-----w- c:\windows\SysWow64\ShellExt
      2012-08-25 22:10 . 2012-08-25 22:10 -------- d-----w- c:\windows\system32\ShellExt
      2012-08-25 21:42 . 2012-08-25 21:44 -------- d-----w- C:\Call of Duty- Modern Warfare 3
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-09 23:22 . 2011-09-29 01:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-09-05 02:53 . 2012-04-09 10:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-05 02:53 . 2011-09-28 16:43 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-08-20 14:21 . 2011-09-23 13:19 62134624 ----a-w- c:\windows\system32\MRT.exe
      2012-07-03 18:46 . 2012-07-03 13:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-18 1020816]
      "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
      "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
      "RockMelt Update"="c:\users\Jimmy\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-08-02 136336]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-10 336384]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
      "SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536752]
      "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-11-23 5542488]
      "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
      "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
      "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
      "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      "EnableLinkedConnections"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux1"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
      @="Ad-Aware Service"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
      @="Service"
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 gupdate;Google Update Servicio (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
      R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 250568]
      R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-02 1431888]
      R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
      R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2005-02-18 120704]
      R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
      R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-12-06 116224]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-07 113120]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
      R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
      R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-23 1255736]
      S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-29 1263200]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
      S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
      S2 afcdpsrv;Servicio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-29 3246040]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-10 203776]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 69976]
      S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
      S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
      S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
      S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
      S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-09-29 285280]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-10 9259520]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-10 300544]
      S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
      S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:53]
      .
      2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 01:50]
      .
      2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 01:50]
      .
      2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      - c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 17:05]
      .
      2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      - c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 17:05]
      .
      2012-09-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000Core.job
      - c:\users\Jimmy\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-02 19:25]
      .
      2012-09-10 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2876950389-176514409-2402396831-1000UA.job
      - c:\users\Jimmy\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-02 19:25]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]
      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      TCP: Interfaces\{B00280B9-24F1-4325-81F7-4C4A420C0342}: NameServer = 196.3.81.5,200.88.127.23
      FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\bhu5fji9.default\
      FF - prefs.js: browser.search.selectedEngine -
      FF - prefs.js: browser.startup.homepage - hxxp://google.com
      FF - prefs.js: keyword.URL - hxxp://google.com
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\AVAST Software\Avast\AvastSvc.exe
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
      c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
      c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
      c:\users\Jimmy\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
      .
      **************************************************************************
      .
      Completion time: 2012-09-09 21:34:51 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-09-10 02:34
      .
      Pre-Run: 1,005,453,312 bytes libres
      Post-Run: 1,191,202,816 bytes libres
      .
      - - End Of File - - BE2BC0EEC14046E94ADCD9957C0DFBBA



      Hasta ahora no ha vuelto a relentizarse... Al menos pude abrir el navegador de manera normal, pero al entrar a paginas como el Facebook, aveces como que da un error de script del shockwave o algo asi...

    10. #10
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.692

      Re: Imposible encontrar solucion malware

      Pues realiza los siguientes pasos, para intentar optimizar tu equipo :

      1.- Descarga, instala y/o actualiza pero, no ejecutes aun, las siguientes herramientas :

      2.- Ejecuta una por una en el siguiente orden :

      a) CCleaner.

      • Lo instalas y ejecutas como indica su Manual.
      • Ejecuta CCleaner en sus 2 opciones (Limpiador y Registro) así realizas limpieza de cookies, ficheros temporales e inservibles y también del registro de Windows.

      b) Argente-Registry Cleaner.
      • Lo instalas como indica el Manual
      • Lo ejecutas y presionas Iniciar Análisis
      • Cuando termine el análisis presionas Reparar errores seleccionados.

      c) Glary Utilities.
      • Instalas y actualizas (Pestaña Estado)
      • En su pestaña Mantenimiento 1-Clic presionas Ver Resultados
      • Cuando termine el escaneo presionas Reparar Problemas
      • En la pestaña Módulos utilizas Limpiador de Disco


      Ejecutas estas tres herramientas varias veces, una por una y en el mismo orden, hasta que veas que no te encuentran prácticamente ningún error.

      3) Descarga el >> Desfragmentador de Disco Duro.

      Con el desfragmentador haces lo mismo pásalo varias veces hasta que veas que te indica que prácticamente no queda espacio fragmentado.

      Coméntanos los Resultados y el Funcionamiento de tu equipo en relación al problema planteado.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 4 1234 ÚltimoÚltimo