• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 11

    virus i4del0.exe

    Hola, resulta que llevo ya unos meses que cada vez que cierro el programa de descargas Vuze o ejecuto un torrent me salta el avast diciendo que hay un archivo que no sabe si es ...

    1. #1
      Usuario Avatar de vickers
      Registrado
      jul 2012
      Ubicación
      Valencia
      Mensajes
      11

      Molesto virus i4del0.exe

      Hola, resulta que llevo ya unos meses que cada vez que cierro el programa de descargas Vuze o ejecuto un torrent me salta el avast diciendo que hay un archivo que no sabe si es un virus, casi siempre es el archivo i4del0.exe , pero otras veces aparece como i4del1.exe. El caso es que voy siempre a la carpeta temp que es donde se supone que esta, y no encuentro ni la carpeta ni el archivo en cuestion. Me podeis ayudar? otro problema que tengo es que el ordenador me va bastante mas lento que antes, y hay veces que se queda como enganchado. No se si estará todo relacionado o son por causas diferentes, el caso es que he pasado varias veces el antivirus y no detecta nada. Gracias y un saludo.

      Os pongo una foto de lo que me dice Avast:
      http://s3.subirimagenes.com:81/otros/previo/thump_8099232virus.jpg
      Última edición por vickers fecha: 03/11/12 a las 12:45:27

    2. #2
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      re: virus i4del0.exe

      Buenas



      Atención importante:

      Realiza el siguiente procedimiento respetando el orden de los pasos. A su ves lee los manuales de las herramientas que te recomendamos. Si un paso resulta imposible realizar continua con el siguiente.


      Paso.- 1
      Descarga Actualiza y Ejecuta en Modo Completo MalwareBytes-anti malware (leer manual) Manda a cuarentena lo detectado por MalwareBytes para luego poder eliminarlo, apretando en el botón quitar seleccionado.luego de reiniciar la pc en la pestaña registros abri el log para copiar y pegar en este tema.
      Paso.- 2
      Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
      Paso.-3

      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.Comentando como esta funcionado tu sistema.



      Saludos
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de vickers
      Registrado
      jul 2012
      Ubicación
      Valencia
      Mensajes
      11

      re: virus i4del0.exe

      Malwarebytes Anti-Malware (Versión de Prueba) 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.03.07

      Windows 7 x86 NTFS
      Internet Explorer 9.0.8112.16421
      Víctor :: VÍCTOR-PC [administrador]

      Protección: Habilitado

      03/11/2012 19:56:25
      mbam-log-2012-11-03 (19-56-25).txt

      Tipos de Análisis: Análisis Completo (C:\|D:\|G:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 482087
      Tiempo transcurrido: 1 hora(s), 31 minuto(s), 7 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 3
      HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> En cuarentena y eliminado con éxito.
      HKCU\Software\GabPath (Adware.Adparatus) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\QuestResult (Adware.QuestResult) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 2
      HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Malo: (yousearchdirect.com) Bueno: (Google) -> En cuarentena y reparado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Malo: (yousearchdirect.com) Bueno: (Google) -> En cuarentena y reparado con éxito.

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 6
      G:\_-VICTOR-_\PROGRAMAS\installer_satellite_tv_on_my_pc_1_0_Español_Spanish.exe (PUP.SmsPay.pns) -> En cuarentena y eliminado con éxito.
      G:\_-VICTOR-_\PROGRAMAS\Winrarkeygen-byguigal182.exe (Malware.Packer.Gen) -> En cuarentena y eliminado con éxito.
      G:\_-VICTOR-_\DescargasCHROME\JDownloader.exe (Trojan.Toggle) -> En cuarentena y eliminado con éxito.
      G:\_-VICTOR-_\DescargasCHROME\SoftonicDownloader_para_msn-messenger-polygamy.exe (PUP.OfferBundler.ST) -> En cuarentena y eliminado con éxito.
      G:\_-VICTOR-_\DescargasCHROME\SoftonicDownloader_para_daemon-tools.exe (PUP.OfferBundler.ST) -> En cuarentena y eliminado con éxito.
      G:\_-VICTOR-_\DescargasCHROME\Alshow.exe (PUP.AdBundler) -> En cuarentena y eliminado con éxito.

      fin)

    4. #4
      Usuario Avatar de vickers
      Registrado
      jul 2012
      Ubicación
      Valencia
      Mensajes
      11

      re: virus i4del0.exe

      Me sigue apareciendo el mensaje de avasta con el archivo i4jdel0.exe, solo aparece cuando cierro vuze. te copio lo de combofix



      ComboFix 12-10-17.05 - Víctor 04/11/2012 1:07.2.2 - x86
      Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.3317.1955 [GMT 1:00]
      Running from: c:\users\VÝctor\Desktop\ComboFix.exe
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-04 00:17 . 2012-11-04 00:17 -------- d-----w- c:\users\Public\AppData\Local\temp
      2012-11-04 00:17 . 2012-11-04 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-11-03 13:44 . 2012-11-03 13:44 -------- d-----w- c:\users\Víctor\AppData\Local\{C6ADB410-2847-48E9-8C21-2DA70C45A1AD}
      2012-11-02 09:51 . 2012-11-02 09:51 -------- d-----w- c:\users\Víctor\AppData\Local\{07A4717E-4471-4052-A322-7294F9D4ADBD}
      2012-11-01 12:10 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
      2012-11-01 12:04 . 2012-11-01 12:04 -------- d-----w- c:\users\Víctor\AppData\Local\{62EF7697-CC83-43D0-9F86-2B0BF9E01146}
      2012-10-31 11:50 . 2012-10-31 11:50 -------- d-----w- c:\users\Víctor\AppData\Local\{25586246-1968-4CFA-9299-2AA832383BF0}
      2012-10-31 10:29 . 2012-10-31 10:29 -------- d-----w- c:\users\Víctor\AppData\Local\{6173E011-1B97-42EF-B594-CDD85146A789}
      2012-10-30 20:35 . 2012-10-30 20:35 -------- d-----w- c:\users\Víctor\AppData\Local\{38CF462A-7754-4748-BDAC-86CCF33FDD99}
      2012-10-29 09:46 . 2012-10-29 21:47 -------- d-----w- c:\users\Víctor\AppData\Local\{A9895DFC-D97C-4A0E-8857-7F735274DE03}
      2012-10-28 11:00 . 2012-10-28 11:00 -------- d-----w- c:\users\Víctor\AppData\Local\{874C14CD-390B-47D7-983D-36D1084F19F6}
      2012-10-27 22:59 . 2012-10-27 22:59 -------- d-----w- c:\users\Víctor\AppData\Local\{DD274030-E77D-49BE-AE51-5976DD6477C8}
      2012-10-27 10:58 . 2012-10-27 10:59 -------- d-----w- c:\users\Víctor\AppData\Local\{9AA167AC-642B-404C-8E80-32FD0EADC9FE}
      2012-10-26 18:14 . 2012-10-26 18:15 -------- d-----w- c:\users\Víctor\AppData\Local\{03F98DD0-DA2A-44BE-91A5-9DBB5BA48FCF}
      2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\users\Víctor\AppData\Local\{4590EFD1-59CE-48CB-95FD-8ECF8F7380A6}
      2012-10-24 09:26 . 2012-10-24 21:27 -------- d-----w- c:\users\Víctor\AppData\Local\{F0FFCFD1-B49B-4574-B24D-B9F35689DFBC}
      2012-10-23 21:11 . 2012-10-23 21:11 -------- d-----w- c:\users\Víctor\AppData\Local\{7913D00A-9B7D-41AE-8E6D-D67DE31AD7D2}
      2012-10-22 09:06 . 2012-10-22 09:07 -------- d-----w- c:\users\Víctor\AppData\Local\{FE1B96B6-8A47-4E69-9001-F50C60B63278}
      2012-10-21 10:40 . 2012-10-24 09:51 -------- d-----w- c:\program files\GoforFiles
      2012-10-21 10:40 . 2012-10-21 10:40 -------- d-----w- c:\users\Víctor\AppData\Roaming\GoforFiles
      2012-10-21 10:19 . 2012-10-21 10:19 -------- d-----w- c:\users\Víctor\AppData\Local\{BCE6FEF0-2AA1-410D-A009-BE2517849E24}
      2012-10-20 01:35 . 2012-10-20 01:36 -------- d-----w- c:\users\Víctor\AppData\Local\{53EACA60-FC7D-4F1D-87BB-D8168A41B305}
      2012-10-19 12:36 . 2012-10-19 12:36 -------- d-----w- c:\users\Víctor\AppData\Local\{404B9852-8234-4AC0-9327-F7402E1087A9}
      2012-10-18 23:51 . 2012-10-18 23:51 -------- d-----w- c:\users\Víctor\AppData\Local\{7BCC81FE-7AE9-47CC-BD5A-A456FC1E339F}
      2012-10-18 11:50 . 2012-10-18 11:51 -------- d-----w- c:\users\Víctor\AppData\Local\{6A35CD49-EDFF-409B-B1D9-DEB8E1C0FA96}
      2012-10-17 21:43 . 2012-10-17 21:44 -------- d-----w- c:\users\Víctor\AppData\Local\{69DCB5B9-8952-4148-ABFA-C96E84D2F70B}
      2012-10-17 09:42 . 2012-10-17 09:43 -------- d-----w- c:\users\Víctor\AppData\Local\{6B508DCB-DB2C-4EB6-B69F-00ECE55273CB}
      2012-10-16 11:46 . 2012-10-16 11:47 -------- d-----w- c:\users\Víctor\AppData\Local\{C1961020-85BD-4DD4-B655-F6AFC767F033}
      2012-10-15 18:33 . 2012-10-15 18:33 -------- d-----w- c:\users\Víctor\AppData\Local\{2AC659A2-7CB4-4B63-8376-5E96D82CBE0B}
      2012-10-15 08:57 . 2012-10-15 08:57 -------- d-----w- c:\users\Víctor\AppData\Local\{4B8BB2E4-C237-4E30-BAEA-6421FA6643B3}
      2012-10-14 10:21 . 2012-10-14 10:21 -------- d-----w- c:\users\Víctor\AppData\Local\{F33BC765-351A-49E6-AFDF-425DB7D244C0}
      2012-10-13 10:42 . 2012-10-13 10:42 -------- d-----w- c:\users\Víctor\AppData\Local\{B63D161B-9E93-4A1C-A595-6B72DD89F8A7}
      2012-10-12 10:09 . 2012-10-12 10:10 -------- d-----w- c:\users\Víctor\AppData\Local\{5D08C6BC-781B-429C-B263-E01927CB9537}
      2012-10-11 21:21 . 2012-10-11 21:22 -------- d-----w- c:\users\Víctor\AppData\Local\{DCFE3922-BCD9-4B6A-9249-C71E356DA4F2}
      2012-10-11 09:21 . 2012-10-11 09:21 -------- d-----w- c:\users\Víctor\AppData\Local\{BEB8DC60-BBC9-44AC-983B-6C56E28B628E}
      2012-10-10 21:20 . 2012-10-10 21:21 -------- d-----w- c:\users\Víctor\AppData\Local\{E6CBD2BB-3243-4283-B3C3-381451B5BEC2}
      2012-10-10 20:52 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll
      2012-10-10 20:52 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll
      2012-10-10 20:52 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
      2012-10-10 20:51 . 2012-09-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-10-10 20:51 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
      2012-10-10 20:51 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll
      2012-10-10 20:51 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-10-10 20:51 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-10-10 09:20 . 2012-10-10 09:20 -------- d-----w- c:\users\Víctor\AppData\Local\{5136A92A-9754-40A6-8FE9-5E181C72171A}
      2012-10-09 10:55 . 2012-10-09 10:55 -------- d-----w- c:\users\Víctor\AppData\Local\{8A03AEF9-F2DA-4285-9E3A-F3E4E7223620}
      2012-10-08 22:54 . 2012-10-08 22:54 -------- d-----w- c:\users\Víctor\AppData\Local\{7F81D754-00A2-4631-8000-506E3EE5451F}
      2012-10-08 09:48 . 2012-10-08 09:48 -------- d-----w- c:\users\Víctor\AppData\Local\{59AC4499-F091-4D3E-B533-4C72CDCED62A}
      2012-10-07 12:00 . 2012-10-07 12:00 -------- d-----w- c:\users\Víctor\AppData\Local\{F0596982-CB69-4C93-B50C-F9FBCF7133EB}
      2012-10-06 23:59 . 2012-10-07 00:00 -------- d-----w- c:\users\Víctor\AppData\Local\{5656D791-E455-454E-8452-F680A0213268}
      2012-10-06 11:58 . 2012-10-06 11:58 -------- d-----w- c:\users\Víctor\AppData\Local\{2C96D3F0-3F8E-4A31-ABBD-B1F1A7B488B3}
      2012-10-05 11:53 . 2012-10-05 11:53 -------- d-----w- c:\users\Víctor\AppData\Local\{1FEF0139-2E5E-4756-B9FB-0E2C07C42761}
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-03 16:57 . 2012-05-01 10:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-11-03 16:57 . 2011-05-22 11:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-30 20:45 . 2011-10-22 23:16 13824 ----a-w- c:\windows\system32\slwga.dll
      2012-10-30 20:45 . 2010-08-01 15:36 409088 ----a-w- c:\windows\system32\systemcpl.dll
      2012-10-30 20:45 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
      2012-09-29 18:54 . 2011-02-16 12:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-08-24 06:59 . 2012-09-23 00:49 1800704 ----a-w- c:\windows\system32\jscript9.dll
      2012-08-24 06:51 . 2012-09-23 00:49 1129472 ----a-w- c:\windows\system32\wininet.dll
      2012-08-24 06:51 . 2012-09-23 00:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-08-24 06:47 . 2012-09-23 00:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
      2012-08-24 06:47 . 2012-09-23 00:49 420864 ----a-w- c:\windows\system32\vbscript.dll
      2012-08-24 06:43 . 2012-09-23 00:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
      2012-08-21 11:01 . 2012-09-22 20:02 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
      2012-08-21 11:01 . 2010-12-17 19:58 106928 ----a-w- c:\windows\system32\GEARAspi.dll
      2012-08-21 09:13 . 2011-09-16 11:34 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2012-08-21 09:13 . 2011-09-16 11:34 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2012-08-21 09:13 . 2011-09-16 11:34 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2012-08-21 09:13 . 2012-02-25 20:41 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
      2012-08-21 09:13 . 2011-09-16 11:34 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2012-08-21 09:13 . 2011-09-16 11:34 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2012-08-21 09:12 . 2011-09-16 11:33 41224 ----a-w- c:\windows\avastSS.scr
      2012-08-21 09:12 . 2011-09-16 11:33 227648 ----a-w- c:\windows\system32\aswBoot.exe
      2012-07-19 10:12 . 2011-09-16 11:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [-] 2012-10-30 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
      [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
      [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\user32.dll
      [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
      .
      [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
      2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
      .
      [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-02-14 22:58 94208 ----a-w- c:\users\Víctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-02-14 22:58 94208 ----a-w- c:\users\Víctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-02-14 22:58 94208 ----a-w- c:\users\Víctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
      "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
      "ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
      "Azureus"="c:\program files\Vuze\Azureus.exe" [2012-08-17 271840]
      "Facebook Update"="c:\users\Víctor\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
      "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
      "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
      "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
      "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
      "RemoteX"="c:\program files\RemoteX\RemoteXUser.exe" [2011-02-14 185344]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
      "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-26 296096]
      .
      c:\users\Víctor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\Víctor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
      HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux7"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKLM\~\startupfolder\C:^Users^Víctor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.exe - Acceso directo.lnk]
      path=c:\users\Víctor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.exe - Acceso directo.lnk
      backup=c:\windows\pss\JDownloader.exe - Acceso directo.lnk.Startup
      backupExtension=.Startup
      .
      R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
      R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
      R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
      R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x]
      R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
      R3 ovt530;Hercules Deluxe Webcam;c:\windows\system32\Drivers\ov530vid.sys [x]
      S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
      S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
      S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
      S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
      S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [x]
      S3 L1C;Controlador de minipuerto NDIS para controladora Ethernet Atheros AR8131/AR8132 PCI-E (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      HPService REG_MULTI_SZ HPSLPSVC
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 16:57]
      .
      2012-11-04 c:\windows\Tasks\HP Photo Creations Communicator.job
      - c:\programdata\HP Photo Creations\MessageCheck.exe [2012-04-25 17:36]
      .
      2012-09-29 c:\windows\Tasks\One-Click Tweak.job
      - c:\program files\Advanced PC Tweaker\OneClick.exe [2011-08-06 09:14]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Bar = hxxp://www.google.com
      uInternet Settings,ProxyOverride = *.local
      IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
      TCP: Interfaces\{2251A09D-B283-4160-B763-E1306C844500}: NameServer = 62.42.63.52,62.42.230.24
      FF - ProfilePath - c:\users\Víctor\AppData\Roaming\Mozilla\Firefox\Profiles\5ygfk5gu.default\
      FF - prefs.js: browser.search.selectedEngine - Google Search
      FF - prefs.js: browser.startup.homepage - hxxp://google.com
      FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
      FF - prefs.js: network.proxy.type - 0
      FF - ExtSQL: 2012-09-26 23:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
      FF - ExtSQL: !HIDDEN! 2011-08-01 20:38; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
      FF - user.js: extensions.incredibar_i.newTab - false
      FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8zNWdYdr&loc=IB_TB&i=26&search=
      FF - user.js: extensions.incredibar_i.id - 9c3b48c80000000000006cf0495c5f7e
      FF - user.js: extensions.incredibar_i.instlDay - 15543
      FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
      FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
      FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:56
      FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
      FF - user.js: extensions.incredibar_i.prdct - incredibar
      FF - user.js: extensions.incredibar_i.aflt - orgnl
      FF - user.js: extensions.incredibar_i.smplGrp - none
      FF - user.js: extensions.incredibar_i.tlbrId - base
      FF - user.js: extensions.incredibar_i.instlRef -
      FF - user.js: extensions.incredibar_i.dfltLng -
      FF - user.js: extensions.incredibar_i.excTlbr - false
      FF - user.js: extensions.incredibar_i.ms_url_id -
      FF - user.js: extensions.incredibar_i.upn2 - 6R8zNWdYdr
      FF - user.js: extensions.incredibar_i.upn2n - 92824751549541897
      FF - user.js: extensions.incredibar_i.productid - 26
      FF - user.js: extensions.incredibar_i.installerproductid - 26
      FF - user.js: extensions.incredibar_i.did - 10662
      FF - user.js: extensions.incredibar_i.ppd -
      .
      - - - - ORPHANS REMOVED - - - -
      .
      HKCU-Run-JumiController - (no file)
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(1540)
      c:\users\Víctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      Completion time: 2012-11-04 01:27:36
      ComboFix-quarantined-files.txt 2012-11-04 00:27
      ComboFix2.txt 2011-02-15 06:44
      .
      Pre-Run: 19.432.030.208 bytes libres
      Post-Run: 19.231.240.192 bytes libres
      .
      - - End Of File - - 65C0E31DE570E9206F84AC23B9C07726

    5. #5
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      re: virus i4del0.exe

      Buenas.-



      Descargá OTL By OldTimer a Tu escritorio

      Ejecutá OTL

      • Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
      • Dejalo correr sin interrumpirlo hasta que termine el Análisis.
      • Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
      • Marcá las opciones: Buscar LOP y Buscar Purity.
      • Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presioná el boton .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
      • Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.




      Nos traes el reporte de OTL.


      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de vickers
      Registrado
      jul 2012
      Ubicación
      Valencia
      Mensajes
      11

      re: virus i4del0.exe

      OTL logfile created on: 04/11/2012 11:55:37 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Víctor\Desktop
      Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3,24 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 59,46% Memory free
      6,48 Gb Paging File | 5,15 Gb Available in Paging File | 79,51% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 97,65 Gb Total Space | 17,83 Gb Free Space | 18,26% Space Free | Partition Type: NTFS
      Drive D: | 368,10 Gb Total Space | 111,95 Gb Free Space | 30,41% Space Free | Partition Type: NTFS
      Drive G: | 465,65 Gb Total Space | 133,20 Gb Free Space | 28,61% Space Free | Partition Type: FAT32

      Computer Name: VÍCTOR-PC | User Name: Víctor | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Víctor\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
      PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
      PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
      PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
      PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      PRC - C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
      PRC - C:\Users\Víctor\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      PRC - C:\Users\Víctor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
      PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
      PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Program Files\RemoteX\RemoteX.exe (PEEPLEware)
      PRC - C:\Program Files\RemoteX\RemoteXUser.exe (PEEPLEware)
      PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
      PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
      PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
      PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
      PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
      PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
      PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
      PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
      PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll ()
      MOD - C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll ()
      MOD - C:\Program Files\Vuze\aereg.dll ()
      MOD - C:\Users\Víctor\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll ()
      MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
      MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
      MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
      MOD - C:\Program Files\RemoteX\modules\computer.dll ()
      MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
      MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll ()
      MOD - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
      MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll ()
      MOD - C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ()


      ========== Services (SafeList) ==========

      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
      SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
      SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
      SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
      SRV - (__RemoteX__) -- C:\Program Files\RemoteX\RemoteX.exe (PEEPLEware)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (catchme) -- C:\Users\VCTOR~1\AppData\Local\Temp\catchme.sys File not found
      DRV - (aso0z5wr) -- File not found
      DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
      DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
      DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
      DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
      DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
      DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
      DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
      DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
      DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
      DRV - (jumi) -- C:\Windows\System32\drivers\jumi.sys (Windows (R) Win 7 DDK provider)
      DRV - (HTCAND32) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
      DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
      DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
      DRV - (ovt530) -- C:\Windows\System32\drivers\ov530vid.sys (OmniVision Technologies, Inc.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
      IE - HKLM\..\SearchScopes,DefaultScope = {7E3B7B7F-FC23-480B-8161-E3BB2269BB8E}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{7E3B7B7F-FC23-480B-8161-E3BB2269BB8E}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 1E E1 0A BB E1 CB 01 [binary data]
      IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
      IE - HKCU\..\SearchScopes\{0EFF7763-26B5-42AE-87A5-88E3CD5527FF}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKCU\..\SearchScopes\{7E3B7B7F-FC23-480B-8161-E3BB2269BB8E}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
      IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb164/?search={searchTerms}&loc=IB_DS&a=6R8zNWdYdr&i=26
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Google Search"
      FF - prefs.js..browser.search.selectedEngine: "Google Search"
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5
      FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
      FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.15.1.0
      FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
      FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="
      FF - prefs.js..network.proxy.no_proxies_on: "*.local"
      FF - prefs.js..network.proxy.type: 0


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Víctor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Víctor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Víctor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Víctor\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/01 19:38:33 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/26 22:51:08 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/26 22:51:08 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/23 22:32:27 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/26 22:51:08 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/26 22:51:03 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/01 19:38:33 | 000,000,000 | ---D | M]

      [2011/09/16 12:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Víctor\AppData\Roaming\mozilla\Extensions
      [2012/09/09 23:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Víctor\AppData\Roaming\mozilla\Firefox\Profiles\5ygfk5gu.default\extensions
      [2012/09/09 23:32:27 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Víctor\AppData\Roaming\mozilla\Firefox\Profiles\5ygfk5gu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
      [2012/07/22 23:56:53 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Víctor\AppData\Roaming\mozilla\Firefox\Profiles\5ygfk5gu.default\extensions\[email protected]
      [2012/07/22 23:56:30 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Víctor\AppData\Roaming\mozilla\Firefox\Profiles\5ygfk5gu.default\extensions\[email protected]
      [2012/06/03 18:22:17 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\Víctor\AppData\Roaming\mozilla\firefox\profiles\5ygfk5gu.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
      [2012/07/19 11:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
      [2012/08/23 22:32:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
      [2012/09/26 22:51:08 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
      File not found (No name found) -- C:\USERS\VÃ*CTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YGFK5GU.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
      File not found (No name found) -- C:\USERS\VÃ*CTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YGFK5GU.DEFAULT\EXTENSIONS\[email protected]
      File not found (No name found) -- C:\USERS\VÃ*CTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5YGFK5GU.DEFAULT\EXTENSIONS\[email protected]
      [2012/07/19 11:12:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2012/07/19 11:12:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/07/19 11:12:25 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/07/19 11:12:25 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2011/04/23 16:07:23 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
      [2012/07/19 11:12:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      [2012/07/19 11:12:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/07/19 11:12:25 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: Google
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
      CHR - homepage: Google
      CHR - plugin: Shockwave Flash (Disabled) = C:\Users\V\u00EDctor\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\V\u00EDctor\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\V\u00EDctor\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
      CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\V\u00EDctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\plugin/blackfishietab.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
      CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
      CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
      CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
      CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
      CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
      CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
      CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
      CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
      CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
      CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\V\u00EDctor\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\V\u00EDctor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
      CHR - Extension: Angry Birds = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
      CHR - Extension: YouTube = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: Monster Dash = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: Comunio - SuperPlayer = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hajpojmkhpoalcemaccbjdpoafoacgem\0.7.8_0\
      CHR - Extension: IE Tab = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
      CHR - Extension: Florencio Zavala (Studio One) = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojjdmbffpjcdoepohlinbdflgkpmkmc\2_0\
      CHR - Extension: avast! WebRep = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
      CHR - Extension: Comunio - SCRIPT - Beta = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmdgafbgaflldlmfnpiilffjhmoopmi\3.4.3_0\
      CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
      CHR - Extension: Cuevana Stream = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\4.4_0\
      CHR - Extension: La gravedad del pato = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.3.0_0\
      CHR - Extension: Google Maps = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
      CHR - Extension: Gmail = C:\Users\Víctor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      Hosts file not found
      O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
      O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
      O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
      O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
      O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
      O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Barra Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
      O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
      O4 - HKLM..\Run: [RemoteX] C:\Program Files\RemoteX\RemoteXUser.exe (PEEPLEware)
      O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
      O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
      O4 - HKCU..\Run: [Azureus] C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
      O4 - HKCU..\Run: [Facebook Update] C:\Users\Víctor\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
      O4 - Startup: C:\Users\Víctor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Víctor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
      O9 - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2251A09D-B283-4160-B763-E1306C844500}: NameServer = 62.42.63.52,62.42.230.24
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = ComFile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/04 11:52:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Víctor\Desktop\OTL.exe
      [2012/11/04 01:27:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
      [2012/11/04 00:59:39 | 004,982,045 | R--- | C] (Swearware) -- C:\Users\Víctor\Desktop\ComboFix.exe
      [2012/11/03 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{C6ADB410-2847-48E9-8C21-2DA70C45A1AD}
      [2012/11/02 10:51:14 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{07A4717E-4471-4052-A322-7294F9D4ADBD}
      [2012/11/01 13:04:36 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{62EF7697-CC83-43D0-9F86-2B0BF9E01146}
      [2012/10/31 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{25586246-1968-4CFA-9299-2AA832383BF0}
      [2012/10/31 11:29:06 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{6173E011-1B97-42EF-B594-CDD85146A789}
      [2012/10/30 21:35:02 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{38CF462A-7754-4748-BDAC-86CCF33FDD99}
      [2012/10/29 10:46:54 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{A9895DFC-D97C-4A0E-8857-7F735274DE03}
      [2012/10/28 12:00:10 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{874C14CD-390B-47D7-983D-36D1084F19F6}
      [2012/10/27 23:59:23 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{DD274030-E77D-49BE-AE51-5976DD6477C8}
      [2012/10/27 11:58:45 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{9AA167AC-642B-404C-8E80-32FD0EADC9FE}
      [2012/10/26 19:14:54 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{03F98DD0-DA2A-44BE-91A5-9DBB5BA48FCF}
      [2012/10/26 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{4590EFD1-59CE-48CB-95FD-8ECF8F7380A6}
      [2012/10/24 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{F0FFCFD1-B49B-4574-B24D-B9F35689DFBC}
      [2012/10/23 22:11:18 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{7913D00A-9B7D-41AE-8E6D-D67DE31AD7D2}
      [2012/10/22 10:06:44 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{FE1B96B6-8A47-4E69-9001-F50C60B63278}
      [2012/10/21 11:49:57 | 000,000,000 | R--D | C] -- C:\Users\Víctor\Desktop\F2F Intermediate [www.crazy-eng.com]
      [2012/10/21 11:40:00 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Roaming\GoforFiles
      [2012/10/21 11:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\GoforFiles
      [2012/10/21 11:19:26 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{BCE6FEF0-2AA1-410D-A009-BE2517849E24}
      [2012/10/20 02:35:55 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{53EACA60-FC7D-4F1D-87BB-D8168A41B305}
      [2012/10/19 13:36:11 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{404B9852-8234-4AC0-9327-F7402E1087A9}
      [2012/10/19 00:51:21 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{7BCC81FE-7AE9-47CC-BD5A-A456FC1E339F}
      [2012/10/18 12:50:44 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{6A35CD49-EDFF-409B-B1D9-DEB8E1C0FA96}
      [2012/10/17 22:43:42 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{69DCB5B9-8952-4148-ABFA-C96E84D2F70B}
      [2012/10/17 10:42:48 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{6B508DCB-DB2C-4EB6-B69F-00ECE55273CB}
      [2012/10/16 12:46:41 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{C1961020-85BD-4DD4-B655-F6AFC767F033}
      [2012/10/15 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{2AC659A2-7CB4-4B63-8376-5E96D82CBE0B}
      [2012/10/15 09:57:10 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{4B8BB2E4-C237-4E30-BAEA-6421FA6643B3}
      [2012/10/14 11:21:36 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{F33BC765-351A-49E6-AFDF-425DB7D244C0}
      [2012/10/13 11:42:35 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{B63D161B-9E93-4A1C-A595-6B72DD89F8A7}
      [2012/10/12 11:09:59 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{5D08C6BC-781B-429C-B263-E01927CB9537}
      [2012/10/11 22:21:52 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{DCFE3922-BCD9-4B6A-9249-C71E356DA4F2}
      [2012/10/11 10:21:16 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{BEB8DC60-BBC9-44AC-983B-6C56E28B628E}
      [2012/10/10 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{E6CBD2BB-3243-4283-B3C3-381451B5BEC2}
      [2012/10/10 10:20:05 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{5136A92A-9754-40A6-8FE9-5E181C72171A}
      [2012/10/09 11:55:06 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{8A03AEF9-F2DA-4285-9E3A-F3E4E7223620}
      [2012/10/08 23:54:41 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{7F81D754-00A2-4631-8000-506E3EE5451F}
      [2012/10/08 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{59AC4499-F091-4D3E-B533-4C72CDCED62A}
      [2012/10/07 13:00:30 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{F0596982-CB69-4C93-B50C-F9FBCF7133EB}
      [2012/10/07 00:59:54 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{5656D791-E455-454E-8452-F680A0213268}
      [2012/10/06 12:58:27 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{2C96D3F0-3F8E-4A31-ABBD-B1F1A7B488B3}
      [2012/10/05 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\Víctor\AppData\Local\{1FEF0139-2E5E-4756-B9FB-0E2C07C42761}

      ========== Files - Modified Within 30 Days ==========

      [2012/11/04 11:59:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
      [2012/11/04 11:52:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Víctor\Desktop\OTL.exe
      [2012/11/04 11:41:07 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/11/04 11:41:07 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/11/04 11:41:07 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/11/04 11:41:07 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/11/04 11:34:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/04 11:34:25 | 2608,979,968 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/04 02:23:40 | 000,013,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/04 02:23:40 | 000,013,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/04 02:23:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/11/04 01:31:48 | 000,413,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2012/11/04 00:59:40 | 004,982,045 | R--- | M] (Swearware) -- C:\Users\Víctor\Desktop\ComboFix.exe
      [2012/11/04 00:57:03 | 000,179,752 | ---- | M] () -- C:\Users\Víctor\Desktop\cc_20121104_005635.reg
      [2012/11/04 00:55:15 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2012/11/03 21:09:58 | 000,036,252 | ---- | M] () -- C:\Users\Víctor\Desktop\Fringe.5x05.HDTV.Xvid.Mp3.[4].[SBT].srt
      [2012/11/03 19:54:14 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/03 17:33:06 | 000,050,599 | ---- | M] () -- C:\Users\Víctor\Desktop\virus.jpg
      [2012/10/22 23:32:05 | 209,859,604 | ---- | M] () -- C:\Users\Víctor\Desktop\LOS MEJOR MICHAEL JACKSON.rar
      [2012/10/22 22:42:06 | 197,681,934 | ---- | M] () -- C:\Users\Víctor\Desktop\Elvis_Presley_-_The_50_Greatest_Hits.rar
      [2012/10/21 17:14:21 | 332,990,529 | ---- | M] () -- C:\Users\Víctor\Desktop\huckleberry_mfs_librivox.zip
      [2012/10/21 1722 | 195,068,223 | ---- | M] () -- C:\Users\Víctor\Desktop\tom_sawyer_librivox_64kb_mp3.zip

      ========== Files Created - No Company Name ==========

      [2012/11/04 00:56:42 | 000,179,752 | ---- | C] () -- C:\Users\Víctor\Desktop\cc_20121104_005635.reg
      [2012/11/03 2102 | 000,036,252 | ---- | C] () -- C:\Users\Víctor\Desktop\Fringe.5x05.HDTV.Xvid.Mp3.[4].[SBT].srt
      [2012/11/03 19:54:14 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/03 17:33:06 | 000,050,599 | ---- | C] () -- C:\Users\Víctor\Desktop\virus.jpg
      [2012/10/22 22:23:05 | 209,859,604 | ---- | C] () -- C:\Users\Víctor\Desktop\LOS MEJOR MICHAEL JACKSON.rar
      [2012/10/22 22:20:07 | 197,681,934 | ---- | C] () -- C:\Users\Víctor\Desktop\Elvis_Presley_-_The_50_Greatest_Hits.rar
      [2012/10/21 17:00:04 | 195,068,223 | ---- | C] () -- C:\Users\Víctor\Desktop\tom_sawyer_librivox_64kb_mp3.zip
      [2012/10/21 16:56:59 | 332,990,529 | ---- | C] () -- C:\Users\Víctor\Desktop\huckleberry_mfs_librivox.zip
      [2012/07/24 10:03:49 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/07/23 00:15:46 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
      [2012/07/23 00:15:46 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
      [2012/07/23 00:15:46 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
      [2012/07/23 00:15:36 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
      [2012/07/22 21:15:14 | 000,000,040 | ---- | C] () -- C:\Users\Víctor\AppData\Roaming\cdr.ini
      [2012/02/04 18:31:37 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
      [2011/12/31 17:32:00 | 000,000,600 | ---- | C] () -- C:\Users\Víctor\AppData\Roaming\winscp.rnd
      [2011/12/08 13:15:05 | 000,037,336 | ---- | C] () -- C:\Users\Víctor\AppData\Roaming\Valores separados por comas (DOS).ADR
      [2011/08/01 19:35:09 | 000,217,086 | ---- | C] () -- C:\Windows\hpoins47.dat
      [2011/08/01 19:35:08 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
      [2011/02/15 07:36:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
      [2011/02/15 07:36:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
      [2011/02/15 07:36:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
      [2011/02/15 07:36:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
      [2011/02/15 07:36:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
      [2011/01/07 20:52:30 | 000,206,492 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
      [2011/01/07 20:52:30 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
      [2010/11/14 16:05:32 | 000,000,072 | ---- | C] () -- C:\Windows\MSYS.INI
      [2010/07/15 15:15:22 | 000,000,209 | ---- | C] () -- C:\Users\Víctor\AppData\Roaming\default.rss

      ========== ZeroAccess Check ==========

      [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2011/12/08 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\4Team
      [2012/11/04 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Azureus
      [2010/10/27 20:24:06 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Bump Technologies, Inc
      [2012/07/24 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\DAEMON Tools Lite
      [2010/06/26 20:51:12 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\DMCache
      [2012/11/04 11:35:35 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Dropbox
      [2010/11/05 18:47:33 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Easy Macro Recorder
      [2012/05/27 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\f2fPreIntermediate
      [2012/09/22 15:59:34 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\FileZilla
      [2010/11/25 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Flexsim4
      [2012/07/22 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\FreeAudioPack
      [2012/08/21 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\FreeVideoConverter
      [2011/11/10 22:38:16 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Garmin
      [2012/10/21 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\GoforFiles
      [2010/11/13 20:17:20 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Mael
      [2011/12/27 15:56:59 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\redsn0w
      [2011/05/21 17:25:02 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Sports Interactive
      [2010/06/17 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Teleca
      [2012/05/08 23:07:59 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\uTorrent
      [2012/04/25 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\Visan
      [2011/11/12 13:31:18 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\VOWSoft
      [2012/10/01 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\Víctor\AppData\Roaming\YourFileDownloader

      ========== Purity Check ==========



      < End of report >

    7. #7
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      re: virus i4del0.exe

      Buenas.


      Es un por la ubicación, nombre y estructurara, tiene le mismo comportamiento que un malware, por este motivo es detectado por el modulo heuristico de Avast. o Le cambias la configuración para que lo ignore, o eliminas Vuze.


      Nos cuentas
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de vickers
      Registrado
      jul 2012
      Ubicación
      Valencia
      Mensajes
      11

      Re: virus i4del0.exe

      entonces no es malware? es q parece que cuando le digo q finalice el proceso,se arranca otro proceso con casi el mismo nombre i4del1.exe, entonces lo q me recomendais es decirle a avast que no es malware no?

    9. #9
      Usuario Avatar de vickers
      Registrado
      jul 2012
      Ubicación
      Valencia
      Mensajes
      11

      Re: virus i4del0.exe

      y una duda, que funcion se supone que realiza dicho archivo? ya que si se comporta como malware, hace lo mismo que el malware?

    10. #10
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: virus i4del0.exe

      Buenas.


      Ni idea que función cumple y que tenga el mismo comportamiento no significa que sea malware. Lo que podes hacer es eliminar los programas que te lo generan o cambiar la configuración de Avast!

      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo