• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 25

    Malware "Tutoriales100_AR_3-1.0" (Solucionado)

    Resumen del tema: Malware "Tutoriales100_AR_3-1.0" (Solucionado) - OTL logfile created on: 12/11/2012 03:22:35 a.m. - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00002c0a | ...

      
    1. #11
      Usuario Avatar de damian_3489
      Registrado
      nov 2012
      Ubicación
      Argentina
      Mensajes
      17

      Re: Malware "Tutoriales100_AR_3-1.0"

      OTL logfile created on: 12/11/2012 03:22:35 a.m. - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
      Professional (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.7600.16385)
      Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

      1,86 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 58,94% Memory free
      3,73 Gb Paging File | 2,50 Gb Available in Paging File | 66,99% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 297,99 Gb Total Space | 27,10 Gb Free Space | 9,09% Space Free | Partition Type: NTFS

      Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
      PRC - C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Archivos de programa\Tutoriales100\tutoriales100_ar_3.exe ()
      PRC - C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe ()
      PRC - C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
      PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
      PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
      PRC - C:\Archivos de programa\TASA\McciTrayApp.exe (Alcatel-Lucent)
      PRC - C:\Archivos de programa\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      PRC - C:\Archivos de programa\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      PRC - C:\Archivos de programa\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.)
      PRC - C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
      PRC - C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
      PRC - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
      PRC - C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
      PRC - C:\Archivos de programa\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Sidebar\sidebar.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
      PRC - C:\Archivos de programa\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


      ========== Modules (No Company Name) ==========

      MOD - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
      MOD - C:\Archivos de programa\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
      MOD - C:\Archivos de programa\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
      MOD - C:\Archivos de programa\Tutoriales100\tutoriales100_ar_3.exe ()
      MOD - C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe ()
      MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()


      ========== Services (SafeList) ==========

      SRV - (vToolbarUpdater13.2.0) -- C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
      SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (AVGIDSAgent) -- C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
      SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (avgwd) -- C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
      SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
      SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
      SRV - (UNS) -- C:\Archivos de programa\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
      SRV - (LMS) -- C:\Archivos de programa\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
      SRV - (btwdins) -- C:\Archivos de programa\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
      SRV - (avast! Web Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
      SRV - (avast! Mail Scanner) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
      SRV - (avast! Antivirus) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
      SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
      DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
      DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
      DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
      DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
      DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
      DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
      DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
      DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
      DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
      DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
      DRV - (MRESP50) -- C:\Archivos de programa\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
      DRV - (MREMP50) -- C:\Archivos de programa\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
      DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
      DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
      DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
      DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
      DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
      DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
      DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
      DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (CamSuiteVAC) -- C:\Windows\System32\drivers\CamSuiteVAC.sys ()
      DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
      DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
      DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
      DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)


      ========== Standard Registry (All) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Portal Site
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
      IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
      IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
      IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Portal Site
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger y más en MSN Argentina, noticias, entretenimiento, deportes, videos.
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 5D 57 F6 A5 70 CC 01 [binary data]
      IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
      IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ecb8967b00000000000090a4de81fae4
      IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_es
      IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2B5C2FA9-7629-4439-87C8-BAC87692D57B}&mid=39ef8e8bd2a847d1a37e41ed988d5bd6-5bf1a87ee8f78b904f7d16089563f0d566b53187&lang=es-es&ds=AVG&pr=fr&d=2012-07-04 01:02:14&v=12.2.5.32&sap=dsp&q={searchTerms}
      IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
      IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "v9"
      FF - prefs.js..browser.search.order.1: "v9"
      FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..extensions.enabledAddons: avg@toolbar:13.2.0.5
      FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:14.0.1
      FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Ba249630f-f862-4179-b9b5-d888f66ec67b%7D&mid=39ef8e8bd2a847d1a37e41ed988d5bd6-5bf1a87ee8f78b904f7d16089563f0d566b53187&ds=AVG&v=13.2.0.5&lang=es-es&pr=fr&d=2012-07-04%2001%3A02%3A14&sap=ku&q="


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
      FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
      FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 09:22:03 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 02:33:21 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 22:44:01 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/01 00:12:06 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/24 22:44:01 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/01 00:12:06 | 000,000,000 | ---D | M]

      [2012/02/24 23:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
      [2012/10/24 19:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\k22f9u7p.default\extensions
      [2012/02/24 23:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/07/24 22:44:01 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2012/11/10 02:33:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5
      [2012/07/24 22:44:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
      [2012/11/10 02:33:01 | 000,003,575 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
      [2012/07/02 01:20:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/07/24 22:44:00 | 000,003,882 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/07/02 01:20:40 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2012/07/24 22:44:00 | 000,003,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
      [2012/07/02 01:20:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      [2012/10/02 00:09:23 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
      [2012/07/02 01:20:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/07/02 01:20:40 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: Google
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
      CHR - homepage: Google
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
      CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
      CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
      CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
      CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
      CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
      CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
      CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
      CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
      CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
      CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
      CHR - Extension: AVG Safe Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
      CHR - Extension: AVG Secure Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
      CHR - Extension: AVG Secure Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
      CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2012/10/30 01:24:41 | 000,000,929 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 genuine.microsoft.com
      O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
      O1 - Hosts: 127.0.0.1 sls.microsoft.com
      O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
      O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
      O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
      O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
      O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Barra Yahoo! con bloqueador de ventanas emergentes) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
      O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
      O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
      O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
      O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
      O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
      O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
      O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
      O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [NeroFilterCheck] C:\Archivos de programa\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
      O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
      O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
      O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
      O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
      O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
      O4 - HKLM..\Run: [TASA_McciTrayApp] C:\Program Files\TASA\McciTrayApp.exe (Alcatel-Lucent)
      O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
      O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
      O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
      O4 - HKCU..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
      O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      O4 - HKCU..\Run: [Facebook Update] C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
      O4 - HKCU..\Run: [Google Update] C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
      O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
      O4 - HKLM..\RunOnce: [UpdTuto100SlmbaHP.exe] C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe ()
      O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Archivos de programa\ERUNT\AUTOBACK.EXE ()
      O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefonica.lnk = C:\Archivos de programa\Telefonica\InstaladorModems\version.exe (Telefonica)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
      O8 - Extra context menu item: Buscar en la web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
      O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
      O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
      O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra Button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Common Files\microsoft shared\Encarta Researcher\EROPROJ.DLL (Microsoft Corporation)
      O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4D33D6B-E48E-4D5E-B442-9FCF1CB3FE46}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4D33D6B-E48E-4D5E-B442-9FCF1CB3FE46}: NameServer = 200.69.193.1,200.69.193.2
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F29CC0-9B9F-492B-9C4C-43AA07383348}: DhcpNameServer = 200.42.4.207 200.49.130.44
      O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Archivos de programa\Common Files\microsoft shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Archivos de programa\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
      O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Archivos de programa\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
      O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O33 - MountPoints2\{11fa0add-dd4b-11e0-bf75-90a4de69b225}\Shell - "" = AutoRun
      O33 - MountPoints2\{11fa0add-dd4b-11e0-bf75-90a4de69b225}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
      O33 - MountPoints2\{1462da17-a094-11e1-bd88-90a4de69b225}\Shell - "" = AutoRun
      O33 - MountPoints2\{1462da17-a094-11e1-bd88-90a4de69b225}\Shell\AutoRun\command - "" = E:\setup.exe
      O33 - MountPoints2\{8bc0bb6d-17cb-11e2-8be1-e8113271a7c8}\Shell - "" = AutoRun
      O33 - MountPoints2\{8bc0bb6d-17cb-11e2-8be1-e8113271a7c8}\Shell\AutoRun\command - "" = F:\Setup.exe
      O33 - MountPoints2\{d90f39c7-db82-11e0-95d3-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{d90f39c7-db82-11e0-95d3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/11/12 03:12:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
      [2012/11/12 03:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
      [2012/11/12 03:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
      [2012/11/12 02:48:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
      [2012/11/11 23:05:45 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/11/11 21:28:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
      [2012/11/11 21:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
      [2012/11/11 21:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
      [2012/11/11 21:28:35 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
      [2012/11/11 21:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
      [2012/11/11 20:06:53 | 000,000,000 | ---D | C] -- C:\regbackup
      [2012/11/11 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\kill
      [2012/11/09 01:19:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C37C8470-90E0-4D6B-B50A-6ABFB077DB6A}
      [2012/11/07 17:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\dfgh
      [2012/11/04 22:48:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3200DFEC-C321-4D40-A559-DB6FD3843EBF}
      [2012/11/03 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Milestone
      [2012/11/03 10:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WRC 3
      [2012/11/03 09:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\MILESTONE
      [2012/11/03 09:15:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\rallyyy
      [2012/10/31 00:02:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\W8
      [2012/10/29 22:36:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8F39E697-2D0E-4542-BD1B-E3DB782C88F8}
      [2012/10/25 01:32:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\tutoriales100_ar_3
      [2012/10/25 01:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Tutoriales100
      [2012/10/24 19:34:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\tandil
      [2012/10/22 19:02:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Nueva carpeta (3)
      [2012/10/18 10:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
      [2012/10/17 19:01:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Nueva carpeta (2)
      [2012/10/17 01:28:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlas
      [2012/10/17 01:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas
      [2012/10/17 01:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Atlas
      [2012/10/17 01:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education
      [2012/10/17 01:21:27 | 000,000,000 | ---D | C] -- C:\Windows\Vbox
      [2012/10/17 00:56:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogicCircuit
      [2012/10/17 00:20:48 | 000,559,024 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v12.1.1.ocx
      [2012/10/17 00:20:48 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
      [2012/10/17 00:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All2WAV Recorder
      [2012/10/17 00:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\All2WAV Recorder
      [2012/10/16 22:22:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\gram5
      [2012/10/16 21:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Analyser
      [2012/10/16 21:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\SillanumSoft
      [2012/10/16 21:38:19 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
      [2012/10/16 17:09:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Nueva carpeta
      [2012/10/13 22:04:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\SubtitleWorkshop4
      [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2012/11/12 03:11:26 | 000,001,078 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
      [2012/11/12 03:00:31 | 000,000,898 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
      [2012/11/12 03:00:31 | 000,000,879 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
      [2012/11/12 02:54:43 | 000,009,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/11/12 02:54:43 | 000,009,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/11/12 02:49:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/11/12 02:48:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
      [2012/11/12 02:44:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1228348648-3305000703-4058008310-1000UA.job
      [2012/11/12 00:51:10 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1228348648-3305000703-4058008310-1000UA.job
      [2012/11/12 00:44:25 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1228348648-3305000703-4058008310-1000Core.job
      [2012/11/11 23:11:21 | 099,983,257 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
      [2012/11/11 23:04:01 | 000,516,139 | ---- | M] () -- C:\Users\Admin\Desktop\AT-Destroyer (1).exe
      [2012/11/11 22:52:15 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/11/11 22:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/11/11 22:51:58 | 1500,954,624 | -HS- | M] () -- C:\hiberfil.sys
      [2012/11/11 21:28:40 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/11 20:03:30 | 000,703,840 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/11/11 20:03:30 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/11/11 20:03:30 | 000,137,806 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/11/11 20:03:30 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/11/11 18:51:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1228348648-3305000703-4058008310-1000Core.job
      [2012/11/10 02:32:57 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
      [2012/11/07 17:06:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
      [2012/11/03 10:16:30 | 000,001,478 | ---- | M] () -- C:\Users\Admin\Desktop\WRC3 - Acceso directo.lnk
      [2012/11/03 10:06:24 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\WRC3.lnk
      [2012/11/02 17:43:24 | 000,205,219 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
      [2012/11/02 02:51:00 | 000,616,777 | ---- | M] () -- C:\Users\Admin\Desktop\glusidos.pdf
      [2012/11/02 02:46:47 | 002,696,861 | ---- | M] () -- C:\Users\Admin\Desktop\tema07.pdf
      [2012/10/30 01:24:41 | 000,000,929 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
      [2012/10/30 01:24:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2012/10/30 01:24:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2012/10/29 17:54:25 | 000,001,232 | ---- | M] () -- C:\Users\Admin\Desktop\W8 (2).lnk
      [2012/10/25 20:34:16 | 000,001,617 | ---- | M] () -- C:\Users\Admin\Desktop\MIDway_2.8 - Acceso directo.lnk
      [2012/10/22 22:12:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
      [2012/10/22 22:12:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
      [2012/10/17 01:42:03 | 000,372,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2012/10/17 00:20:49 | 000,000,950 | ---- | M] () -- C:\Users\Admin\Desktop\All2WAV Recorde.lnk
      [2012/10/17 00:20:23 | 002,475,131 | ---- | M] ( ) -- C:\Users\Admin\Desktop\awsetup.exe
      [2012/10/16 21:42:51 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Visual Analyser 2011.lnk
      [2012/10/15 19:29:12 | 004,057,504 | ---- | M] () -- C:\Users\Admin\Desktop\PA150096.JPG
      [2012/10/13 22:21:59 | 000,058,570 | ---- | M] () -- C:\Users\Admin\Desktop\ice.4.DVDRip.by.srt
      [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/11/12 03:11:26 | 000,001,078 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
      [2012/11/12 03:00:31 | 000,000,898 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
      [2012/11/12 03:00:31 | 000,000,879 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
      [2012/11/11 23:05:45 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/11/11 23:05:45 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/11/11 23:05:45 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/11/11 23:03:42 | 000,516,139 | ---- | C] () -- C:\Users\Admin\Desktop\AT-Destroyer (1).exe
      [2012/11/11 21:28:40 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
      [2012/11/07 17:06:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
      [2012/11/03 10:16:30 | 000,001,478 | ---- | C] () -- C:\Users\Admin\Desktop\WRC3 - Acceso directo.lnk
      [2012/11/03 10:06:24 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\WRC3.lnk
      [2012/11/02 02:51:00 | 000,616,777 | ---- | C] () -- C:\Users\Admin\Desktop\glusidos.pdf
      [2012/11/02 02:46:46 | 002,696,861 | ---- | C] () -- C:\Users\Admin\Desktop\tema07.pdf
      [2012/10/30 01:24:02 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
      [2012/10/30 01:24:02 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
      [2012/10/23 04:41:55 | 000,001,232 | ---- | C] () -- C:\Users\Admin\Desktop\W8 (2).lnk
      [2012/10/23 01:05:56 | 000,001,617 | ---- | C] () -- C:\Users\Admin\Desktop\MIDway_2.8 - Acceso directo.lnk
      [2012/10/22 22:12:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
      [2012/10/22 22:12:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
      [2012/10/17 00:20:49 | 000,000,950 | ---- | C] () -- C:\Users\Admin\Desktop\All2WAV Recorde.lnk
      [2012/10/17 00:19:22 | 002,475,131 | ---- | C] ( ) -- C:\Users\Admin\Desktop\awsetup.exe
      [2012/10/16 21:42:51 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Visual Analyser 2011.lnk
      [2012/10/15 19:32:03 | 004,057,504 | ---- | C] () -- C:\Users\Admin\Desktop\PA150096.JPG
      [2012/10/13 22:21:59 | 000,058,570 | ---- | C] () -- C:\Users\Admin\Desktop\ice.4.DVDRip.by.srt
      [2012/09/30 01:02:17 | 000,004,943 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
      [2012/05/22 19:43:19 | 000,000,001 | ---- | C] () -- C:\Users\Admin\AppData\Local\llftool.4.25.agreement
      [2012/03/09 15:13:55 | 000,000,173 | ---- | C] () -- C:\Users\Admin\AppData\Local\msmathematics.qat.Admin
      [2011/11/18 18:14:06 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CA8EBFCC95.sys
      [2011/11/18 18:14:05 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
      [2011/10/14 11:44:03 | 000,037,560 | ---- | C] () -- C:\Windows\System32\drivers\CamSuiteVAC.sys
      [2011/09/29 14:01:27 | 000,007,621 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
      [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
      [2011/09/22 23:51:08 | 000,183,909 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
      [2011/09/22 23:51:08 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
      [2011/09/22 23:50:51 | 000,183,909 | ---- | C] () -- C:\Windows\hpoins21.dat
      [2011/09/11 07:07:23 | 000,018,944 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2011/09/10 06:50:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011/09/10 06:36:30 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
      [2011/09/10 06:36:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
      [2011/09/10 06:36:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
      [2011/09/10 06:36:29 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
      [2011/09/10 06:16:32 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
      [2011/09/10 06:14:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
      [2011/01/13 22:09:22 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
      [2011/01/13 22:09:21 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
      [2011/01/13 22:09:21 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

      ========== ZeroAccess Check ==========

      [2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 11:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2011/12/15 17:51:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
      [2012/06/08 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Balabolka
      [2012/10/02 02:26:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Beauty
      [2011/12/12 18:35:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BlackBean
      [2012/03/06 00:00:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation
      [2012/09/30 01:00:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Carambis
      [2012/05/18 02:26:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
      [2012/11/03 10:17:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Milestone
      [2011/09/23 1939 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyHeritage
      [2012/10/01 23:36:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhotoScape
      [2011/09/12 23:23:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\RegistryKeys
      [2012/10/16 16:42:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
      [2012/05/21 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

      ========== Purity Check ==========



      < End of report >

    2. #12
      Usuario Avatar de damian_3489
      Registrado
      nov 2012
      Ubicación
      Argentina
      Mensajes
      17

      Re: Malware "Tutoriales100_AR_3-1.0"

      ya ejecute el OTL m@co cual es el siguiente paso?? "Tutoriales100_AR_3-1.0" sigue en la lista de programas, en el panel de control. De todas formas lo importante que las ventanas no se abrieron mas!
      Última edición por damian_3489 fecha: 12/11/12 a las 01:58:15

    3. #13
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.668

      Re: Malware "Tutoriales100_AR_3-1.0"

      Hola.

      Realice lo siguiente:

      1. Descarga y usa los desinstaladores de Avast y McAfee.

      2. Sombree el contenido del siguiente recuadro (excepto la palabra código), luego haga clic derecho con el ratón > Copiar.
        Código:
        :OTL
        PRC - C:\Archivos de programa\Tutoriales100\tutoriales100_ar_3.exe ()
        PRC - C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe ()
        MOD - C:\Archivos de programa\Tutoriales100\tutoriales100_ar_3.exe ()
        MOD - C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe ()
        IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
        IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
        IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
        IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
        IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.v9.com/web/?q={searchTerms}
        IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ecb8967b00000000000090a4de81fae4
        IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2B5C2FA9-7629-4439-87C8-BAC87692D57B}&mid=39ef8e8bd2a847d1a37e41ed988d5bd6-5bf1a87ee8f78b904f7d16089563f0d566b53187&lang=es-es&ds=AVG&pr=fr&d=2012-07-04 01:02:14&v=12.2.5.32&sap=dsp&q={searchTerms}
        IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
        IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
        FF - prefs.js..browser.search.defaultenginename: "v9"
        FF - prefs.js..browser.search.order.1: "v9"
        [2012/10/02 00:09:23 | 000,000,402 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
        O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
        O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
        O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
        O4 - HKLM..\RunOnce: [UpdTuto100SlmbaHP.exe] C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe ()
        O8 - Extra context menu item: Buscar en la web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
        [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
        
        :files
        C:\Users\Admin\AppData\Local\tutoriales100_ar_3 /s
        C:\Program Files\Tutoriales100 /s
        
        
        :commands
        [emptytemp]
        [createrestorepoint]
      3. Ejecutar OTL.exe
        • Clic derecho con el ratón bajo la casilla Análisis Personalizados/Código de Reparación > Pegar.
        • Luego haga clic en el botón Reparar ubicado en la parte superior.
        • Deje que el programa se ejecute sin trabas, reinicie cuando lo pida hacer.
        • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.



      4. Descargue UsbFix By El Desaparecido C_XX a tu escritorio y lo ejecuta de este modo:
        1. Conecte todos sus dispositivos extraibles, Pendrive\Micro SD, etc.
        2. Haga doble Click sobre USBFix
        3. Pulse sobre la opción Supresión
        4. Aparecerá una advertencia para que conecte sus USB, pulse en Aceptar y proceso de desinfección/vacunación se iniciará.
        5. Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
        6. Al finalizar, USBFix genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt debe pegar su contenido en el próximo mensaje
        Nota UsbFix creará una carpeta oculta llamada "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones.



      Nos comenta los resultados.

      Saludos.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    4. #14
      Usuario Avatar de damian_3489
      Registrado
      nov 2012
      Ubicación
      Argentina
      Mensajes
      17

      Re: Malware "Tutoriales100_AR_3-1.0"

      aquí lo del OTL

      All processes killed
      ========== OTL ==========
      No active process named tutoriales100_ar_3.exe was found!
      No active process named UpdTuto100SlmbaHP.exe was found!
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ deleted successfully.
      C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll moved successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
      Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
      File C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
      Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
      Prefs.js: "v9" removed from browser.search.defaultenginename
      Prefs.js: "v9" removed from browser.search.order.1
      C:\Archivos de programa\Mozilla Firefox\searchplugins\v9.xml moved successfully.
      Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
      File C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll not found.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
      File C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll not found.
      Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CD90BF73-20F6-44EF-993D-BB920303BD2E} deleted successfully.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}\ not found.
      File C:\Archivos de programa\Veoh_Web_Player\prxtbVeoh.dll not found.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\UpdTuto100SlmbaHP.exe deleted successfully.
      C:\Users\Admin\AppData\Local\tutoriales100_ar_3\UpdTuto100SlmbaHP.exe moved successfully.
      Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Buscar en la web\ deleted successfully.
      C:\Windows\System32\tmp8393.tmp deleted successfully.
      C:\Windows\System32\tmp8394.tmp deleted successfully.
      C:\Windows\System32\tmpE502.tmp deleted successfully.
      C:\Windows\System32\tmpE551.tmp deleted successfully.
      ========== FILES ==========
      C:\Users\Admin\AppData\Local\tutoriales100_ar_3\tutoriales100_ar_3\1.0 folder moved successfully.
      C:\Users\Admin\AppData\Local\tutoriales100_ar_3\tutoriales100_ar_3 folder moved successfully.
      C:\Users\Admin\AppData\Local\tutoriales100_ar_3 folder moved successfully.
      C:\Program Files\Tutoriales100 folder moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: Admin
      ->Temp folder emptied: 249901 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes
      ->FireFox cache emptied: 65060623 bytes
      ->Google Chrome cache emptied: 9901293 bytes
      ->Flash cache emptied: 0 bytes

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 180991003 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 244,00 mb

      Restore point Set: OTL Restore Point

      OTL by OldTimer - Version 3.2.69.0 log created on 11122012_135618

      Files\Folders moved on Reboot...

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...

    5. #15
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.668

      Re: Malware "Tutoriales100_AR_3-1.0"

      Dale doble clic a OTL.exe y luego pulsa en Limpiar.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #16
      Usuario Avatar de damian_3489
      Registrado
      nov 2012
      Ubicación
      Argentina
      Mensajes
      17

      Re: Malware "Tutoriales100_AR_3-1.0"

      No pude que UsbFix termine el proceso, se tilda... El OTL si lo pude limpiar...

      Algunos programas que tenia dejaron de funcionar, pero eso no me interesa demasiado ya que se soluciono el problema de las ventanas emergentes y la computadora la noto un poco mas rápida...

      Tutoriales100 sigue en la lista de configuraciones, se le podrá dar a desinstalar?

    7. #17
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.668

      Re: Malware "Tutoriales100_AR_3-1.0"

      Hola.


      .- Elimínalo de esa lista.

      .- Usa Glary Utlities para optimizar el sistema.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de damian_3489
      Registrado
      nov 2012
      Ubicación
      Argentina
      Mensajes
      17

      Re: Malware "Tutoriales100_AR_3-1.0"

      hola! ya optimice el sistema con Glary Utlities! excelente programa..

    9. #19
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.668

      Re: Malware "Tutoriales100_AR_3-1.0"

      Hola.

      ¿Se solucionaron los problemas del Pc?.

      Saludos.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    10. #20
      Usuario Avatar de damian_3489
      Registrado
      nov 2012
      Ubicación
      Argentina
      Mensajes
      17

      Re: Malware "Tutoriales100_AR_3-1.0"

      Si, se solucionaron! la verdad muy agradecido, no se como no me entere antes de este foro, muy bueno
      muchas gracias M@co!