• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    Re: Virus de doble tilde contin''ua

    Uffff... Estoy renegando con el mismo problema. Les dejo mi log del OTL a ver si me pueden dar una mano: Por cierto, queriendo entrar a Ebay, me aparecio una pantalla que parecia bastante "oficial" ...

    1. #1
      Usuario Avatar de golcito21
      Registrado
      sep 2012
      Ubicación
      San Martin
      Mensajes
      2

      Re: Virus de doble tilde contin''ua

      Uffff... Estoy renegando con el mismo problema. Les dejo mi log del OTL a ver si me pueden dar una mano:


      Por cierto, queriendo entrar a Ebay, me aparecio una pantalla que parecia bastante "oficial" donde me pedian mis datos para reconfirmar mi cuenta...
      Los meti >Deberia preocuparme??


      OTL logfile created on: 21/09/2012 09:43:00 p.m. - Run 1
      OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Administrador\Downloads
      64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,13% Memory free
      7,99 Gb Paging File | 6,06 Gb Available in Paging File | 75,82% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 931,41 Gb Total Space | 279,45 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
      Drive D: | 76,32 Gb Total Space | 56,06 Gb Free Space | 73,45% Space Free | Partition Type: NTFS

      Computer Name: PYM2000-PC | User Name: Administrador | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/09/21 21:42:42 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Administrador\Downloads\OTL.exe
      PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      PRC - [2010/04/07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
      PRC - [2009/03/30 03:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


      ========== Modules (No Company Name) ==========

      MOD - [2009/03/30 03:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


      ========== Services (SafeList) ==========

      SRV:64bit: - [2011/11/10 00:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
      SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
      SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
      SRV - [2012/08/12 12:08:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
      SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2011/03/02 19:29:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
      SRV - [2010/04/07 2142 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
      SRV - [2010/04/07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
      SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
      SRV - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
      SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
      DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
      DRV:64bit: - [2011/11/10 00:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
      DRV:64bit: - [2011/11/09 23:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
      DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
      DRV:64bit: - [2011/03/30 15:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
      DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
      DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
      DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
      DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV:64bit: - [2010/08/17 18:43:35 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
      DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
      DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
      DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
      DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
      DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
      DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
      DRV:64bit: - [2010/04/07 21:08:32 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
      DRV:64bit: - [2010/04/07 21:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
      DRV:64bit: - [2010/04/07 21:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
      DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
      DRV:64bit: - [2009/07/16 00:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
      DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
      DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
      DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
      DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
      DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
      DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
      DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
      DRV:64bit: - [2009/04/23 11:15:06 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
      DRV:64bit: - [2007/04/27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Sentinel64.sys -- (Sentinel64)
      DRV - [2012/04/15 22:19:37 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
      DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ar/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 A2 6C 64 44 11 CB 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {1F44113C-9612-459D-9970-3438E075249C}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{1F44113C-9612-459D-9970-3438E075249C}: "URL" = http://findgala.com/?&uid=289&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "http://www.google.com.ar/"
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:3.1.5
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
      FF - prefs.js..network.proxy.no_proxies_on: "*.local"
      FF - prefs.js..network.proxy.type: 0
      FF - user.js - File not found

      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrador\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

      64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2010/06/21 11:07:21 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/12 12:08:07 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/28 17:04:50 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/06/21 11:07:21 | 000,000,000 | ---D | M]

      [2011/05/11 08:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrador\AppData\Roaming\mozilla\Extensions
      [2012/05/09 13:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\74d8q59t.default\extensions
      [2011/12/26 21:04:10 | 000,000,000 | ---D | M] (Cuevana Stream) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\74d8q59t.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}
      [2012/07/28 12:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/08/28 15:50:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      [2012/08/12 12:08:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
      [2012/03/13 03:00:27 | 000,004,080 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/03/13 03:00:27 | 000,002,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolibre-ar.xml
      [2012/03/13 03:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/05/13 08:33:12 | 000,000,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-ar.xml

      O1 HOSTS File: ([2011/02/06 17:07:43 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: 127.0.0.1 websig.pulsemicro.com
      O1 - Hosts: 66.232.102.249 google.com
      O1 - Hosts: 66.232.102.249 google.com.au
      O1 - Hosts: 66.232.102.249 www.google.com.au
      O1 - Hosts: 66.232.102.249 google.be
      O1 - Hosts: 66.232.102.249 www.google.be
      O1 - Hosts: 66.232.102.249 google.com.br
      O1 - Hosts: 66.232.102.249 www.google.com.br
      O1 - Hosts: 66.232.102.249 google.ca
      O1 - Hosts: 66.232.102.249 www.google.ca
      O1 - Hosts: 66.232.102.249 google.ch
      O1 - Hosts: 66.232.102.249 www.google.ch
      O1 - Hosts: 66.232.102.249 google.de
      O1 - Hosts: 66.232.102.249 www.google.de
      O1 - Hosts: 66.232.102.249 google.dk
      O1 - Hosts: 66.232.102.249 www.google.dk
      O1 - Hosts: 66.232.102.249 google.fr
      O1 - Hosts: 66.232.102.249 www.google.fr
      O1 - Hosts: 66.232.102.249 google.ie
      O1 - Hosts: 66.232.102.249 www.google.ie
      O1 - Hosts: 66.232.102.249 google.it
      O1 - Hosts: 66.232.102.249 www.google.it
      O1 - Hosts: 66.232.102.249 google.co.jp
      O1 - Hosts: 66.232.102.249 www.google.co.jp
      O1 - Hosts: 23 more lines...
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
      O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
      O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://multilab.com.ar/sitio/ImageUploader4.cab (Image Uploader Control)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A9A5031-75B7-4495-A7E3-037884E93436}: DhcpNameServer = 192.168.1.1 192.168.1.1
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\Shell - "" = AutoRun
      O33 - MountPoints2\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\Shell\AutoRun\command - "" = G:\Setup.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/09/21 12:53:08 | 000,000,000 | ---D | C] -- C:\_DT-Kill
      [2012/09/17 16:43:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
      [2012/09/13 21:31:43 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
      [2012/09/13 21:31:43 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
      [2012/09/13 21:31:42 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
      [2012/09/13 21:31:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
      [2012/09/02 21:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
      [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/09/21 20:34:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4053746174-582480634-247250992-500UA.job
      [2012/09/21 20:34:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4053746174-582480634-247250992-500Core.job
      [2012/09/21 17:18:29 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/09/21 17:18:29 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/09/21 17:17:35 | 000,733,460 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/09/21 17:17:35 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/09/21 17:17:35 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/09/21 17:17:35 | 000,018,986 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/09/21 17:17:35 | 000,007,278 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/09/21 17:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/09/21 17:13:20 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/16 21:34:02 | 000,001,549 | ---- | M] () -- C:\Users\Administrador\Desktop\TeamSpeak.lnk
      [2012/09/16 21:07:43 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/16 20:44:57 | 000,013,922 | ---- | M] () -- C:\Users\Administrador\Desktop\Torrent.lnk
      [2012/09/12 16:17:01 | 000,000,240 | -H-- | M] () -- C:\Windows\tasks\WjrnQPg.job
      [2012/09/11 06:56:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\WjrnQPg.exe
      [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
      [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/09/16 21:34:02 | 000,001,549 | ---- | C] () -- C:\Users\Administrador\Desktop\TeamSpeak.lnk
      [2012/09/16 21:07:43 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/09/16 20:44:57 | 000,013,922 | ---- | C] () -- C:\Users\Administrador\Desktop\Torrent.lnk
      [2012/09/11 15:56:14 | 000,000,240 | -H-- | C] () -- C:\Windows\tasks\WjrnQPg.job
      [2012/09/11 06:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WjrnQPg.exe
      [2012/05/12 20:31:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
      [2011/11/09 23:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
      [2011/11/09 23:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
      [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
      [2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
      [2011/09/12 20:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
      [2011/04/22 10:13:10 | 000,000,033 | ---- | C] () -- C:\Windows\Disney.ini
      [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
      [2011/03/06 15:15:28 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
      [2011/03/06 15:15:13 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
      [2011/03/06 15:15:12 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
      [2011/02/11 22:39:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
      [2011/01/22 08:03:41 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
      [2011/01/22 08:03:41 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
      [2010/12/20 17:47:43 | 000,014,336 | -H-- | C] () -- C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== ZeroAccess Check ==========

      [2012/05/24 16:27:25 | 000,000,000 | -H-D | M] -- C:\Users\Administrador\AppData\LocalLow\Microsoft\Silverlight\is\bybaqimb.avp\v0cbooew.msl\1\l
      [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      < End of report >

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Virus de doble tilde contin''ua

      Hola golcito21

      al Foro.

      Consejos para antes de publicar un nuevo mensaje

      Políticas del Foro de InfoSpyware

      Políticas Foro Oficial de HijackThis en español
      --------------------------------------------------





      Realiza lo siguiente:






      1.-Ejecutar OTL.exe
      • Pegue el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:
        • NOTA: No copiar la palabra codigo.

        Código:
        :OTL
        IE - HKCU\..\SearchScopes\{1F44113C-9612-459D-9970-3438E075249C}: "URL" = http://findgala.com/?&uid=289&q={searchTerms}
        IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
        IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
        FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
        FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
        FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
        FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
        FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
        FF - prefs.js..network.proxy.no_proxies_on: "*.local"
        FF - prefs.js..network.proxy.type: 0
        FF - user.js - File not found
        O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
        O1364bit: - gopher Prefix: missing
        O13 - gopher Prefix: missing
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
        O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
        O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
        O18:64bit: - Protocol\Handler\livecall - No CLSID value found
        O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
        O18:64bit: - Protocol\Handler\msnim - No CLSID value found
        O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
        O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
        O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
        O33 - MountPoints2\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\Shell - "" = AutoRun
        O33 - MountPoints2\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\Shell\AutoRun\command - "" = G:\Setup.exe
        O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
        [2012/09/21 20:34:01 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4053746174-582480634-247250992-500UA.job
        [2012/09/21 20:34:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4053746174-582480634-247250992-500Core.job
        [2012/09/12 16:17:01 | 000,000,240 | -H-- | M] () -- C:\Windows\tasks\WjrnQPg.job
        [2012/09/11 06:56:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\WjrnQPg.exe
        [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
        [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
        [2012/09/11 15:56:14 | 000,000,240 | -H-- | C] () -- C:\Windows\tasks\WjrnQPg.job
        [2012/09/11 06:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WjrnQPg.exe
        [2010/12/20 17:47:43 | 000,014,336 | -H-- | C] () -- C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        [2012/05/24 16:27:25 | 000,000,000 | -H-D | M] -- C:\Users\Administrador\AppData\LocalLow\Microsoft\ Silverlight\is\bybaqimb.avp\v0cbooew.msl\1\l
        [2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
        
        
        :commands
        [resethosts]
        [emptyflash]
        [emptytemp]
        [emptyjava]
        [Reboot]
      • Luego haga clic en el botón Reparar en la parte superior.
      • Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
      • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.


      Desinstala todas la versiones antiguas que tienes de Java >>> Manual de JavaRa y actualizas a su ultima versión. Version 7 Update 7



      Nos comentas los resultados.

      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de golcito21
      Registrado
      sep 2012
      Ubicación
      San Martin
      Mensajes
      2

      Re: Virus de doble tilde contin''ua

      Antes que nada... MIL gracias por la ayuda!

      La verdad, ni me presente en el foro como corresponde, porque cuando lei lo dañiño que era este virus, entre en panico!

      Aparentemente pude desinfectarlo con tus instrucciones del OTL. Adjunto el Log, por las dudas, pero en principio, ya no aparece la doble tilde.

      All processes killed
      ========== OTL ==========
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F44113C-9612-459D-9970-3438E075249C}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F44113C-9612-459D-9970-3438E075249C}\ not found.
      HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
      HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
      Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
      Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
      Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
      Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
      Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
      Prefs.js: "*.local" removed from network.proxy.no_proxies_on
      Prefs.js: 0 removed from network.proxy.type
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
      Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
      Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
      File Protocol\Handler\livecall - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
      File Protocol\Handler\ms-help - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
      File Protocol\Handler\msnim - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
      File Protocol\Handler\skype4com - No CLSID value found not found.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
      File Protocol\Handler\wlmailhtml - No CLSID value found not found.
      64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5fea4d5-bd2b-11e1-9ab5-485b39a330e1}\ not found.
      File G:\Setup.exe not found.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053746174-582480634-247250992-500UA.job moved successfully.
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4053746174-582480634-247250992-500Core.job moved successfully.
      C:\Windows\Tasks\WjrnQPg.job moved successfully.
      C:\Windows\SysWOW64\WjrnQPg.exe moved successfully.
      C:\Windows\SysWow64\tmp5977.tmp deleted successfully.
      C:\Windows\SysWow64\tmp5988.tmp deleted successfully.
      C:\Windows\SysWow64\tmp6045.tmp deleted successfully.
      C:\Windows\SysWow64\tmp6046.tmp deleted successfully.
      C:\Windows\msdownld.tmp folder deleted successfully.
      File C:\Windows\tasks\WjrnQPg.job not found.
      File C:\Windows\SysWow64\WjrnQPg.exe not found.
      C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
      Folder C:\Users\Administrador\AppData\LocalLow\Microsoft\ Silverlight\is\bybaqimb.avp\v0cbooew.msl\1\l\ not found.
      C:\Windows\assembly\Desktop.ini moved successfully.
      ========== COMMANDS ==========
      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      [EMPTYFLASH]

      User: Administrador
      ->Flash cache emptied: 3158 bytes

      User: All Users

      User: Default

      User: Default User

      User: Public

      Total Flash Files Cleaned = 0,00 mb


      [EMPTYTEMP]

      User: Administrador
      ->Temp folder emptied: 975014 bytes
      ->Temporary Internet Files folder emptied: 254231595 bytes
      ->Java cache emptied: 12306644 bytes
      ->FireFox cache emptied: 65585467 bytes
      ->Flash cache emptied: 0 bytes

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 1490 bytes
      %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52905 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 318,00 mb


      [EMPTYJAVA]

      User: Administrador
      ->Java cache emptied: 0 bytes

      User: All Users

      User: Default

      User: Default User

      User: Public

      Total Java Files Cleaned = 0,00 mb


      OTL by OldTimer - Version 3.2.66.0 log created on 09232012_193211

      Files\Folders moved on Reboot...
      C:\Users\Administrador\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGN4P0PC\ads[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGEH26OB\tweet_button.1347008535[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S76MBHDR\fastbutton[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S76MBHDR\fastbutton[2].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S76MBHDR\t214251[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9VMFYMR\ads[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9VMFYMR\ads[2].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1ECGOND\ads[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K27GJKNO\like[2].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K27GJKNO\like[3].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7O9J17Z\ads[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7O9J17Z\fastbutton[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HTD5E8\search[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HTD5E8\t440238[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NWV46ZG\ads[1].htm moved successfully.
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09Z2WQ46\ads[1].htm moved successfully.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...
      Una vez mas, gracias y espero poder devolver la ayuda de alguna manera algun dia.

    4. #4
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Virus de doble tilde contin''ua

      Hola:


      Reinicia el equipo y prueba como va.



      Nos comentas.



      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.