• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 25

    eliminar Crownhub

    Vamos a realizar estos pasos: 1º- Ejecuta OTL.exe Copiá y Pegá el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación (la palabra código no va) Código: ...

    1. #11
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: eliminar Crownhub

      Vamos a realizar estos pasos:

      1º- Ejecuta OTL.exe


      Copiá y Pegá el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación (la palabra código no va)

      Código:
      OTL::
      DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110857&mntrId=e0e00b840000000000000026c7b826cb
      FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
      FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O1364bit: - gopher Prefix: missing
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
      O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      [2012/10/24 17:18:26 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
      [2012/01/16 20:00:07 | 000,000,176 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKXr
      [2012/01/16 19:58:49 | 000,000,296 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKX
      [2012/01/16 19:57:33 | 000,000,456 | ---- | C] () -- C:\ProgramData\HrZVnR8W2tZjKX
      C:\Windows\SysWow64\D8E31E0CCD.sys
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
      
      
      
      
      :commands
      [resethosts]
      [emptytemp]
      [Reboot]

      Pesioná el Botón Reparar para lanzar la eliminación. Presionas OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Guardas el nuevo reporte generado. para pegar un tu próxima respuesta

      2º- Elimina la versión antigua de JAVA y actualizala con JAVARA

      3º- Descarga e instala Revo Uninstall, tras esto desinstala Google Chrome.

      4º- Vuelves a instalar google Chrome

      5º- comenta como va el ordenador.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    2. #12
      Usuario Avatar de adaia
      Registrado
      ene 2012
      Ubicación
      Mallorca
      Mensajes
      18

      Re: eliminar Crownhub

      Reporte:


      Files\Folders moved on Reboot...
      C:\Users\Usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...



      Y el problema persiste...

    3. #13
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: eliminar Crownhub

      Ese no es el reporte, por favor localizalo y copia su contenido.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #14
      Usuario Avatar de adaia
      Registrado
      ene 2012
      Ubicación
      Mallorca
      Mensajes
      18

      Re: eliminar Crownhub

      Disculpa, pero no sé donde encontrarlo. Ese documento fue el único nuevo que se abrió después del reinicio.

    5. #15
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: eliminar Crownhub

      Comrpueba sí en tú escritorio hay un archivo llamado OTL.txt
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #16
      Usuario Avatar de adaia
      Registrado
      ene 2012
      Ubicación
      Mallorca
      Mensajes
      18

      Re: eliminar Crownhub

      Sí que lo hay, pero es el que se creó la primera vez.
      Última edición por adaia fecha: 05/11/12 a las 13:32:45

    7. #17
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: eliminar Crownhub

      Hola.

      Vuelve a hacer los pasos descritos en este post. nº4 pegando sus reportes.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de adaia
      Registrado
      ene 2012
      Ubicación
      Mallorca
      Mensajes
      18

      Re: eliminar Crownhub

      Hola,

      He repetido los dos pasos del post 4 y estos son los reportes...

      El de Malwarebytes:


      Malwarebytes Anti-Malware 1.65.1.1000
      www.malwarebytes.org

      Versión de la Base de Datos: v2012.11.05.04

      Windows 7 x64 NTFS
      Internet Explorer 8.0.7600.16385
      Usuario :: USUARIO-PC [administrador]

      05/11/2012 16:05:59
      mbam-log-2012-11-05 (16-05-59).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 348495
      Tiempo transcurrido: 47 minuto(s), 39 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 3
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> En cuarentena y eliminado con éxito.

      Archivos Detectados: 56
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\048bf0d1f90bbb498ab1ac58b2e2e663 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\048bf0d1f90bbb498ab1ac58b2e2e663_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\05959d4f1d01f6149294f0e2565e0e0a (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\05959d4f1d01f6149294f0e2565e0e0a_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\1cae717a609d46190f77658ee7768d03 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\1cae717a609d46190f77658ee7768d03_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\2800659db32f1a307bd9575f27a4bce9 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\2800659db32f1a307bd9575f27a4bce9_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\2f06f2f02f32b2da5bfeaae8464ed4a2 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\2f06f2f02f32b2da5bfeaae8464ed4a2_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\34366c7503c567b12cbf0173d8f0234b (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\34366c7503c567b12cbf0173d8f0234b_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\4ef0202f7c333a12f727dcd9342d5e79 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\4ef0202f7c333a12f727dcd9342d5e79_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\533b7a3e97c10f1ac87a7484efbae0d5 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\533b7a3e97c10f1ac87a7484efbae0d5_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\64869556bbb88989d98c0ebb2791c092 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\64869556bbb88989d98c0ebb2791c092_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\69aff99e5d90eb7c04672261b9783763 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\69aff99e5d90eb7c04672261b9783763_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\892de69cd0f31061b6c4f11253795260 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\892de69cd0f31061b6c4f11253795260_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\8a9418c23c13a5a04c34bec8df5352c8 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\8a9418c23c13a5a04c34bec8df5352c8_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\8aed682dbdb53bbe64be4299a1f777c6 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\8aed682dbdb53bbe64be4299a1f777c6_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\cb696eef857f1caff6b5e6aeb7bfcb6c (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\cb696eef857f1caff6b5e6aeb7bfcb6c_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\ea15f46b68de3232a26cfd2fe6a67eb7 (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\ea15f46b68de3232a26cfd2fe6a67eb7_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> En cuarentena y eliminado con éxito.
      C:\Users\Usuario\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> En cuarentena y eliminado con éxito.

      fin)



      Y éste el de OTL:

      OTL logfile created on: 05/11/2012 17:06:31 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Usuario\Desktop
      64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7600.16385)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3,79 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 53,28% Memory free
      7,58 Gb Paging File | 5,63 Gb Available in Paging File | 74,25% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 149,04 Gb Total Space | 100,34 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
      Drive D: | 427,59 Gb Total Space | 426,96 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

      Computer Name: USUARIO-PC | User Name: Usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Usuario\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\procmon.exe ()
      PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Users\Usuario\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      PRC - C:\Windows\AsScrPro.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
      PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink)
      PRC - C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
      PRC - C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
      PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
      PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
      PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


      ========== Modules (No Company Name) ==========

      MOD - C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\procmon.exe ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll ()
      MOD - C:\Users\Usuario\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
      MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
      MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
      MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
      MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()
      MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll ()
      MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()
      MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()
      MOD - C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMediaLibrary.dll ()
      MOD - C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvcPS.dll ()
      MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_es_31bf3856ad364e35\PresentationCore.resources.dll ()
      MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()


      ========== Services (SafeList) ==========

      SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
      SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
      SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
      SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
      SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
      SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
      SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
      SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
      SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
      SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
      DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
      DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
      DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
      DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
      DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
      DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
      DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
      DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
      DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
      DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
      DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
      DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
      DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
      DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
      DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
      DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
      DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
      DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
      DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
      DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
      DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
      DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
      DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
      DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
      DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
      DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
      DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
      DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
      DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
      DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
      DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
      DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
      DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
      DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
      DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
      DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
      DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
      DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
      DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
      DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
      DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
      IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
      IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110857&mntrId=e0e00b840000000000000026c7b826cb
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
      FF - prefs.js..browser.startup.homepage: "about:home"
      FF - prefs.js..extensions.enabledAddons: {E3D86202-CC7F-4870-8CCF-60319C0AF7BC}:1.0
      FF - prefs.js..keyword.URL: "http://google.com"


      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Usuario\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E3D86202-CC7F-4870-8CCF-60319C0AF7BC}: C:\Users\Usuario\AppData\Roaming\Mozilla\FireFox\{E3D86202-CC7F-4870-8CCF-60319C0AF7BC}.xpi [2012/07/04 19:38:24 | 000,008,439 | ---- | M] ()
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 12:17:12 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

      [2011/05/18 03:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Extensions
      [2012/10/25 16:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\gcs6ou9e.default\extensions
      [2012/10/30 12:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/07/04 19:38:24 | 000,008,439 | ---- | M] () (No name found) -- C:\USERS\USUARIO\APPDATA\ROAMING\MOZILLA\FIREFOX\{E3D86202-CC7F-4870-8CCF-60319C0AF7BC}.XPI
      [2012/10/24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
      [2012/10/25 00:30:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
      [2012/10/25 00:30:20 | 000,003,882 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
      [2012/10/25 00:30:20 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
      [2012/10/25 00:30:20 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
      [2012/10/25 00:30:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/10/25 00:30:19 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

      O1 HOSTS File: ([2012/10/30 11:30:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
      O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
      O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
      O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
      O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
      O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
      O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
      O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
      O4 - HKLM..\Run: [SmartWatcher] C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\procmon.exe ()
      O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
      O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
      O4 - HKCU..\Run: [Bubble Dock] "C:\Users\Usuario\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found
      O4 - HKCU..\Run: [Facebook Update] C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      O4 - HKCU..\Run: [SmartWatcher] C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\procmon.exe ()
      O4 - HKCU..\Run: [Spotify] C:\Users\Usuario\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
      O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Usuario\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
      O4 - Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Usuario\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
      O1364bit: - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF6DACA-7693-4A45-A215-7A357493CE35}: DhcpNameServer = 192.168.8.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589D9DF2-6D17-4CC6-8297-83FF5E7255FA}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2012/01/16 16:01:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


      MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
      MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
      MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink)

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/10/30 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
      [2012/10/30 12:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
      [2012/10/30 12:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
      [2012/10/30 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
      [2012/10/30 12:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
      [2012/10/30 11:30:37 | 000,000,000 | ---D | C] -- C:\_OTL
      [2012/10/26 10:45:06 | 000,000,000 | ---D | C] -- C:\Windows\es
      [2012/10/26 1049 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Windows Live
      [2012/10/25 10:50:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
      [2012/10/24 16:14:55 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/10/24 15:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
      [2012/10/24 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
      [2012/10/24 14:42:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
      [2012/10/24 14:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
      [2012/10/24 14:41:59 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\TestApp
      [2012/10/24 14:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
      [2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

      ========== Files - Modified Within 30 Days ==========

      [2012/11/05 16:14:12 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/11/05 16:07:56 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/05 16:07:56 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/05 15:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/03 16:09:35 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4232750918-3550982461-2673268952-1001UA.job
      [2012/11/03 13:07:52 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4232750918-3550982461-2673268952-1001Core.job
      [2012/11/03 11:17:56 | 001,555,646 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/11/03 11:17:56 | 000,703,840 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/11/03 11:17:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/11/03 11:17:56 | 000,137,806 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/11/03 11:17:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/11/03 11:11:30 | 3054,792,704 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/02 16:37:34 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
      [2012/10/30 12:17:14 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [2012/10/30 12:07:41 | 000,001,270 | ---- | M] () -- C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
      [2012/10/30 11:30:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
      [2012/10/25 10:50:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
      [2012/10/24 15:53:54 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
      [2012/10/24 14:42:41 | 001,839,183 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
      [2012/10/24 11:57:37 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

      ========== Files Created - No Company Name ==========

      [2012/10/30 12:17:14 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      [2012/10/30 12:17:14 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [2012/10/30 12:07:41 | 000,001,270 | ---- | C] () -- C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
      [2012/10/26 10:44:52 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
      [2012/10/26 10:44:43 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
      [2012/10/26 10:44:20 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
      [2012/10/26 10:44:02 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
      [2012/10/25 16:41:12 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/10/24 16:14:55 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/10/24 16:14:55 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/10/24 16:14:55 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/10/24 15:53:54 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
      [2012/10/24 14:42:31 | 001,839,183 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
      [2012/01/16 19:00:07 | 000,000,176 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKXr
      [2012/01/16 18:58:49 | 000,000,296 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKX
      [2012/01/16 18:57:33 | 000,000,456 | ---- | C] () -- C:\ProgramData\HrZVnR8W2tZjKX
      [2011/10/11 10:15:46 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
      [2011/10/11 10:15:46 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\D8E31E0CCD.sys
      [2011/09/30 10:23:59 | 000,005,883 | ---- | C] () -- C:\Users\Usuario\.recently-used.xbel
      [2011/05/18 03:20:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
      [2011/05/18 03:19:13 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
      [2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
      [2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

      ========== ZeroAccess Check ==========

      [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

      ========== LOP Check ==========

      [2011/07/17 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Asus WebStorage
      [2011/10/10 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\coupons
      [2011/09/30 10:23:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\gtk-2.0
      [2011/07/13 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\LibreOffice
      [2012/05/26 21:36:19 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Movier
      [2012/04/27 14:45:53 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PowerCinema
      [2012/11/03 11:13:19 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Spotify
      [2012/10/24 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TestApp

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/10/24 18:25:39 | 000,002,462 | ---- | M] () -- C:\AT-Destroyer.txt
      [2012/01/16 16:01:43 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
      [2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
      [2009/07/29 07:03:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2010/11/21 18:00:24 | 000,015,352 | ---- | M] () -- C:\devlist.txt
      [2012/06/16 22:04:33 | 000,001,325 | ---- | M] () -- C:\dpi.txt
      [2012/11/03 11:11:30 | 3054,792,704 | -HS- | M] () -- C:\hiberfil.sys
      [2010/08/19 13:26:01 | 002,097,152 | ---- | M] () -- C:\K52F.BIN
      [2010/08/23 08:40:15 | 000,000,019 | ---- | M] () -- C:\K52F_K62F_WIN7.70
      [2010/05/06 03:56:33 | 002,097,152 | ---- | M] () -- C:\K62F.BIN
      [2012/11/03 11:11:31 | 4073,058,304 | -HS- | M] () -- C:\pagefile.sys
      [2006/05/13 17:22:24 | 000,000,005 | ---- | M] () -- C:\Pass.txt
      [2012/10/24 17:07:57 | 000,000,120 | ---- | M] () -- C:\prueba.txt
      [2010/08/23 08:40:15 | 000,000,012 | ---- | M] () -- C:\RECOVERY.DAT

      ========== Alternate Data Streams ==========

      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F

      < End of report >

    9. #19
      Moderador
      Avatar de @MarioL
      Registrado
      nov 2006
      Ubicación
      Málaga - España
      Mensajes
      8.819

      Re: eliminar Crownhub

      Hola.

      Perdona la demora realiza lo siguiente:



      Ejecutá OTL.exe


      Copiá y Pegá el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación

      OTL::
      DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110857&mntrId=e0e00b840000000000000026c7b826cb
      FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
      FF - prefs.js..extensions.enabledAddons: {E3D86202-CC7F-4870-8CCF-60319C0AF7BC}:1.0
      [2011/05/18 03:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Extensions
      [2012/10/25 16:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\gcs6ou9e.default\extensions
      [2012/10/30 12:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
      [2012/07/04 19:38:24 | 000,008,439 | ---- | M] () (No name found) -- C:\USERS\USUARIO\APPDATA\ROAMING\MOZILLA\FIREFOX\{E3D86202-CC7F-4870-8CCF-60319C0AF7BC}.XPI
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKCU..\Run: [Bubble Dock] "C:\Users\Usuario\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      [2012/01/16 19:00:07 | 000,000,176 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKXr
      [2012/01/16 18:58:49 | 000,000,296 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKX
      [2011/10/11 10:15:46 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
      [2011/10/11 10:15:46 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\D8E31E0CCD.sys
      [2011/09/30 10:23:59 | 000,005,883 | ---- | C] () -- C:\Users\Usuario\.recently-used.xbel
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.9.2)



      :commands
      [resethosts]
      [createrestorepoint]
      [emptyjava]
      [Reboot]
      comenta como va el ordenador y pega su reporte.
      Invy

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #20
      Usuario Avatar de adaia
      Registrado
      ene 2012
      Ubicación
      Mallorca
      Mensajes
      18

      Re: eliminar Crownhub

      Hola,

      he hecho tal como me has dicho, y el problema persiste. Aquí dejo el reporte...


      Error: Unable to interpret <OTL::> in the current context!
      Error: Unable to interpret <DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
      Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110857&mntrId=e0e00b840000000000000026c7b826cb> in the current context!
      Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"> in the current context!
      Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: {E3D86202-CC7F-4870-8CCF-60319C0AF7BC}:1.0> in the current context!
      Error: Unable to interpret <[2011/05/18 03:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Extensions> in the current context!
      Error: Unable to interpret <[2012/10/25 16:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Usuario\AppData\Roaming\mozilla\Firefox\Profiles\gcs6ou9e.default\extensions> in the current context!
      Error: Unable to interpret <[2012/10/30 12:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions> in the current context!
      Error: Unable to interpret <[2012/07/04 19:38:24 | 000,008,439 | ---- | M] () (No name found) -- C:\USERS\USUARIO\APPDATA\ROAMING\MOZILLA\FIREFOX\{E3D86202-CC7F-4870-8CCF-60319C0AF7BC}.XPI> in the current context!
      Error: Unable to interpret <O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found> in the current context!
      Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
      Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
      Error: Unable to interpret <O4 - HKCU..\Run: [Bubble Dock] "C:\Users\Usuario\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found> in the current context!
      Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
      Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
      Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context!
      Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
      Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
      Error: Unable to interpret <[2012/01/16 19:00:07 | 000,000,176 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKXr> in the current context!
      Error: Unable to interpret <[2012/01/16 18:58:49 | 000,000,296 | ---- | C] () -- C:\ProgramData\~HrZVnR8W2tZjKX> in the current context!
      Error: Unable to interpret <[2011/10/11 10:15:46 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys> in the current context!
      Error: Unable to interpret <[2011/10/11 10:15:46 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\D8E31E0CCD.sys> in the current context!
      Error: Unable to interpret <[2011/09/30 10:23:59 | 000,005,883 | ---- | C] () -- C:\Users\Usuario\.recently-used.xbel> in the current context!
      Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6> in the current context!
      Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F> in the current context!
      Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Value error.)> in the current context!
      Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)> in the current context!
      Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.9.2)> in the current context!
      ========== COMMANDS ==========
      C:\Windows\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully
      Restore point Set: OTL Restore Point

      [EMPTYJAVA]

      User: All Users

      User: Default

      User: Default User

      User: Public

      User: Usuario
      ->Java cache emptied: 0 bytes

      Total Java Files Cleaned = 0,00 mb


      OTL by OldTimer - Version 3.2.69.0 log created on 11082012_160742