• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    gbpxp.exe y mob127.bin

    Buenasss, quería explicar lo que me pasa, he formateado el ordenador hace un par de dias y notaba que siempre se me creaba sola una carpeta llamada "videos" en mi carpeta de usuario. La eliminaba ...

    1. #1
      Usuario Avatar de tanke234
      Registrado
      abr 2008
      Ubicación
      Petrer
      Mensajes
      7

      Triste gbpxp.exe y mob127.bin

      Buenasss, quería explicar lo que me pasa, he formateado el ordenador hace un par de dias y notaba que siempre se me creaba sola una carpeta llamada "videos" en mi carpeta de usuario. La eliminaba y al reiniciar me volvia a salir siempre la misma carpeta (tambien he probado eliminandola con windows en inicio a prueba de errores).

      Entonces decidí pasarle el malwarebytes, y me detecta un trojan y un malware llamados gbpxp.exe y mob127.bin ubicados ambos supuestamente en dicha carpeta "videos". Pues bien, los elimino con el malwarebytes y reinicio el equipo, paso otra vez el malwarebytes y no detecta nada ya, pero si vuelvo a pasarlo despues de un rato (10-15 mins) vuelve a detectarme las dos infecciones y así siempre, y ya no se que hacer :S.

      Os pongo lo que detecta el malwarebyte's:

      Files Infected:
      c:\users\christian\videos\gbpxp.exe (Trojan.Banker) -> Delete on reboot.
      c:\users\christian\videos\mob127.bin (Malware.Trace) -> Delete on reboot.

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: gbpxp.exe y mob127.bin

      Hola tanke234





      Vas a trabajar con 2 herramientas. Intentá hacer todos los pasos que menciono mas abajo. Si alguno NO podes hacer, lo saltas y seguis con los otros.




      PASO 1



      Descargá Glary Utilities a Tu escritorio y lo instalas según Su manual.


      Ejecutá Glary Utilities

      • Presioná el Boton Mantenimiento un Clic
      • Presioná el Boton Ver Resultados y esperá a que termine.
      • Cuando termine, presionas el Boton Reparar Problemas.






      PASO 2



      Descarga la herramienta ComboFix.exe a Tu escritorio.
      • Desactivá temporalmente el Antivirus y/o Antispyware.
      • Cerrá todas las ventanas abiertas.
      • Hacé doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generará un reporte en C:\ComboFix.txt.


      • *Nota* Mientras CF este trabajando no debes mover el mouse ya que pararía su proceso.
      • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      • *Nota* No vuelvas a utilizar ComboFix ni ningun otro programa antivirus hasta que no te de una respuesta.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      NOTAS IMPORTANTES:

      ° Una vez Terminado el Trabajo de ComboFix, podes activar Tu antivirus.

      ° No Pongas los Reportes Dentro de Etiquetas Code ni HTML.

      ° No vuelvas a ejecutar ningún otro programa antivirus hasta que vuelva con una respuesta.

      ° Si No podes realizar un paso, lo saltas y seguis con el próximo.



      En Tu próxima respuesta, debes poner el reporte de ComboFix, que se encuentra en C:\ComboFix.txt



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de tanke234
      Registrado
      abr 2008
      Ubicación
      Petrer
      Mensajes
      7

      Re: gbpxp.exe y mob127.bin

      Ya hice los 2 pasos que me pusiste, el glary utilities y el combofix, aquí te dejo el reporte de Combofix:

      ComboFix 12-09-18.05 - Christian 18/09/2012 17:03:05.1.2 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.4095.3196 [GMT 2:00]
      Running from: c:\users\Christian\Desktop\ComboFix.exe
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\Christian\gusetup_slim.exe
      c:\users\Christian\RivaTuner224c-[Guru3D.com].exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-18 15:05 . 2012-09-18 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-18 14:56 . 2012-09-18 14:56 -------- d-----w- c:\program files (x86)\Glary Utilities
      2012-09-17 22:35 . 2012-09-18 14:10 -------- d-----w- c:\program files\JDownloader 2
      2012-09-17 22:35 . 2012-09-17 22:35 -------- d-----w- c:\program files\Common Files\i4j_jres
      2012-09-17 21:31 . 2012-09-17 21:31 -------- d-sh--w- c:\programdata\DSS
      2012-09-17 21:10 . 2012-09-17 21:10 8192 ----a-w- c:\windows\SysWow64\srvany.exe
      2012-09-17 21:10 . 2012-09-17 21:10 151552 ----a-w- c:\windows\KMService.exe
      2012-09-17 21:08 . 2012-09-17 21:08 -------- d-----w- c:\program files\Common Files\DESIGNER
      2012-09-17 21:08 . 2012-09-17 21:08 -------- d-----w- c:\program files\Microsoft Synchronization Services
      2012-09-17 21:08 . 2012-09-17 21:08 -------- d-----w- c:\windows\PCHEALTH
      2012-09-17 21:08 . 2012-09-17 21:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2012-09-17 21:08 . 2012-09-17 21:08 -------- d-----w- c:\program files (x86)\Microsoft.NET
      2012-09-17 21:05 . 2012-09-17 21:05 -------- d-----w- c:\program files\Microsoft Analysis Services
      2012-09-17 21:05 . 2012-09-17 21:05 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
      2012-09-17 21:04 . 2012-09-17 21:09 -------- d-----w- c:\programdata\Microsoft Help
      2012-09-17 21:04 . 2012-09-17 21:08 -------- d-----w- c:\program files\Microsoft Office
      2012-09-17 21:04 . 2012-09-17 21:04 -------- d-----r- C:\MSOCache
      2012-09-17 21:00 . 2012-09-17 21:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe
      2012-09-17 20:01 . 2012-09-17 20:01 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
      2012-09-17 20:01 . 2012-09-17 20:01 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
      2012-09-17 20:00 . 2012-09-17 20:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
      2012-09-17 19:49 . 2012-09-17 19:49 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
      2012-09-17 19:49 . 2012-09-17 19:49 -------- d-----w- c:\program files (x86)\Winamp
      2012-09-17 19:42 . 2012-09-17 19:42 -------- d-----w- c:\program files (x86)\Common Files\Java
      2012-09-17 19:42 . 2012-09-17 19:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2012-09-17 19:42 . 2012-09-17 19:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-09-17 19:42 . 2012-09-17 19:42 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2012-09-17 19:42 . 2012-09-17 19:42 -------- d-----w- c:\program files (x86)\Java
      2012-09-17 19:30 . 2012-09-17 19:30 -------- d-----w- c:\program files (x86)\uTorrent
      2012-09-17 19:29 . 2012-09-17 19:29 -------- d-----w- c:\program files (x86)\SopCast
      2012-09-17 19:28 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
      2012-09-17 19:28 . 2012-09-17 19:28 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
      2012-09-17 18:49 . 2012-09-17 18:49 -------- d-----w- c:\program files (x86)\MiPony
      2012-09-17 18:01 . 2012-09-17 18:03 -------- d-----w- c:\program files (x86)\Origin Games
      2012-09-17 18:00 . 2012-09-17 18:02 -------- d-----w- c:\programdata\Origin
      2012-09-17 18:00 . 2012-09-17 18:00 -------- d-----w- c:\programdata\Electronic Arts
      2012-09-17 18:00 . 2012-09-17 18:01 -------- d-----w- c:\program files (x86)\Origin
      2012-09-17 17:23 . 2012-09-17 17:23 -------- d-----w- c:\program files (x86)\Browny02
      2012-09-17 17:23 . 2010-01-22 07:52 61440 ----a-w- c:\windows\SysWow64\brprtink.dll
      2012-09-17 17:23 . 2010-01-12 02:02 1560576 ----a-w- c:\windows\system32\BrWi209c.dll
      2012-09-17 17:23 . 2009-08-18 10:36 50688 ----a-w- c:\windows\system32\BrUsi09c.dll
      2012-09-17 17:23 . 2012-09-17 17:23 -------- d-----w- c:\program files (x86)\Brother
      2012-09-17 17:23 . 2010-02-09 15:11 217088 ------w- c:\windows\SysWow64\NSSearch.dll
      2012-09-17 17:23 . 2010-01-22 13:34 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
      2012-09-17 17:23 . 2007-12-13 20:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
      2012-09-17 17:23 . 2007-12-13 20:16 5632 ------w- c:\windows\SysWow64\BrDctF2L.dll
      2012-09-17 17:23 . 2010-02-05 09:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll
      2012-09-17 17:23 . 2012-09-17 17:23 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
      2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\programdata\Brother
      2012-09-17 17:14 . 2012-09-17 17:14 -------- d-----w- c:\programdata\Malwarebytes
      2012-09-17 17:14 . 2012-09-17 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-09-17 17:14 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-09-17 17:08 . 2011-12-07 17:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
      2012-09-17 17:08 . 2012-09-17 17:08 -------- d-----w- c:\program files\MotioninJoy
      2012-09-17 17:08 . 2012-05-12 10:31 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
      2012-09-17 17:08 . 2011-12-07 17:42 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
      2012-09-17 17:08 . 2011-12-07 17:42 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
      2012-09-17 16:28 . 2012-09-17 16:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
      2012-09-17 15:48 . 2012-09-17 14:57 -------- d-----w- c:\windows\Panther
      2012-09-17 15:23 . 2012-09-17 15:23 -------- d-----w- c:\programdata\ATI
      2012-09-17 15:23 . 2012-09-17 15:23 0 ----a-w- c:\windows\ativpsrm.bin
      2012-09-17 15:21 . 2012-09-17 15:21 -------- d-----w- c:\program files (x86)\ATI Technologies
      2012-09-17 15:21 . 2012-09-17 21:09 -------- d-sh--w- c:\windows\Installer
      2012-09-17 15:21 . 2012-09-17 15:21 -------- d-----w- c:\program files\ATI
      2012-09-17 15:18 . 2012-09-17 16:34 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-09-17 15:18 . 2012-09-17 16:34 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-17 15:18 . 2012-09-17 15:18 -------- d-----w- c:\windows\SysWow64\Macromed
      2012-09-17 15:18 . 2012-09-17 15:18 -------- d-----w- c:\windows\system32\Macromed
      2012-09-17 15:16 . 2012-09-17 15:22 -------- d-----w- c:\program files\ATI Technologies
      2012-09-17 15:11 . 2012-09-17 21:18 -------- d-----w- c:\program files\WinRAR
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
      2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
      2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
      2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
      2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
      2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
      2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
      2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:\windows\system32\aticfx64.dll
      2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
      2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
      2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
      2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
      2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
      2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
      2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:\windows\system32\atidxx64.dll
      2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
      2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
      2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
      2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
      2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
      2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
      2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
      2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
      2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:\windows\system32\atiuxp64.dll
      2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
      2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
      2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
      2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
      "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
      .
      c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      PRemoteDroid-Server.lnk - d:\format\Ultimo format\Christian2\Descargas\PRemoteDroid-Server\PRemoteDroid-Server.exe [2012-9-18 25600]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
      R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
      R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-17 283200]
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
      S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
      S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
      S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-18 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-18 19:59]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.es/
      mLocal Page = c:\windows\SysWOW64\blank.htm
      IE: Descargar con Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      TCP: DhcpNameServer = 62.42.63.52 62.42.230.24
      FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\l1w6hasj.default\
      FF - prefs.js: browser.startup.homepage - www.google.com
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-09-18 17:07:07
      ComboFix-quarantined-files.txt 2012-09-18 15:07
      .
      Pre-Run: 48.915.316.736 bytes libres
      Post-Run: 48.811.823.104 bytes libres
      .
      - - End Of File - - 35B3F3AC7F0D769A6F397430DE3BF587

    4. #4
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: gbpxp.exe y mob127.bin

      Hola

      Desinstalá CF de la siguiente manera:
      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Si No podes desinstalalrlo asì, Descargá OTC.exe en el escritorio.

      Lo ejecutás y presionás Cleanup para Desinstalar ComboFix y sus carpetas creadas.

      Eso reiniciará tu pc.



      Nos comentas como sigue Todo ahora



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    5. #5
      Usuario Avatar de tanke234
      Registrado
      abr 2008
      Ubicación
      Petrer
      Mensajes
      7

      Re: gbpxp.exe y mob127.bin

      Acabo de desinstalar ComboFix. He vuelto a pasar el malwarebyte's y me han vuelto a salir ambos archivos, el troyano "gbpxp.exe" y el malware "mob127.bin".

      Uffff que agobio :(

    6. #6
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: gbpxp.exe y mob127.bin

      Hola



      Reiniciá el ordenador para el virus se cargue nuevamente.


      Ahora, hacé lo siguiente:


      Descargá OTL By OldTimer





      >>> Ejecutá OTL
      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo asta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Pegá el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:

        NOTA: No copiar la palabra Cita.
        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.




      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    7. #7
      Usuario Avatar de tanke234
      Registrado
      abr 2008
      Ubicación
      Petrer
      Mensajes
      7

      Re: gbpxp.exe y mob127.bin

      Aqui te dejo el OTL.txt:

      OTL logfile created on: 19/09/2012 16:41:52 - Run 1
      OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Christian
      64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7601.17514)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,13% Memory free
      8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,30% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 87,79 Gb Total Space | 41,71 Gb Free Space | 47,51% Space Free | Partition Type: NTFS
      Drive D: | 377,87 Gb Total Space | 83,43 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
      Drive E: | 186,31 Gb Total Space | 20,12 Gb Free Space | 10,80% Space Free | Partition Type: NTFS
      Drive F: | 149,05 Gb Total Space | 11,52 Gb Free Space | 7,73% Space Free | Partition Type: NTFS

      Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Christian\OTL.exe (OldTimer Tools)
      PRC - C:\Windows\KMService.exe ()
      PRC - C:\Windows\SysWOW64\srvany.exe ()
      PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
      PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
      SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
      SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (ose64) -- C:\Archivos de programa\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
      DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
      DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
      DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
      DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
      DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
      DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
      DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 98 59 52 E5 94 CD 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.update: false
      FF - prefs.js..browser.startup.homepage: "www.google.com"
      FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.50
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/17 18:28:20 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2012/09/17 18:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
      [2012/09/17 19:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1w6hasj.default\extensions
      [2012/09/17 19:13:28 | 000,081,602 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\l1w6hasj.default\extensions\[email protected]
      [2012/09/17 19:12:22 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\l1w6hasj.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
      [2012/09/17 19:12:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\l1w6hasj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/09/17 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/09/06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/09/06 05:35:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/09/06 05:35:44 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/09/06 05:35:44 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/09/06 05:35:44 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/09/06 05:35:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/09/06 05:35:44 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/09/18 17:05:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PRemoteDroid-Server.lnk = D:\format\Ultimo format\Christian2\Descargas\PRemoteDroid-Server\PRemoteDroid-Server.exe ()
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O8:64bit: - Extra context menu item: Descargar con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O8 - Extra context menu item: Descargar con Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.42.63.52 62.42.230.24
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A4720A9-B035-4CBA-AED2-BF5618502376}: DhcpNameServer = 62.42.63.52 62.42.230.24
      O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2012/07/13 03:09:56 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

      MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
      MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
      MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      MsConfig:64bit - State: "startup" - Reg Error: Key error.
      MsConfig:64bit - State: "bootini" - Reg Error: Key error.

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/09/19 01:36:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\D3DOverrider
      [2012/09/19 01:34:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\KONAMI
      [2012/09/19 01:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
      [2012/09/19 0102 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2012/09/18 23:56:46 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\OTL.exe
      [2012/09/18 17:07:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
      [2012/09/18 17:02:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
      [2012/09/18 16:59:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\GlarySoft
      [2012/09/18 16:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
      [2012/09/18 16:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
      [2012/09/18 15:38:25 | 000,000,000 | R--D | C] -- C:\Users\Christian\Favorites
      [2012/09/18 02:54:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
      [2012/09/18 01:03:02 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Brother
      [2012/09/18 00:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader 2
      [2012/09/18 00:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
      [2012/09/18 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Mipony
      [2012/09/17 23:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
      [2012/09/17 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\FIFA 13
      [2012/09/17 23:28:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\FIFA 13 Demo
      [2012/09/17 23:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
      [2012/09/17 23:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
      [2012/09/17 23:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
      [2012/09/17 23:08:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
      [2012/09/17 23:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
      [2012/09/17 23:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
      [2012/09/17 23:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
      [2012/09/17 23:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
      [2012/09/17 23:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
      [2012/09/17 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft Help
      [2012/09/17 23:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
      [2012/09/17 23:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
      [2012/09/17 23:04:34 | 000,000,000 | R--D | C] -- C:\MSOCache
      [2012/09/17 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Adobe
      [2012/09/17 23:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
      [2012/09/17 23:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
      [2012/09/17 23:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
      [2012/09/17 22:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 Update 4
      [2012/09/17 22:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs
      [2012/09/17 22:23:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
      [2012/09/17 22:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
      [2012/09/17 22:01:03 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
      [2012/09/17 22:01:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
      [2012/09/17 22:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
      [2012/09/17 22:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
      [2012/09/17 21:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
      [2012/09/17 21:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
      [2012/09/17 21:49:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Winamp
      [2012/09/17 21:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
      [2012/09/17 21:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
      [2012/09/17 21:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
      [2012/09/17 21:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
      [2012/09/17 21:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
      [2012/09/17 21:29:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\uTorrent
      [2012/09/17 21:29:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
      [2012/09/17 21:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
      [2012/09/17 21:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
      [2012/09/17 21:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
      [2012/09/17 21:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
      [2012/09/17 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
      [2012/09/17 20:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
      [2012/09/17 20:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiPony
      [2012/09/17 20:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13 Demo
      [2012/09/17 20:11:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
      [2012/09/17 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Origin
      [2012/09/17 20:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
      [2012/09/17 20:01:03 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Origin
      [2012/09/17 20:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
      [2012/09/17 20:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
      [2012/09/17 20:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
      [2012/09/17 20:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
      [2012/09/17 19:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
      [2012/09/17 19:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02
      [2012/09/17 19:23:07 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi209c.dll
      [2012/09/17 19:23:07 | 000,061,440 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\brprtink.dll
      [2012/09/17 19:23:07 | 000,050,688 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09c.dll
      [2012/09/17 19:23:05 | 000,217,088 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
      [2012/09/17 19:23:05 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
      [2012/09/17 19:23:05 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
      [2012/09/17 19:23:05 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
      [2012/09/17 19:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
      [2012/09/17 19:23:04 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
      [2012/09/17 19:23:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
      [2012/09/17 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\InstallShield
      [2012/09/17 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
      [2012/09/17 19:14:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
      [2012/09/17 19:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/09/17 19:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/09/17 19:14:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [2012/09/17 19:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      [2012/09/17 19:08:31 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\MotioninJoy
      [2012/09/17 19:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
      [2012/09/17 19:08:27 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
      [2012/09/17 19:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
      [2012/09/17 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Macromedia
      [2012/09/17 18:28:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Mozilla
      [2012/09/17 18:28:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Mozilla
      [2012/09/17 18:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
      [2012/09/17 18:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
      [2012/09/17 18:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2012/09/17 17:48:41 | 000,000,000 | ---D | C] -- C:\Windows\Panther
      [2012/09/17 17:23:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\ATI
      [2012/09/17 17:23:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ATI
      [2012/09/17 17:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
      [2012/09/17 17:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
      [2012/09/17 17:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
      [2012/09/17 17:21:35 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
      [2012/09/17 17:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
      [2012/09/17 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Macromedia
      [2012/09/17 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Adobe
      [2012/09/17 17:18:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
      [2012/09/17 17:18:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
      [2012/09/17 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
      [2012/09/17 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\WinRAR
      [2012/09/17 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
      [2012/09/17 17:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      [2012/09/17 17:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
      [2012/09/17 16:57:48 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      [2012/09/17 16:57:48 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      [2012/09/17 16:57:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Identities
      [2012/09/17 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\VirtualStore
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\SendTo
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Reciente
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Plantillas
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Mis vídeos
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Mis imágenes
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Mis documentos
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Mi música
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Menú Inicio
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Impresoras
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Historial
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Entorno de red
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Datos de programa
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Datos de programa
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Cookies
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Configuración local
      [2012/09/17 16:57:28 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Archivos temporales de Internet
      [2012/09/17 16:57:27 | 000,000,000 | --SD | C] -- C:\Users\Christian\AppData\Roaming\Microsoft
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\Pictures
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\Music
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\Downloads
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\Documents
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\Desktop
      [2012/09/17 16:57:27 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      [2012/09/17 16:57:27 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData
      [2012/09/17 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\Videos
      [2012/09/17 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Temp
      [2012/09/17 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft
      [2012/09/17 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
      [2012/09/17 16:57:15 | 000,000,000 | ---D | C] -- C:\Recovery
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Plantillas
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mis vídeos
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mis imágenes
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mi música
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menú Inicio
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Escritorio
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Datos de programa
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\Archivos de programa
      [2012/09/17 16:57:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Archivos comunes
      [2012/09/17 16:52:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
      [2012/09/17 16:50:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
      [2012/09/17 16:50:10 | 000,000,000 | ---D | C] -- C:\Windows\CSC
      [2012/09/17 16:49:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information
      [2012/09/12 00:40:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Uni

      ========== Files - Modified Within 30 Days ==========

      [2012/09/19 16:06:26 | 006,249,007 | ---- | M] () -- C:\Users\Christian\dt05_s.rar
      [2012/09/19 15:13:07 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/09/19 15:13:06 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/09/19 1513 | 001,530,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/09/19 1513 | 000,694,148 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/09/19 1513 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/09/19 1513 | 000,134,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/09/19 1513 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/09/19 15:06:01 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/09/19 15:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/09/19 15:05:41 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/19 01:35:27 | 000,001,393 | ---- | M] () -- C:\Users\Christian\Desktop\settings.exe - Acceso directo.lnk
      [2012/09/19 01:34:40 | 000,000,228 | ---- | M] () -- C:\Users\Christian\Desktop\Pro Evolution Soccer 2013.lnk
      [2012/09/18 23:56:51 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\OTL.exe
      [2012/09/18 20:04:04 | 000,244,224 | ---- | M] () -- C:\Users\Christian\CF_UNINST.EXE
      [2012/09/18 18:56:06 | 000,001,480 | ---- | M] () -- C:\Users\Christian\Desktop\JDownloader 2.lnk
      [2012/09/18 17:05:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
      [2012/09/18 16:56:33 | 000,001,066 | ---- | M] () -- C:\Users\Christian\Desktop\Glary Utilities.lnk
      [2012/09/18 01:23:38 | 000,001,076 | ---- | M] () -- C:\Users\Christian\Desktop\PRemoteDroid-Server.lnk
      [2012/09/18 01:23:38 | 000,001,076 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PRemoteDroid-Server.lnk
      [2012/09/17 23:59:54 | 000,451,542 | ---- | M] () -- C:\Users\Christian\D3DOverrider.rar
      [2012/09/17 23:56:35 | 002,901,882 | ---- | M] () -- C:\Users\Christian\D3DOverrider+tutorial.zip
      [2012/09/17 23:21:52 | 000,001,332 | ---- | M] () -- C:\Users\Christian\Desktop\bf3.exe - Acceso directo.lnk
      [2012/09/17 23:20:20 | 000,002,951 | ---- | M] () -- C:\Users\Christian\Desktop\Microsoft Word 2010.lnk
      [2012/09/17 23:20:16 | 000,002,927 | ---- | M] () -- C:\Users\Christian\Desktop\Microsoft Excel 2010.lnk
      [2012/09/17 23:15:46 | 000,339,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/09/17 2320 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
      [2012/09/17 2320 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
      [2012/09/17 23:00:38 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
      [2012/09/17 22:35:59 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Sleeping Dogs.lnk
      [2012/09/17 22:23:20 | 000,001,047 | ---- | M] () -- C:\Users\Christian\Desktop\Battlefield 3 Repack.lnk
      [2012/09/17 22:01:21 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
      [2012/09/17 22:01:03 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
      [2012/09/17 21:30:11 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
      [2012/09/17 21:29:05 | 000,000,991 | ---- | M] () -- C:\Users\Christian\Desktop\SopCast.lnk
      [2012/09/17 20:49:21 | 000,000,995 | ---- | M] () -- C:\Users\Christian\Desktop\MiPony.lnk
      [2012/09/17 20:11:36 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13 Demo.lnk
      [2012/09/17 20:00:41 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
      [2012/09/17 19:23:20 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\BRIDF10A.DAT
      [2012/09/17 19:23:19 | 000,000,431 | ---- | M] () -- C:\Windows\BRWMARK.INI
      [2012/09/17 19:14:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/17 19:09:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
      [2012/09/17 19:09:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
      [2012/09/17 19:08:28 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
      [2012/09/17 18:28:22 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [2012/09/17 17:23:34 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
      [2012/09/17 16:53:44 | 000,052,732 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
      [2012/09/17 16:53:44 | 000,052,732 | ---- | M] () -- C:\Windows\SysNative\license.rtf
      [2012/09/17 16:51:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
      [2012/09/10 19:57:43 | 000,038,766 | ---- | M] () -- C:\Users\Christian\Documents\getreport2.pdf
      [2012/09/10 19:57:37 | 000,022,244 | ---- | M] () -- C:\Users\Christian\Documents\getreport.pdf
      [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

      ========== Files Created - No Company Name ==========

      [2012/09/19 16:06:15 | 006,249,007 | ---- | C] () -- C:\Users\Christian\dt05_s.rar
      [2012/09/19 01:35:27 | 000,001,393 | ---- | C] () -- C:\Users\Christian\Desktop\settings.exe - Acceso directo.lnk
      [2012/09/19 01:34:40 | 000,000,228 | ---- | C] () -- C:\Users\Christian\Desktop\Pro Evolution Soccer 2013.lnk
      [2012/09/18 20:04:02 | 000,244,224 | ---- | C] () -- C:\Users\Christian\CF_UNINST.EXE
      [2012/09/18 18:56:06 | 000,001,480 | ---- | C] () -- C:\Users\Christian\Desktop\JDownloader 2.lnk
      [2012/09/18 16:56:33 | 000,001,066 | ---- | C] () -- C:\Users\Christian\Desktop\Glary Utilities.lnk
      [2012/09/18 16:56:33 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/09/18 02:53:03 | 000,001,076 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PRemoteDroid-Server.lnk
      [2012/09/18 01:23:38 | 000,001,076 | ---- | C] () -- C:\Users\Christian\Desktop\PRemoteDroid-Server.lnk
      [2012/09/18 00:35:30 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
      [2012/09/18 00:35:30 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
      [2012/09/18 00:35:30 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
      [2012/09/17 23:59:53 | 000,451,542 | ---- | C] () -- C:\Users\Christian\D3DOverrider.rar
      [2012/09/17 23:56:28 | 002,901,882 | ---- | C] () -- C:\Users\Christian\D3DOverrider+tutorial.zip
      [2012/09/17 23:21:52 | 000,001,332 | ---- | C] () -- C:\Users\Christian\Desktop\bf3.exe - Acceso directo.lnk
      [2012/09/17 23:20:20 | 000,002,951 | ---- | C] () -- C:\Users\Christian\Desktop\Microsoft Word 2010.lnk
      [2012/09/17 23:20:16 | 000,002,927 | ---- | C] () -- C:\Users\Christian\Desktop\Microsoft Excel 2010.lnk
      [2012/09/17 2336 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
      [2012/09/17 2336 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
      [2012/09/17 23:00:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
      [2012/09/17 23:00:38 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
      [2012/09/17 22:35:59 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Sleeping Dogs.lnk
      [2012/09/17 22:23:20 | 000,001,047 | ---- | C] () -- C:\Users\Christian\Desktop\Battlefield 3 Repack.lnk
      [2012/09/17 22:01:21 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
      [2012/09/17 21:52:30 | 055,087,601 | ---- | C] () -- C:\Users\Christian\SAMSUNG PC Share 4.2.exe
      [2012/09/17 21:30:11 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
      [2012/09/17 21:29:05 | 000,000,991 | ---- | C] () -- C:\Users\Christian\Desktop\SopCast.lnk
      [2012/09/17 21:28:35 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2012/09/17 20:49:21 | 000,000,995 | ---- | C] () -- C:\Users\Christian\Desktop\MiPony.lnk
      [2012/09/17 20:11:36 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13 Demo.lnk
      [2012/09/17 20:00:41 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
      [2012/09/17 19:23:20 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRIDF10A.DAT
      [2012/09/17 19:23:19 | 000,000,431 | ---- | C] () -- C:\Windows\BRWMARK.INI
      [2012/09/17 19:14:54 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/17 19:09:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
      [2012/09/17 19:09:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
      [2012/09/17 19:08:28 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
      [2012/09/17 18:28:22 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      [2012/09/17 18:28:22 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [2012/09/17 17:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2012/09/17 16:57:54 | 000,001,393 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
      [2012/09/17 16:57:49 | 000,001,427 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      [2012/09/17 16:53:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      [2012/09/17 16:53:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      [2012/09/17 16:51:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
      [2012/09/17 16:49:36 | 3220,475,904 | -HS- | C] () -- C:\hiberfil.sys
      [2012/09/09 21:56:05 | 000,038,766 | ---- | C] () -- C:\Users\Christian\Documents\getreport2.pdf
      [2012/09/06 15:54:32 | 000,022,244 | ---- | C] () -- C:\Users\Christian\Documents\getreport.pdf
      [2012/07/28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
      [2012/07/28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
      [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

      ========== ZeroAccess Check ==========

      [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      ========== LOP Check ==========

      [2012/09/17 22:04:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
      [2012/09/18 16:59:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GlarySoft
      [2012/09/19 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mipony
      [2012/09/17 19:08:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MotioninJoy
      [2012/09/17 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
      [2012/09/19 01:12:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\uTorrent

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/09/18 17:07:07 | 000,019,536 | ---- | M] () -- C:\ComboFix.txt
      [2012/09/19 15:05:41 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/19 15:05:42 | 4293,967,872 | -HS- | M] () -- C:\pagefile.sys

      < End of report >

    8. #8
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: gbpxp.exe y mob127.bin

      Hola


      Descarga SystemLook a Tu escritorio desde uno de los siguientes enlaces, según tengas Windows de 32 0 64 Bites.

      Mi Windows es de 32 o de 64 Bits ?


      SystemLook para 32 Bits


      SystemLook para 64 Bits


      Hacé doble clic al archivo SystemLook.exe para ejecutarlo.
      Copiá y pegá el texto del recuadro de aqui abajo en la ventana del programa y pulsa en Look.

      Código HTML:
      :filefind
      gbpxp.exe 
      mob127.bin
      Espera unos segundos hasta que finalice la búsqueda.
      Al Terminar, abrirá un reporte que debes copiar y pegar Tu próxima respuesta.


      Nota: Ese reporte también quedará en el archivo SystemLook.txt de tu escritorio.



      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.