• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 13

    Virus, me consume ram y internet (Reabierto)

    Escanie con el avast y encontre que tengo virus en el reproductor de windows media, cada ves que los borro el internet y la ram de mi pc vuelven a la normaildad, el problema es ...

    1. #1
      Usuario Avatar de zabattaro
      Registrado
      oct 2012
      Ubicación
      buenos aires
      Mensajes
      11

      Investigación Virus, me consume ram y internet (Reabierto)

      Escanie con el avast y encontre que tengo virus en el reproductor de windows media, cada ves que los borro el internet y la ram de mi pc vuelven a la normaildad, el problema es que siempre vuelve el virus, quisiera saver si alguno me puede leer el log y decirme si encuentra algo



      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 09:42:27 a.m., on 06/10/2012
      Platform: Windows 7 (WinNT 6.00.3504)
      MSIE: Internet Explorer v9.00 (9.00.8112.16421)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskhost.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\NetLimiter 3\NLClientApp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
      C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.ask.com/?l=dis&o=14672
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ListaMusical - Solo Musica Brabaza
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
      O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
      O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
      O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
      O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
      O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: Descargar con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
      O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O17 - HKLM\System\CCS\Services\Tcpip\..\{2C5A4099-A617-48D7-BDA2-562DD1A04B00}: NameServer = 8.26.56.26,156.154.70.22
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6301649D-61BC-432C-8DAE-B51D7FCC3ED8}: NameServer = 8.26.56.26,156.154.70.22
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Overwolf\SKYPE4~2.DLL
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - AppInit_DLLs: ?GÄG?????G?G?G??LANG
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
      O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
      O23 - Service: AMD FUEL Service - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
      O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files\Overwolf\OverwolfUpdater.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
      O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
      O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
      O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
      O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
      O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
      O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
      O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

      --
      End of file - 22324 bytes



      y otra cosa alguno me puede explicar como subo el archivo adjunto aqui

    2. #2
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.699

      Re: Virus, me consume ram y internet

      Buenas zabattaro. al Foro.

      Temas que interesa revisar y leer :

      Consejos para antes de publicar un nuevo mensaje.

      Políticas del Foro de InfoSpyware.

      Políticas Foro Oficial de HijackThis en español.

      ¿Cómo subir imágenes al Foro? *TUTORIAL*
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      y otra cosa alguno me puede explicar como subo el archivo adjunto aqui
      No debes subir ningún fichero, simplemente debes copiar el informe, como ya hiciste.

      Ahora sigue estos pasos :

      Descarga >> AT-Destroyer (Adwares/Toolbars-Destroyer) by @Infospyware.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Aparecerá el Disclaimer, si estás de acuerdo, presiona SI para continuar.
      • Presiona sobre la opción 1 (Buscar y Destruir) para comenzar es escaneo.
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • En caso de estar infectado, AT-Destroyer lo indicará con lineas rojas donde se haya encontrado la infección, sino, serán lineas verdes.
      • Una vez terminado el escaneo, podrás volver a ver el escritorio y se te abrirá un reporte, que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.(También lo puedes encontrar en C:\AT-Destroyer.log)
      • Inmediatamente debes Reiniciar el equipo.


      Descarga y ejecuta >> Ccleaner.

      • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Descarga, actualiza y ejecuta >> Malwarebytes’ Anti-Malware.

      • En la pestaña Actualizar pulsas sobre el botón "Buscar Actualizaciones"
      • En la pestaña Escáner marcas "Realizar un Examen Completo."
      • Con la opción de "quitar lo seleccionado" lo mandas todo a la cuarentena y reinicias el sistema.
      • En la pestaña "Registros", encontrarás el informe del MBAM, lo copias y pegas en tu próxima respuesta, para analizarlo.


      Y finalmente descarga >> OTL By OldTimer

      >>> Para Ejecutar OTL sigue estos pasos :

      • Cerrar todos programas que tengas abiertos y hacer doble click en el ícono de OTL para ejecutarlo.
      • Dejarlo correr y esperar a que aparezca el menú de OTL..
      • Cuando salga el menú de OTL, debes cambiar debajo de: "Tipo de Análisis" poniendo Resultado Mínimo.
      • Marcar la casilla Analizar Todos.
      • Marcar las opciones: Buscar LOP y Buscar Purity.
      • Marcar las Opciones >> Omitir Archivos De Microsoft y Usar Listado de Compañías Reconocidas.
      • Copiar y Pegar las lineas del siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presionar el botón .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos archivos estarán grabados en el mismo lugar donde OTL.exe fue descargado.
      • Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.


      En tu próxima respuesta recuerda:

      - Ponernos los informes de AT-Destroyer, Malwarebytes' Anti-Malware y OTL.txt.

      - Y nos cuentas como funciona tu equipo, en relación al problema planteado.

      Saludos, Javier.
      Última edición por @Javier_HF fecha: 12/10/12 a las 14:07:21
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de zabattaro
      Registrado
      oct 2012
      Ubicación
      buenos aires
      Mensajes
      11

      Re: Virus, me consume ram y internet

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      InfoSpyware
      Fecha iniciada en el analisis 12/10/2012
      Hora iniciada en el analisis 19:16:27,53
      Usuario Actual : [C:\Users\Zabattaro]
      Sistema Operativo: Windows 7 Professional
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Zabattaro-Administrador]
      Versión Google Chrome: 23.0.1243.2
      Versión Mozilla Firefox: 15.0.1

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======


      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | ( {98889811-442D-49dd-99D7-DC866BE87DBC} )
      HKEY_CLASSES_ROOT\AppID\escort.DLL
      HKEY_CLASSES_ROOT\AppID\escort.DLL
      HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths
      HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\Mipony.exe
      HKEY_LOCAL_MACHINE\SOFTWARE\Conduit


      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Program Files\babylontoolbar\BabylonToolbar
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17
      C:\Program Files\babylontoolbar\BabylonToolbar\1.5.3.17\bh
      "C:\Program Files\babylontoolbar"
      C:\Users\Zabattaro\Appdata\Local\Babylon\Setup
      C:\Users\Zabattaro\Appdata\Local\Babylon\Setup\latest_6.12.zpb
      C:\Users\Zabattaro\Appdata\Local\Babylon\Setup\Setup-tbmntr903.zpb
      "C:\Users\Zabattaro\Appdata\Local\Babylon"
      C:\Users\Zabattaro\AppData\Roaming\Babylon\log_file.txt
      "C:\Users\Zabattaro\AppData\Roaming\Babylon"
      "C:\ProgramData\Babylon"
      C:\ProgramData\Ask\APN-Stub
      "C:\ProgramData\Ask"
      C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      C:\Users\Zabattaro\Appdata\Local\GDIPFONTCACHEV1.DAT
      C:\user.js


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\system32\blank.htm

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == Bing
      Default_Page_URL == MSN.com


      "HKEY_USERS\S-1-5-21-3484223775-3569837820-3694952800-1000\Software\Microsoft\Internet Explorer\Main"
      Start Page == Google
      Search Page == Bing
      Local Page == C:\Windows\system32\blank.htm


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,
      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======

    4. #4
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.699

      Re: Virus, me consume ram y internet

      Te faltan los logs de Malwarebytes y OTL, cuando los tengas todos los pones.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de zabattaro
      Registrado
      oct 2012
      Ubicación
      buenos aires
      Mensajes
      11

      Re: Virus, me consume ram y internet

      Malwarebytes Anti-Malware 1.65.0.1400
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.10.13.09

      Windows 7 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Zabattaro :: NICOLAS-PC [administrador]

      13/10/2012 05:01:20 p.m.
      mbam-log-2012-10-13 (17-01-20).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 353576
      Tiempo transcurrido: 1 hora(s), 22 minuto(s), 43 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 1
      HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 6
      C:\Program Files\NCsoft\Lineage II Freya\LineageII.exe (Trojan.Downloader) -> En cuarentena y eliminado con éxito.
      C:\Program Files\NCsoft\Lineage II Freya - copia\LineageII.exe (Trojan.Downloader) -> En cuarentena y eliminado con éxito.
      C:\Program Files\NCsoft\Lineage II Gracia Final\system\msxml4b.dll (Spyware.Agent) -> En cuarentena y eliminado con éxito.
      C:\Users\Zabattaro\AppData\Roaming\desktop.ini (Rootkit.0access) -> En cuarentena y eliminado con éxito.
      C:\Users\Zabattaro\AppData\Roaming\ntuser.dat (Misused.Legit) -> En cuarentena y eliminado con éxito.
      C:\Users\Zabattaro\AppData\Roaming\Thinstall\Vb6\4000001cc00002i\VB6.EXE (Rootkit.Dropper) -> En cuarentena y eliminado con éxito.

      fin)

    6. #6
      Usuario Avatar de zabattaro
      Registrado
      oct 2012
      Ubicación
      buenos aires
      Mensajes
      11

      Re: Virus, me consume ram y internet

      OTL logfile created on: 13/10/2012 09:18:14 p.m. - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zabattaro\Downloads
      Professional (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,36% Memory free
      4,00 Gb Paging File | 2,71 Gb Available in Paging File | 67,66% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 298,09 Gb Total Space | 122,76 Gb Free Space | 41,18% Space Free | Partition Type: NTFS

      Computer Name: NICOLAS-PC | User Name: Zabattaro | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Zabattaro\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
      PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
      PRC - C:\Archivos de programa\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
      PRC - C:\Archivos de programa\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Windows\System32\atieclxx.exe (AMD)
      PRC - C:\Windows\System32\atiesrxx.exe (AMD)
      PRC - C:\Archivos de programa\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
      PRC - C:\Archivos de programa\NetLimiter 3\nlsvc.exe (Locktime Software)
      PRC - C:\Archivos de programa\NetLimiter 3\NLClientApp.exe (Locktime Software)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\38c7b1199d544eeec3e4df39e1b8125a\WindowsFormsIntegration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06623b3ab0c6af2ebba43aa2fa0e211f\PresentationFramework.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\43c26b0f01acc4b15423a49af278e1df\PresentationCore.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
      MOD - C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
      MOD - C:\Archivos de programa\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
      MOD - C:\Archivos de programa\NetLimiter 3\nlsvcPS.dll ()
      MOD - C:\Archivos de programa\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_es_31bf3856ad364e35\PresentationFramework.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\System.Windows.Forms.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\System.resources.dll ()


      ========== Services (SafeList) ==========

      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (xsherlock) -- C:\Windows\System32\xsherlock.xem (Wellbia.com Co., Ltd.)
      SRV - (OverwolfUpdaterService) -- C:\Archivos de programa\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)
      SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (Hamachi2Svc) -- C:\Archivos de programa\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
      SRV - (avast! Antivirus) -- C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
      SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
      SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
      SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
      SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
      SRV - (nlsvc) -- C:\Archivos de programa\NetLimiter 3\nlsvc.exe (Locktime Software)
      SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
      SRV - (osppsvc) -- C:\Archivos de programa\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
      SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (xhunter1) -- C:\Windows\xhunter1.sys File not found
      DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found
      DRV - (vtany) -- C:\Windows\vtany.sys File not found
      DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
      DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
      DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
      DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
      DRV - (AODDriver4.1) -- C:\Archivos de programa\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
      DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
      DRV - (NLNdisPT) -- C:\Windows\System32\drivers\nlndis.sys (Locktime Software)
      DRV - (NLNdisMP) -- C:\Windows\System32\drivers\nlndis.sys (Locktime Software)
      DRV - (nltdi) -- C:\Archivos de programa\NetLimiter 3\nltdi.sys (Locktime Software)
      DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
      DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology, Corp.)
      DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
      DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
      DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
      DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
      DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
      DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger y más en MSN Argentina, noticias, entretenimiento, deportes, videos.
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-AR
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD EB CC 10 B4 33 CD 01 [binary data]
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112842&babsrc=SP_ss&mntrId=c4b88cba000000000000000c093000c8
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\..\SearchScopes\{FB0A9A52-BBF0-4D08-B4B0-D5509FAC2850}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYAR&apn_uid=1f57b819-bac6-4915-bbc0-358d83604b14&apn_sauid=D0CECEB9-CE7C-4368-9CEA-2E651E4E8F78
      IE - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
      FF - prefs.js..keyword.URL: "http://google.com"
      FF - prefs.js..network.proxy.type: 0


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
      FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/25 01:48:50 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 17:23:20 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2012/05/16 19:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zabattaro\AppData\Roaming\mozilla\Extensions
      [2012/08/24 17:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zabattaro\AppData\Roaming\mozilla\Firefox\Profiles\rax1miem.default\extensions
      [2012/07/25 21:09:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Zabattaro\AppData\Roaming\mozilla\firefox\profiles\rax1miem.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/09/07 17:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/08/25 01:48:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
      [2012/09/07 17:23:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2012/09/01 18:05:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/09/01 18:05:36 | 000,003,882 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/09/01 18:05:36 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2012/09/01 18:05:36 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      [2012/09/01 18:05:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/09/01 18:05:36 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: Google
      CHR - Extension: No name found = C:\Users\Zabattaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: No name found = C:\Users\Zabattaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: No name found = C:\Users\Zabattaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
      CHR - Extension: No name found = C:\Users\Zabattaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2012/09/02 18:08:34 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 foro.inexinferis.com.ar
      O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Archivos de programa\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
      O4 - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
      O7 - HKU\S-1-5-21-3484223775-3569837820-3694952800-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
      O8 - Extra context menu item: &Enviar a OneNote - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O8 - Extra context menu item: Descargar con Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C5A4099-A617-48D7-BDA2-562DD1A04B00}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C5A4099-A617-48D7-BDA2-562DD1A04B00}: NameServer = 8.26.56.26,156.154.70.22
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6301649D-61BC-432C-8DAE-B51D7FCC3ED8}: NameServer = 8.26.56.26,156.154.70.22
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8780AD36-C435-4123-B998-AF74068A2584}: DhcpNameServer = 192.168.1.1
      O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Overwolf\SKYPE4~2.DLL (Skype Technologies)
      O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - AppInit_DLLs: (䴨ǦÄǦڙῖ陪က䴸ǦୀǦౘǦ㵅慚LANG) - File not found
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O33 - MountPoints2\{591430d5-b70b-11e1-adef-da3d038f672c}\Shell - "" = AutoRun
      O33 - MountPoints2\{591430d5-b70b-11e1-adef-da3d038f672c}\Shell\AutoRun\command - "" = E:\Autorun_By_VictorVal.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (sdnclean.exe)
      O34 - HKLM BootExecute: (aswBoot.exe /M:2080a06c049)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - StartUpReg: SDTray - hkey= - key= - Reg Error: Value error. File not found
      MsConfig - State: "services" - 2
      MsConfig - State: "startup" - 2

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/10/13 16:58:37 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Malwarebytes
      [2012/10/13 16:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/10/13 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/10/13 16:57:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
      [2012/10/13 16:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2012/10/12 19:16:20 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/10/12 18:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
      [2012/10/12 18:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual SourceSafe
      [2012/10/12 18:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
      [2012/10/12 18:16:10 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
      [2012/10/12 18:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
      [2012/10/12 18:15:53 | 000,000,000 | ---D | C] -- C:\Windows\msapps
      [2012/10/12 18:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
      [2012/10/12 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Thinstall
      [2012/10/06 10:12:03 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\GlarySoft
      [2012/10/06 10:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
      [2012/10/06 10:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
      [2012/10/06 09:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
      [2012/10/06 09:41:16 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
      [2012/09/30 17:51:43 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Local\Locktime
      [2012/09/30 17:49:37 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
      [2012/09/30 17:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
      [2012/09/30 17:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
      [2012/09/25 12:20:29 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\Documents\Cross Fire
      [2012/09/25 12:20:28 | 000,000,000 | ---D | C] -- C:\CFLog
      [2012/09/24 09:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
      [2012/09/24 0957 | 000,000,000 | ---D | C] -- C:\Program Files\Z8Games
      [2012/09/23 12:30:24 | 000,000,000 | -H-D | C] -- C:\VritualRoot
      [2012/09/22 08:38:49 | 000,000,000 | ---D | C] -- C:\steampipetools
      [2012/09/22 08:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
      [2012/09/17 21:28:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
      [2012/09/17 19:42:01 | 000,666,720 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem
      [2012/09/17 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\Documents\C9
      [2012/09/17 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webzen Hub
      [2012/09/17 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Overwolf
      [2012/09/17 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Overwolf
      [2012/09/17 18:11:32 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Local\Overwolf
      [2012/09/17 18:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
      [2012/09/17 18:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9
      [2012/09/17 17:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\WEBZEN
      [2012/09/16 13:04:25 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
      [2012/09/16 13:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InmortalGames
      [2012/09/16 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
      [2012/09/16 01:31:44 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
      [2012/09/16 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Local\PMB Files
      [2012/09/16 01:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
      [2012/09/16 01:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
      [2012/09/16 01:30:35 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Local\Pando_Temp
      [2012/09/16 01:28:33 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\AppData\Local\assembly
      [2012/09/15 10:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
      [2012/09/15 09:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
      [2012/09/15 09:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
      [2012/09/14 18:59:40 | 000,000,000 | ---D | C] -- C:\Users\Zabattaro\tekkit
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/10/13 21:20:02 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/10/13 21:20:01 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/10/13 21:12:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/10/13 21:12:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/10/13 21:12:38 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
      [2012/10/13 20:37:27 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/10/13 16:57:43 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/10/12 18:22:26 | 000,001,617 | ---- | M] () -- C:\Users\Zabattaro\Desktop\VB6.EXE - Acceso directo.lnk
      [2012/10/12 18:16:31 | 000,000,535 | ---- | M] () -- C:\Windows\ODBCINST.INI
      [2012/10/12 18:16:31 | 000,000,288 | ---- | M] () -- C:\Windows\ODBC.INI
      [2012/10/12 17:59:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2012/10/12 17:59:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/10/12 15:53:14 | 000,707,200 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/10/12 15:53:14 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/10/12 15:53:14 | 000,138,768 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/10/12 15:53:14 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/10/09 19:33:48 | 001,215,817 | ---- | M] () -- C:\Users\Zabattaro\Desktop\IMG_09102012_193150.png
      [2012/10/08 01:57:09 | 000,355,593 | ---- | M] () -- C:\Users\Zabattaro\Desktop\2012-10-08_01.56.15.png
      [2012/10/06 14:49:50 | 000,007,606 | ---- | M] () -- C:\Users\Zabattaro\AppData\Local\Resmon.ResmonCfg
      [2012/10/06 10:09:37 | 000,001,028 | ---- | M] () -- C:\Users\Zabattaro\Desktop\Glary Utilities.lnk
      [2012/10/06 10:00:22 | 000,001,479 | ---- | M] () -- C:\Users\Zabattaro\Desktop\Visual Basic 6.0 [Portable].exe - Acceso directo.lnk
      [2012/10/06 09:41:16 | 000,002,983 | ---- | M] () -- C:\Users\Zabattaro\Desktop\HiJackThis.lnk
      [2012/09/24 09:15:01 | 000,001,098 | ---- | M] () -- C:\Users\Zabattaro\Desktop\CrossFire.lnk
      [2012/09/23 20:58:28 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\System32\xsherlock.xem
      [2012/09/23 15:38:16 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
      [2012/09/20 20:05:00 | 000,001,275 | ---- | M] () -- C:\Users\Zabattaro\Desktop\L2.exe - Acceso directo.lnk
      [2012/09/19 15:38:42 | 001,223,748 | ---- | M] () -- C:\Users\Zabattaro\Desktop\IMG_19092012_153740.png
      [2012/09/17 19:42:36 | 000,000,758 | ---- | M] () -- C:\Windows\System32\C9.cfg
      [2012/09/17 18:21:26 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\Webzen Hub.lnk
      [2012/09/17 18:09:26 | 000,001,902 | ---- | M] () -- C:\Users\Zabattaro\Desktop\C9.lnk
      [2012/09/16 20:29:12 | 000,001,145 | ---- | M] () -- C:\Users\Zabattaro\Desktop\LineageII.exe - Acceso directo.lnk
      [2012/09/16 1337 | 000,000,000 | ---- | M] () -- C:\Windows\System\sycemqrw.oya
      [2012/09/16 13:04:17 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\IG Lineage2.lnk
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/10/13 16:57:43 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/10/12 19:16:20 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/10/12 19:16:20 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/10/12 19:16:20 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/10/12 18:22:26 | 000,001,617 | ---- | C] () -- C:\Users\Zabattaro\Desktop\VB6.EXE - Acceso directo.lnk
      [2012/10/12 18:16:30 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
      [2012/10/12 18:16:30 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
      [2012/10/12 17:59:29 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
      [2012/10/12 17:59:29 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
      [2012/10/09 19:32:28 | 001,215,817 | ---- | C] () -- C:\Users\Zabattaro\Desktop\IMG_09102012_193150.png
      [2012/10/08 01:56:47 | 000,355,593 | ---- | C] () -- C:\Users\Zabattaro\Desktop\2012-10-08_01.56.15.png
      [2012/10/06 10:09:39 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/10/06 10:09:37 | 000,001,028 | ---- | C] () -- C:\Users\Zabattaro\Desktop\Glary Utilities.lnk
      [2012/10/06 10:00:22 | 000,001,479 | ---- | C] () -- C:\Users\Zabattaro\Desktop\Visual Basic 6.0 [Portable].exe - Acceso directo.lnk
      [2012/10/06 09:41:16 | 000,002,983 | ---- | C] () -- C:\Users\Zabattaro\Desktop\HiJackThis.lnk
      [2012/09/24 09:15:01 | 000,001,098 | ---- | C] () -- C:\Users\Zabattaro\Desktop\CrossFire.lnk
      [2012/09/20 20:05:00 | 000,001,275 | ---- | C] () -- C:\Users\Zabattaro\Desktop\L2.exe - Acceso directo.lnk
      [2012/09/19 15:37:21 | 001,223,748 | ---- | C] () -- C:\Users\Zabattaro\Desktop\IMG_19092012_153740.png
      [2012/09/17 19:42:36 | 000,000,758 | ---- | C] () -- C:\Windows\System32\C9.cfg
      [2012/09/17 18:21:26 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\Webzen Hub.lnk
      [2012/09/17 18:09:26 | 000,001,902 | ---- | C] () -- C:\Users\Zabattaro\Desktop\C9.lnk
      [2012/09/16 20:29:12 | 000,001,145 | ---- | C] () -- C:\Users\Zabattaro\Desktop\LineageII.exe - Acceso directo.lnk
      [2012/09/16 1337 | 000,000,000 | ---- | C] () -- C:\Windows\System\sycemqrw.oya
      [2012/09/16 13:04:17 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\IG Lineage2.lnk
      [2012/09/15 10:00:17 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
      [2012/09/07 21:03:01 | 000,000,782 | ---- | C] () -- C:\Users\Zabattaro\AppData\Roaming\technic-launcher.jar - Acceso directo.lnk
      [2012/08/24 18:32:25 | 000,002,821 | ---- | C] () -- C:\Users\Zabattaro\users.ini
      [2012/08/05 03:43:06 | 000,004,065 | ---- | C] () -- C:\Users\Zabattaro\AppData\Roaming\icon.png
      [2012/08/05 03:36:34 | 000,043,437 | ---- | C] () -- C:\Users\Zabattaro\AppData\Roaming\logo.png
      [2012/08/02 05:13:38 | 000,574,825 | ---- | C] () -- C:\Users\Zabattaro\AppData\Roaming\technic-launcher.jar
      [2012/07/30 17:41:42 | 000,007,606 | ---- | C] () -- C:\Users\Zabattaro\AppData\Local\Resmon.ResmonCfg
      [2012/06/15 19:25:24 | 000,001,506 | ---- | C] () -- C:\Windows\Sandboxie.ini
      [2012/06/07 13:24:37 | 003,668,038 | ---- | C] () -- C:\Users\Zabattaro\Zabattaro.rar
      [2012/06/07 13:19:48 | 000,940,497 | ---- | C] () -- C:\Users\Zabattaro\Hombre Al Agua.zip
      [2012/05/16 19:58:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
      [2012/05/16 17:24:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
      [2012/05/15 20:34:34 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
      [2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
      [2012/04/05 22:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
      [2012/04/05 22:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
      [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
      [2012/01/10 1808 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
      [2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 06:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/09/15 21:38:59 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\.minecraft
      [2012/10/10 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\.techniclauncher
      [2012/08/29 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\BACK
      [2012/08/04 07:46:56 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\cache
      [2012/07/29 00:13:53 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\Charles
      [2012/09/08 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\DAEMON Tools Lite
      [2012/09/08 12:32:03 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\FileZilla
      [2012/10/06 10:12:03 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\GlarySoft
      [2012/05/17 18:41:42 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\KastorAllVideoDownloader
      [2012/08/01 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\launcher
      [2012/08/04 07:46:56 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\logs
      [2012/05/18 14:12:22 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\LolClient
      [2012/05/23 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\LolClient2
      [2012/07/12 08:19:25 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\Mipony
      [2012/05/16 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\Notepad++
      [2012/08/01 13:46:30 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\Nueva carpeta
      [2012/09/23 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\TeamViewer
      [2012/08/04 07:46:55 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\tekkit
      [2012/08/01 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\temp
      [2012/07/16 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\The Creative Assembly
      [2012/10/12 15:52:15 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\Thinstall
      [2012/10/13 16:01:04 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\TS3Client
      [2012/05/16 19:47:30 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\TuneUp Software
      [2012/10/13 16:01:04 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\uTorrent

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2009/10/08 20:48:10 | 000,000,374 | RHS- | M] () -- C:\7Emuldr
      [2012/10/13 16:56:56 | 000,000,566 | ---- | M] () -- C:\AT-Destroyer.txt
      [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
      [2012/05/15 15:38:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2009/10/22 19:52:10 | 000,204,868 | RHS- | M] () -- C:\grldr
      [2012/10/13 21:12:38 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
      [2012/10/12 17:59:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/10/12 17:59:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2012/10/13 21:12:39 | 2146,754,560 | -HS- | M] () -- C:\pagefile.sys
      [2012/10/13 16:56:55 | 000,000,120 | ---- | M] () -- C:\prueba.txt

      < End of report >

    7. #7
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.699

      Re: Virus, me consume ram y internet

      Ejecuta de nuevo OTL.exe

      Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación.

      Código:
      :OTL
      O20 - AppInit_DLLs: (?GÄG?????G?G?G??LANG) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O33 - MountPoints2\{591430d5-b70b-11e1-adef-da3d038f672c}\Shell - "" = AutoRun
      O33 - MountPoints2\{591430d5-b70b-11e1-adef-da3d038f672c}\Shell\AutoRun\command - "" = E:\Autorun_By_VictorVal.exe
      MsConfig - StartUpReg: SDTray - hkey= - key= - Reg Error: Value error. File not found
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [2012/10/13 21:12:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/10/06 10:09:39 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
      [2012/09/15 21:38:59 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\.minecraft
      [2012/07/12 08:19:25 | 000,000,000 | ---D | M] -- C:\Users\Zabattaro\AppData\Roaming\Mipony
      
      :Files
      ipconfig /flushdns /c
      ipconfig /renew /c
      
      :Commands
      [PURITY]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [RESETHOSTS]
      Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Guardas el nuevo reporte generado, y lo copias y pegas en tu próxima respuesta.

      Antes de contestarnos, y después de pasar OTL, revisa/actualiza tu versión de Java(Muy Importante) >> Descarga gratuita del software de Java

      Y cuando nos contestes dinos que versión de Java se ha quedado instalada >> ¿Cómo puedo comprobar si Java funciona en mi equipo?

      Recuerda ponernos el log de OTL, y dinos también que versión de Java tienes ahora y como sigue el ordenador, en relación al problema planteado.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de zabattaro
      Registrado
      oct 2012
      Ubicación
      buenos aires
      Mensajes
      11

      Re: Virus, me consume ram y internet

      All processes killed
      ========== OTL ==========
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:?GÄG?????G?G?G??LANG deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{591430d5-b70b-11e1-adef-da3d038f672c}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{591430d5-b70b-11e1-adef-da3d038f672c}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{591430d5-b70b-11e1-adef-da3d038f672c}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{591430d5-b70b-11e1-adef-da3d038f672c}\ not found.
      File E:\Autorun_By_VictorVal.exe not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SDTray\ deleted successfully.
      C:\Windows\msdownld.tmp folder deleted successfully.
      C:\Windows\Tasks\GlaryInitialize.job moved successfully.
      File C:\Windows\tasks\GlaryInitialize.job not found.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\texturepacks-mp-cache folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\texturepacks folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\stats folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\screenshots folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world12\region folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world12\players folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world12\data folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world12 folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world\region folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world\players folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world\data folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\world folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\Nuevo Mundo\region folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\Nuevo Mundo\data folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves\Nuevo Mundo folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\saves folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\streaming folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\sound\step folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\sound folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\pe folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\tile\piston folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\tile folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\step folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\random folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\portal folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\note folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\zombie folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\wolf folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\ghast folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\endermen folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\cat folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob\blaze folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\mob folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\liquid folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\fire folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\damage folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\ambient\weather folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\ambient\cave folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound\ambient folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newsound folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\newmusic folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources\music folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\resources folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\mods\rei_minimap folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\mods\mocreatures folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\mods\1.2.5 folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\mods folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\bin\natives folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft\bin folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\.minecraft folder moved successfully.
      C:\Users\Zabattaro\AppData\Roaming\Mipony folder moved successfully.
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Configuraci¢n IP de Windows

      Enhorabuena.
      Tiene instalada la versión de Java recomendada (Version 7 Update 7).

    9. #9
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.699

      Re: Virus, me consume ram y internet

      Creo que falta un trozo del informe de OTL, pero lo mas importante es que nos digas como sigue el equipo en relación al problema planteado.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #10
      Usuario Avatar de zabattaro
      Registrado
      oct 2012
      Ubicación
      buenos aires
      Mensajes
      11

      Re: Virus, me consume ram y internet

      Si el problema se a solucionado, cualquier duda te pregunto

    Página 1 de 2 12 ÚltimoÚltimo